Search

Find a vulnerability

Search criteria

    1458 vulnerabilities by broadcom

    CVE-2026-41708 (GCVE-0-2026-41708)

    Vulnerability from nvd – Published: 2026-06-15 18:54 – Updated: 2026-06-15 20:06
    VLAI
    Title
    Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability
    Summary
    In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled. Affected versions: Spring Cloud Sleuth 3.1.0 through 3.1.13.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Cloud Sleuth Affected: 3.1.0 , < 3.1.14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41708",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T20:06:15.787096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-15T20:06:25.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Cloud Sleuth",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "3.1.14",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled.\n\nAffected versions:\nSpring Cloud Sleuth 3.1.0 through 3.1.13."
                }
              ],
              "value": "In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled.\n\nAffected versions:\nSpring Cloud Sleuth 3.1.0 through 3.1.13."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Per CVSS v3.1: Availability HIGH."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T18:54:42.292Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41708"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41708",
        "datePublished": "2026-06-15T18:54:42.292Z",
        "dateReserved": "2026-04-22T06:21:34.490Z",
        "dateUpdated": "2026-06-15T20:06:25.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11626 (GCVE-0-2026-11626)

    Vulnerability from nvd – Published: 2026-06-10 18:47 – Updated: 2026-06-12 03:55
    VLAI
    Title
    Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool
    Summary
    CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with unnecessary privileges
    Assigner
    References
    Impacted products
    Credits
    Kun Peeks (@SwayZGl1tZyyy)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11626",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T03:55:24.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "MacOS"
              ],
              "product": "Symantec Endpoint Protection CleanWipe Removal Tool",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "16.0.0.65"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kun Peeks (@SwayZGl1tZyyy)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CleanWipe Removal Tool (macOS), prior to 16.0.0.65,\u0026nbsp;may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control."
                }
              ],
              "value": "CleanWipe Removal Tool (macOS), prior to 16.0.0.65,\u00a0may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with unnecessary privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:47:21.628Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37625"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2026-11626",
        "datePublished": "2026-06-10T18:47:21.628Z",
        "dateReserved": "2026-06-08T21:23:16.962Z",
        "dateUpdated": "2026-06-12T03:55:24.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11815 (GCVE-0-2026-11815)

    Vulnerability from nvd – Published: 2026-06-10 06:39 – Updated: 2026-06-10 14:42
    VLAI
    Title
    Insecure Deserialization via MITM in Layer 7 Policy Manager
    Summary
    An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of untrusted data
    Assigner
    References
    Impacted products
    Credits
    UWV
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T14:42:32.420972Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T14:42:44.513Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Policy Manager"
              ],
              "product": "Layer 7 API Gateway",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "UWV"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution."
                }
              ],
              "value": "An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of untrusted data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T06:39:26.498Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37631"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Deserialization via MITM in Layer 7 Policy Manager",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2026-11815",
        "datePublished": "2026-06-10T06:39:26.498Z",
        "dateReserved": "2026-06-09T16:10:09.362Z",
        "dateUpdated": "2026-06-10T14:42:44.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41721 (GCVE-0-2026-41721)

    Vulnerability from nvd – Published: 2026-06-09 23:48 – Updated: 2026-06-30 21:43
    VLAI
    Title
    Spring Data Commons Denial of Service via Data Binding
    Summary
    Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Data Commons Affected: 4.0.0 , < 4.0.5.1 (custom)
    Affected: 3.5.0 , < 3.5.11.1 (custom)
    Affected: 3.4.0 , < 3.4.15 (custom)
    Affected: 3.3.0 , < 3.3.17 (custom)
    Affected: 3.2.0 , < 3.2.16 (custom)
    Affected: 3.1.0 , < 3.1.15 (custom)
    Affected: 3.0.0 , < 3.0.16 (custom)
    Affected: 2.7.0 , < 2.7.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41721",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T17:41:58.871607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T17:43:00.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Data Commons",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "4.0.5.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.11.1",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.15",
                  "status": "affected",
                  "version": "3.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.3.17",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.16",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.15",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.16",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.7.20",
                  "status": "affected",
                  "version": "2.7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
                }
              ],
              "value": "Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker can send a specially crafted HTTP request to a Spring Data Web @ProjectedPayload endpoint to cause excessive memory allocation and denial of service."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T21:43:34.945Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41721"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Spring Data Commons Denial of Service via Data Binding",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41721",
        "datePublished": "2026-06-09T23:48:47.132Z",
        "dateReserved": "2026-04-22T06:21:37.021Z",
        "dateUpdated": "2026-06-30T21:43:34.945Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41716 (GCVE-0-2026-41716)

    Vulnerability from nvd – Published: 2026-06-09 23:48 – Updated: 2026-06-30 21:39
    VLAI
    Title
    Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names
    Summary
    Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Data Commons Affected: 2.7.0 , < 2.7.20 (custom)
    Affected: 3.3.0 , < 3.3.17 (custom)
    Affected: 3.4.0 , < 3.4.15 (custom)
    Affected: 3.5.0 , < 3.5.11.1 (custom)
    Affected: 4.0.0 , < 4.0.5.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T12:50:22.403656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T12:50:44.106Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Data Commons",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "2.7.20",
                  "status": "affected",
                  "version": "2.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.3.17",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.15",
                  "status": "affected",
                  "version": "3.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.11.1",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.5.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Spring Data\u0027s internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5."
                }
              ],
              "value": "Spring Data\u0027s internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker who can forward HTTP-supplied strings to PropertyPath.from can permanently grow the internal property-lookup cache without bound, exhausting heap memory and causing denial of service."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T21:39:45.337Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41716"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41716",
        "datePublished": "2026-06-09T23:48:20.282Z",
        "dateReserved": "2026-04-22T06:21:37.020Z",
        "dateUpdated": "2026-06-30T21:39:45.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41711 (GCVE-0-2026-41711)

    Vulnerability from nvd – Published: 2026-06-09 23:48 – Updated: 2026-06-27 21:34
    VLAI
    Title
    Potential Denial of Service through crafted Sort Parameters
    Summary
    Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Data Commons Affected: 4.0.0 , < 4.0.5.1 (custom)
    Affected: 3.5.0 , < 3.5.11.1 (custom)
    Affected: 3.4.0 , < 3.4.15 (custom)
    Affected: 3.3.0 , < 3.3.17 (custom)
    Affected: 3.2.0 , < 3.2.16 (custom)
    Affected: 3.1.0 , < 3.1.15 (custom)
    Affected: 3.0.0 , < 3.0.16 (custom)
    Affected: 2.7.0 , < 2.7.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T13:02:19.970074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:02:26.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Data Commons",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "4.0.5.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.11.1",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.15",
                  "status": "affected",
                  "version": "3.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.3.17",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.16",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.15",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.16",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.7.20",
                  "status": "affected",
                  "version": "2.7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
                }
              ],
              "value": "Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker who can supply crafted Sort parameters to an exposed Spring Data Commons endpoint can trigger a StackOverflowException, causing denial of service."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T21:34:42.920Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41711"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Potential Denial of Service through crafted Sort Parameters",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41711",
        "datePublished": "2026-06-09T23:48:12.215Z",
        "dateReserved": "2026-04-22T06:21:34.490Z",
        "dateUpdated": "2026-06-27T21:34:42.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41695 (GCVE-0-2026-41695)

    Vulnerability from nvd – Published: 2026-06-09 23:47 – Updated: 2026-06-27 21:31
    VLAI
    Title
    Denial of Service in Spring Data Commons Property Path Resolution
    Summary
    Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Data Commons Affected: 4.0.0 , < 4.0.5.1 (custom)
    Affected: 3.5.0 , < 3.5.11.1 (custom)
    Affected: 3.4.0 , < 3.4.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T17:55:11.129479Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:00:18.874Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Data Commons",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "4.0.5.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.11.1",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.15",
                  "status": "affected",
                  "version": "3.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14."
                }
              ],
              "value": "Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker who can supply attacker-controlled property path strings to MappingContext property path resolution can trigger resource exhaustion and denial of service."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T21:31:50.685Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41695"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service in Spring Data Commons Property Path Resolution",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41695",
        "datePublished": "2026-06-09T23:47:33.927Z",
        "dateReserved": "2026-04-22T06:21:22.981Z",
        "dateUpdated": "2026-06-27T21:31:50.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41008 (GCVE-0-2026-41008)

    Vulnerability from nvd – Published: 2026-06-09 23:47 – Updated: 2026-06-27 21:30
    VLAI
    Title
    Spring Security Authorization Server Open Redirect via request_uri
    Summary
    Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability. Affected versions: Spring Security 7.0.0 through 7.0.5. Spring Authorization Server 1.5.0 through 1.5.7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site (Open Redirect)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Security Affected: 7.0.0 , < 7.0.5.1 (custom)
    Create a notification for this product.
    Spring Spring Authorization Server Affected: 1.5.0 , < 1.5.7.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41008",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:07:02.878770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:07:24.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Security",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "7.0.5.1",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Spring Authorization Server",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "1.5.7.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Spring Security Authorization Server\u0027s authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5.\nSpring Authorization Server 1.5.0 through 1.5.7."
                }
              ],
              "value": "Spring Security Authorization Server\u0027s authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5.\nSpring Authorization Server 1.5.0 through 1.5.7."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker can craft a malicious authorization request with an invalid request_uri and an unvalidated redirect_uri to cause an open redirect in Spring Security Authorization Server."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (Open Redirect)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T21:30:17.016Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41008"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Spring Security Authorization Server Open Redirect via request_uri",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41008",
        "datePublished": "2026-06-09T23:47:07.292Z",
        "dateReserved": "2026-04-16T02:19:16.426Z",
        "dateUpdated": "2026-06-27T21:30:17.016Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44839 (GCVE-0-2026-44839)

    Vulnerability from nvd – Published: 2026-05-27 15:07 – Updated: 2026-05-27 15:47
    VLAI
    Title
    RabbitMQ: Unsanitized vhost names allow for XSS in management UI
    Summary
    RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    rabbitmq rabbitmq-server Affected: >= 3.7.0, < 4.0.13
    Affected: >= 4.1.0-alpha, < 4.1.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T15:46:43.083359Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T15:47:11.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "rabbitmq-server",
              "vendor": "rabbitmq",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.7.0, \u003c 4.0.13"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 4.1.0-alpha, \u003c 4.1.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13,  This vulnerability is fixed in 4.1.2 and 4.0.13."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:07:10.366Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-fh5r-jpm3-fjwp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-fh5r-jpm3-fjwp"
            },
            {
              "name": "https://github.com/rabbitmq/rabbitmq-server/commit/7f54319279d1ece161ae0b4cdc6f0e58a4045eb5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rabbitmq/rabbitmq-server/commit/7f54319279d1ece161ae0b4cdc6f0e58a4045eb5"
            }
          ],
          "source": {
            "advisory": "GHSA-fh5r-jpm3-fjwp",
            "discovery": "UNKNOWN"
          },
          "title": "RabbitMQ: Unsanitized vhost names allow for XSS in management UI"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44839",
        "datePublished": "2026-05-27T15:07:10.366Z",
        "dateReserved": "2026-05-07T21:21:48.352Z",
        "dateUpdated": "2026-05-27T15:47:11.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44838 (GCVE-0-2026-44838)

    Vulnerability from nvd – Published: 2026-05-27 15:03 – Updated: 2026-05-28 14:31
    VLAI
    Title
    RabbitMQ MQTT Topic Permission Authorization Bypass
    Summary
    RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to topics that include their client ID. However, the client_id is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    rabbitmq rabbitmq-server Affected: >= 4.2.0, < 4.2.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T14:30:53.473259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T14:31:11.075Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "rabbitmq-server",
              "vendor": "rabbitmq",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.2.0, \u003c 4.2.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ\u0027s MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to topics that include their client ID. However, the client_id is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:03:57.467Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-x866-xp2g-cx8v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-x866-xp2g-cx8v"
            }
          ],
          "source": {
            "advisory": "GHSA-x866-xp2g-cx8v",
            "discovery": "UNKNOWN"
          },
          "title": "RabbitMQ MQTT Topic Permission Authorization Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44838",
        "datePublished": "2026-05-27T15:03:57.467Z",
        "dateReserved": "2026-05-07T21:21:48.352Z",
        "dateUpdated": "2026-05-28T14:31:11.075Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8370 (GCVE-0-2026-8370)

    Vulnerability from nvd – Published: 2026-05-19 18:42 – Updated: 2026-05-19 19:30
    VLAI
    Title
    Automic Automation Agent Unix privilege escalation
    Summary
    Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This issue affects Automic Automation: < 24.4.4 HF1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with unnecessary privileges
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom Automic Automation Affected: < 24.4.4 HF1 (custom)
    Unaffected: 24.4.4 HF1 or later
    Unaffected: 26.0.0
    Create a notification for this product.
    Date Public
    2026-05-19 17:00
    Credits
    David Suchy, Citadelo (citadelo.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T19:30:47.783803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T19:30:57.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Agent Unix",
              "platforms": [
                "Linux x64",
                "Linux Power 64 BE",
                "Linux Power 64 LE",
                "zLinux (zSeries)",
                "AIX",
                "Solaris x64",
                "Solaris Sparc 64"
              ],
              "product": "Automic Automation",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 24.4.4 HF1",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.4.4 HF1 or later"
                },
                {
                  "status": "unaffected",
                  "version": "26.0.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_x64:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_be:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_le:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:zlinux_zseries_:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:aix:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_x64:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_sparc_64:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_be:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_le:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:zlinux_zseries_:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:aix:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_sparc_64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_be:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_le:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:zlinux_zseries_:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:aix:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_sparc_64:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Suchy, Citadelo (citadelo.com)"
            }
          ],
          "datePublic": "2026-05-19T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\u003cp\u003eThis issue affects Automic Automation: \u0026lt; 24.4.4 HF1.\u003c/p\u003e"
                }
              ],
              "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\n\nThis issue affects Automic Automation: \u003c 24.4.4 HF1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            },
            {
              "capecId": "CAPEC-69",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-69 Target Programs with Elevated Privileges"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with unnecessary privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T18:42:00.155Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37512"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Automic Automation Agent Unix privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2026-8370",
        "datePublished": "2026-05-19T18:42:00.155Z",
        "dateReserved": "2026-05-11T23:42:14.037Z",
        "dateUpdated": "2026-05-19T19:30:57.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41708 (GCVE-0-2026-41708)

    Vulnerability from cvelistv5 – Published: 2026-06-15 18:54 – Updated: 2026-06-15 20:06
    VLAI
    Title
    Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability
    Summary
    In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled. Affected versions: Spring Cloud Sleuth 3.1.0 through 3.1.13.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Cloud Sleuth Affected: 3.1.0 , < 3.1.14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41708",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T20:06:15.787096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-15T20:06:25.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Cloud Sleuth",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "3.1.14",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled.\n\nAffected versions:\nSpring Cloud Sleuth 3.1.0 through 3.1.13."
                }
              ],
              "value": "In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled.\n\nAffected versions:\nSpring Cloud Sleuth 3.1.0 through 3.1.13."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Per CVSS v3.1: Availability HIGH."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T18:54:42.292Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41708"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41708",
        "datePublished": "2026-06-15T18:54:42.292Z",
        "dateReserved": "2026-04-22T06:21:34.490Z",
        "dateUpdated": "2026-06-15T20:06:25.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11626 (GCVE-0-2026-11626)

    Vulnerability from cvelistv5 – Published: 2026-06-10 18:47 – Updated: 2026-06-12 03:55
    VLAI
    Title
    Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool
    Summary
    CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with unnecessary privileges
    Assigner
    References
    Impacted products
    Credits
    Kun Peeks (@SwayZGl1tZyyy)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11626",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T03:55:24.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "MacOS"
              ],
              "product": "Symantec Endpoint Protection CleanWipe Removal Tool",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "16.0.0.65"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kun Peeks (@SwayZGl1tZyyy)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CleanWipe Removal Tool (macOS), prior to 16.0.0.65,\u0026nbsp;may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control."
                }
              ],
              "value": "CleanWipe Removal Tool (macOS), prior to 16.0.0.65,\u00a0may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with unnecessary privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T18:47:21.628Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37625"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2026-11626",
        "datePublished": "2026-06-10T18:47:21.628Z",
        "dateReserved": "2026-06-08T21:23:16.962Z",
        "dateUpdated": "2026-06-12T03:55:24.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11815 (GCVE-0-2026-11815)

    Vulnerability from cvelistv5 – Published: 2026-06-10 06:39 – Updated: 2026-06-10 14:42
    VLAI
    Title
    Insecure Deserialization via MITM in Layer 7 Policy Manager
    Summary
    An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of untrusted data
    Assigner
    References
    Impacted products
    Credits
    UWV
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T14:42:32.420972Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T14:42:44.513Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Policy Manager"
              ],
              "product": "Layer 7 API Gateway",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "UWV"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution."
                }
              ],
              "value": "An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of untrusted data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T06:39:26.498Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37631"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Deserialization via MITM in Layer 7 Policy Manager",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2026-11815",
        "datePublished": "2026-06-10T06:39:26.498Z",
        "dateReserved": "2026-06-09T16:10:09.362Z",
        "dateUpdated": "2026-06-10T14:42:44.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41721 (GCVE-0-2026-41721)

    Vulnerability from cvelistv5 – Published: 2026-06-09 23:48 – Updated: 2026-06-30 21:43
    VLAI
    Title
    Spring Data Commons Denial of Service via Data Binding
    Summary
    Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Data Commons Affected: 4.0.0 , < 4.0.5.1 (custom)
    Affected: 3.5.0 , < 3.5.11.1 (custom)
    Affected: 3.4.0 , < 3.4.15 (custom)
    Affected: 3.3.0 , < 3.3.17 (custom)
    Affected: 3.2.0 , < 3.2.16 (custom)
    Affected: 3.1.0 , < 3.1.15 (custom)
    Affected: 3.0.0 , < 3.0.16 (custom)
    Affected: 2.7.0 , < 2.7.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41721",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T17:41:58.871607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T17:43:00.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Data Commons",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "4.0.5.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.11.1",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.15",
                  "status": "affected",
                  "version": "3.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.3.17",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.16",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.15",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.16",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.7.20",
                  "status": "affected",
                  "version": "2.7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
                }
              ],
              "value": "Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker can send a specially crafted HTTP request to a Spring Data Web @ProjectedPayload endpoint to cause excessive memory allocation and denial of service."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T21:43:34.945Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41721"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Spring Data Commons Denial of Service via Data Binding",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41721",
        "datePublished": "2026-06-09T23:48:47.132Z",
        "dateReserved": "2026-04-22T06:21:37.021Z",
        "dateUpdated": "2026-06-30T21:43:34.945Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41716 (GCVE-0-2026-41716)

    Vulnerability from cvelistv5 – Published: 2026-06-09 23:48 – Updated: 2026-06-30 21:39
    VLAI
    Title
    Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names
    Summary
    Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Data Commons Affected: 2.7.0 , < 2.7.20 (custom)
    Affected: 3.3.0 , < 3.3.17 (custom)
    Affected: 3.4.0 , < 3.4.15 (custom)
    Affected: 3.5.0 , < 3.5.11.1 (custom)
    Affected: 4.0.0 , < 4.0.5.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T12:50:22.403656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T12:50:44.106Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Data Commons",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "2.7.20",
                  "status": "affected",
                  "version": "2.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.3.17",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.15",
                  "status": "affected",
                  "version": "3.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.11.1",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.5.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Spring Data\u0027s internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5."
                }
              ],
              "value": "Spring Data\u0027s internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker who can forward HTTP-supplied strings to PropertyPath.from can permanently grow the internal property-lookup cache without bound, exhausting heap memory and causing denial of service."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T21:39:45.337Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41716"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41716",
        "datePublished": "2026-06-09T23:48:20.282Z",
        "dateReserved": "2026-04-22T06:21:37.020Z",
        "dateUpdated": "2026-06-30T21:39:45.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41711 (GCVE-0-2026-41711)

    Vulnerability from cvelistv5 – Published: 2026-06-09 23:48 – Updated: 2026-06-27 21:34
    VLAI
    Title
    Potential Denial of Service through crafted Sort Parameters
    Summary
    Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Data Commons Affected: 4.0.0 , < 4.0.5.1 (custom)
    Affected: 3.5.0 , < 3.5.11.1 (custom)
    Affected: 3.4.0 , < 3.4.15 (custom)
    Affected: 3.3.0 , < 3.3.17 (custom)
    Affected: 3.2.0 , < 3.2.16 (custom)
    Affected: 3.1.0 , < 3.1.15 (custom)
    Affected: 3.0.0 , < 3.0.16 (custom)
    Affected: 2.7.0 , < 2.7.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T13:02:19.970074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:02:26.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Data Commons",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "4.0.5.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.11.1",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.15",
                  "status": "affected",
                  "version": "3.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.3.17",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.16",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.15",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.16",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.7.20",
                  "status": "affected",
                  "version": "2.7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
                }
              ],
              "value": "Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker who can supply crafted Sort parameters to an exposed Spring Data Commons endpoint can trigger a StackOverflowException, causing denial of service."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T21:34:42.920Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41711"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Potential Denial of Service through crafted Sort Parameters",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41711",
        "datePublished": "2026-06-09T23:48:12.215Z",
        "dateReserved": "2026-04-22T06:21:34.490Z",
        "dateUpdated": "2026-06-27T21:34:42.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41695 (GCVE-0-2026-41695)

    Vulnerability from cvelistv5 – Published: 2026-06-09 23:47 – Updated: 2026-06-27 21:31
    VLAI
    Title
    Denial of Service in Spring Data Commons Property Path Resolution
    Summary
    Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Data Commons Affected: 4.0.0 , < 4.0.5.1 (custom)
    Affected: 3.5.0 , < 3.5.11.1 (custom)
    Affected: 3.4.0 , < 3.4.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T17:55:11.129479Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:00:18.874Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Data Commons",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "4.0.5.1",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.11.1",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.15",
                  "status": "affected",
                  "version": "3.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14."
                }
              ],
              "value": "Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker who can supply attacker-controlled property path strings to MappingContext property path resolution can trigger resource exhaustion and denial of service."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T21:31:50.685Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41695"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service in Spring Data Commons Property Path Resolution",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41695",
        "datePublished": "2026-06-09T23:47:33.927Z",
        "dateReserved": "2026-04-22T06:21:22.981Z",
        "dateUpdated": "2026-06-27T21:31:50.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41008 (GCVE-0-2026-41008)

    Vulnerability from cvelistv5 – Published: 2026-06-09 23:47 – Updated: 2026-06-27 21:30
    VLAI
    Title
    Spring Security Authorization Server Open Redirect via request_uri
    Summary
    Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability. Affected versions: Spring Security 7.0.0 through 7.0.5. Spring Authorization Server 1.5.0 through 1.5.7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site (Open Redirect)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Spring Spring Security Affected: 7.0.0 , < 7.0.5.1 (custom)
    Create a notification for this product.
    Spring Spring Authorization Server Affected: 1.5.0 , < 1.5.7.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41008",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:07:02.878770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:07:24.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Spring Security",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "7.0.5.1",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Spring Authorization Server",
              "vendor": "Spring",
              "versions": [
                {
                  "lessThan": "1.5.7.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Spring Security Authorization Server\u0027s authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5.\nSpring Authorization Server 1.5.0 through 1.5.7."
                }
              ],
              "value": "Spring Security Authorization Server\u0027s authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5.\nSpring Authorization Server 1.5.0 through 1.5.7."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker can craft a malicious authorization request with an invalid request_uri and an unvalidated redirect_uri to cause an open redirect in Spring Security Authorization Server."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (Open Redirect)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T21:30:17.016Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://spring.io/security/cve-2026-41008"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Spring Security Authorization Server Open Redirect via request_uri",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41008",
        "datePublished": "2026-06-09T23:47:07.292Z",
        "dateReserved": "2026-04-16T02:19:16.426Z",
        "dateUpdated": "2026-06-27T21:30:17.016Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44839 (GCVE-0-2026-44839)

    Vulnerability from cvelistv5 – Published: 2026-05-27 15:07 – Updated: 2026-05-27 15:47
    VLAI
    Title
    RabbitMQ: Unsanitized vhost names allow for XSS in management UI
    Summary
    RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    rabbitmq rabbitmq-server Affected: >= 3.7.0, < 4.0.13
    Affected: >= 4.1.0-alpha, < 4.1.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T15:46:43.083359Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T15:47:11.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "rabbitmq-server",
              "vendor": "rabbitmq",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.7.0, \u003c 4.0.13"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 4.1.0-alpha, \u003c 4.1.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13,  This vulnerability is fixed in 4.1.2 and 4.0.13."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:07:10.366Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-fh5r-jpm3-fjwp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-fh5r-jpm3-fjwp"
            },
            {
              "name": "https://github.com/rabbitmq/rabbitmq-server/commit/7f54319279d1ece161ae0b4cdc6f0e58a4045eb5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rabbitmq/rabbitmq-server/commit/7f54319279d1ece161ae0b4cdc6f0e58a4045eb5"
            }
          ],
          "source": {
            "advisory": "GHSA-fh5r-jpm3-fjwp",
            "discovery": "UNKNOWN"
          },
          "title": "RabbitMQ: Unsanitized vhost names allow for XSS in management UI"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44839",
        "datePublished": "2026-05-27T15:07:10.366Z",
        "dateReserved": "2026-05-07T21:21:48.352Z",
        "dateUpdated": "2026-05-27T15:47:11.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44838 (GCVE-0-2026-44838)

    Vulnerability from cvelistv5 – Published: 2026-05-27 15:03 – Updated: 2026-05-28 14:31
    VLAI
    Title
    RabbitMQ MQTT Topic Permission Authorization Bypass
    Summary
    RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to topics that include their client ID. However, the client_id is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    rabbitmq rabbitmq-server Affected: >= 4.2.0, < 4.2.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T14:30:53.473259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T14:31:11.075Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "rabbitmq-server",
              "vendor": "rabbitmq",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.2.0, \u003c 4.2.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ\u0027s MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to topics that include their client ID. However, the client_id is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:03:57.467Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-x866-xp2g-cx8v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-x866-xp2g-cx8v"
            }
          ],
          "source": {
            "advisory": "GHSA-x866-xp2g-cx8v",
            "discovery": "UNKNOWN"
          },
          "title": "RabbitMQ MQTT Topic Permission Authorization Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44838",
        "datePublished": "2026-05-27T15:03:57.467Z",
        "dateReserved": "2026-05-07T21:21:48.352Z",
        "dateUpdated": "2026-05-28T14:31:11.075Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8370 (GCVE-0-2026-8370)

    Vulnerability from cvelistv5 – Published: 2026-05-19 18:42 – Updated: 2026-05-19 19:30
    VLAI
    Title
    Automic Automation Agent Unix privilege escalation
    Summary
    Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This issue affects Automic Automation: < 24.4.4 HF1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with unnecessary privileges
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom Automic Automation Affected: < 24.4.4 HF1 (custom)
    Unaffected: 24.4.4 HF1 or later
    Unaffected: 26.0.0
    Create a notification for this product.
    Date Public
    2026-05-19 17:00
    Credits
    David Suchy, Citadelo (citadelo.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T19:30:47.783803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T19:30:57.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Agent Unix",
              "platforms": [
                "Linux x64",
                "Linux Power 64 BE",
                "Linux Power 64 LE",
                "zLinux (zSeries)",
                "AIX",
                "Solaris x64",
                "Solaris Sparc 64"
              ],
              "product": "Automic Automation",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 24.4.4 HF1",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.4.4 HF1 or later"
                },
                {
                  "status": "unaffected",
                  "version": "26.0.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_x64:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_be:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_le:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:zlinux_zseries_:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:aix:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_x64:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_sparc_64:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_be:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_le:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:zlinux_zseries_:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:aix:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_sparc_64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_be:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_le:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:zlinux_zseries_:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:aix:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_sparc_64:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Suchy, Citadelo (citadelo.com)"
            }
          ],
          "datePublic": "2026-05-19T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\u003cp\u003eThis issue affects Automic Automation: \u0026lt; 24.4.4 HF1.\u003c/p\u003e"
                }
              ],
              "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\n\nThis issue affects Automic Automation: \u003c 24.4.4 HF1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            },
            {
              "capecId": "CAPEC-69",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-69 Target Programs with Elevated Privileges"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with unnecessary privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T18:42:00.155Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37512"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Automic Automation Agent Unix privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2026-8370",
        "datePublished": "2026-05-19T18:42:00.155Z",
        "dateReserved": "2026-05-11T23:42:14.037Z",
        "dateUpdated": "2026-05-19T19:30:57.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201404-0592

    Vulnerability from variot - Updated: 2026-04-10 23:34

    The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed.". RubyGems actionpack is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Each bulletin will include a patch and/or mitigation guideline.

    Note: OpenSSL is an external product embedded in HP products.

    Bulletin Applicability:

    This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide.

    To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . No user action is required to install them. HP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for the following firmware versions:

    671H_GS00601 665H_GS12501 663H_GS04601

    HP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in 655H firmware versions:

    655H_GS10201

    HP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. If the library firmware cannot be updated, HP recommends following the Mitigation Instructions below.

    Mitigation Instructions

    The following configuration options that allow access to the Heartbeat function in the vulnerable versions of OpenSSL are not enabled by default. Verify that the following options are "disabled" using the Tape Library GUI:

    Product Configuration Options to Disable TLS Heartbeat Functions

    Secure SMI-S CVTL User

    Note: Disabling these features blocks the vulnerable OpenSSL function in both the ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape Drives. The basic functionality of the library is not affected by these configuration changes and SSL access to the user interface is not affected by this configuration change or setting. ============================================================================ Ubuntu Security Notice USN-2165-1 April 07, 2014

    openssl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 13.10
    • Ubuntu 12.10
    • Ubuntu 12.04 LTS

    Summary:

    OpenSSL could be made to expose sensitive information over the network, possibly including private keys.

    Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

    Details:

    Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. (CVE-2014-0160)

    Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2

    Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7

    Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12

    After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them.

    Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz: Upgraded. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org for preparing the fix. Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 ( Security fix ) patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz: Upgraded. +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz

    Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz

    Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz

    Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz

    Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz

    Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 14.0 packages: 5467a62ebfbe9a9bfff64dcc4cfcdf7d openssl-1.0.1g-i486-1_slack14.0.txz bdadd9920f2ce6fe4a0a7bd0d96f99df openssl-solibs-1.0.1g-i486-1_slack14.0.txz

    Slackware x86_64 14.0 packages: 11ede2992e2b5d15bd3ffc5807571350 openssl-1.0.1g-x86_64-1_slack14.0.txz 858ea6409aab45a67a880458ce48f923 openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz

    Slackware 14.1 packages: 8638083d9768ffcc4b7c597806ca634c openssl-1.0.1g-i486-1_slack14.1.txz 4d9dfe9db9e1f286ead72fc60971807b openssl-solibs-1.0.1g-i486-1_slack14.1.txz

    Slackware x86_64 14.1 packages: d85f8f451f71dd606f3adb59e582322a openssl-1.0.1g-x86_64-1_slack14.1.txz 43ff4bbfe26f99e7a3b9145146d191a0 openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz

    Slackware -current packages: 265a66855320207d4a7567ac5ae9a747 a/openssl-solibs-1.0.1g-i486-1.txz bf07a4b17f1c78a4081e2cfb711b8748 n/openssl-1.0.1g-i486-1.txz

    Slackware x86_64 -current packages: 27e5135d764bd87bdb784b288e416b22 a/openssl-solibs-1.0.1g-x86_64-1.txz 5ef747eed99ac34102b34d8d0eaed3a8 n/openssl-1.0.1g-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the packages as root:

    upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. If bulk software or firmware updates are required, use an unaffected or patched version of HP Smart Update Manager (HP SUM) to do single or batch updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: rhevm-spice-client security update Advisory ID: RHSA-2014:0416-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0416.html Issue date: 2014-04-17 CVE Names: CVE-2012-4929 CVE-2013-0169 CVE-2013-4353 CVE-2014-0160 =====================================================================

    1. Summary:

    Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3.

    The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    RHEV-M 3.3 - noarch

    1. Description:

    Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems.

    The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues:

    An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. (CVE-2014-0160)

    It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)

    A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)

    It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)

    Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter.

    The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers:

    CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166

    All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    857051 - CVE-2012-4929 SSL/TLS CRIME attack against HTTPS 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets 1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets

    1. Package List:

    RHEV-M 3.3:

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-spice-client-3.3-12.el6_5.src.rpm

    noarch: rhevm-spice-client-x64-cab-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x64-msi-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x86-cab-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x86-msi-3.3-12.el6_5.noarch.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2012-4929.html https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-4353.html https://www.redhat.com/security/data/cve/CVE-2014-0160.html https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2014 Red Hat, Inc.

    The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04239372

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c04239372 Version: 4

    HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2014-04-13 Last Updated: 2014-05-13

    Potential Security Impact: Remote disclosure of information, Denial of Service (DoS)

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).

    References:

    CVE-2014-0160 (SSRT101501) Disclosure of Information - "Heartbleed" CVE-2013-4353 Denial of Service (DoS) CVE-2013-6449 Denial of Service (DoS) CVE-2013-6450 Denial of Service (DoS)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2013-4353 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6449 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6450 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH):

    Product version/Platform Download Location

    SMH 7.2.3 Windows x86 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52

    SMH 7.2.3 Windows x64 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37

    SMH 7.3.2.1(B) Windows x86 http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a

    SMH 7.3.2.1(B) Windows x64 http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76

    SMH 7.3.2 Linux x86 http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178

    SMH 7.3.2 Linux x64 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37

    Notes

    SMH 7.2.3 recommended for customers running Windows 2003 OS Updated OpenSSL to version 1.0.1g

    Note: If you believe your SMH installation was exploited while it was running components vulnerable to heartbleed, there are some steps to perform after youve upgraded to the non-vulnerable components. These steps include revoking, recreating, and re-importing certificates and resetting passwords that might have been harvested by a malicious attacker using the heartbleed vulnerability.

    Impact on VCA - VCRM communication: VCA configures VCRM by importing the SMH certificate from the SMH of VCA into the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if the user wants to continue with Trust by Certificate option, and the outdated certificate should be revoked (deleted) from each location where it was previously imported. If you use HPSIMs 2-way trust feature, and have imported SMH certificates into HPSIM, you will also need to revoke those SMH certificated from HPSIM and reimport the newly created SMH certificates. Though SMH uses OS credentials using OS-based APIs, user provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. If you suspect your systems using SMH were exploited while they were vulnerable to heartbleed, these passwords need to be reset.

    Frequently Asked Questions

    Will updated systems require a reboot after applying the SMH patch? No, reboot of the system will not be required. Installing the new build is sufficient to get back to the normal state. Is a Firmware Update necessary in addition to the SMH patch? No, only the SMH update is sufficient to remove the heartbleed-vulnerable version of SMH. Will new certificates be issued along with the patch, or need to be handled separately? If you suspect the certificate has been compromised due to this vulnerability, we do recommend to delete and revoke the certificate, or SMH will reuse the existing certificate. New certificate will be created when SMH service starts (at the end of the fresh / upgrade installation). Instructions on deleting the certificate are in the notes above. Where can I get SMH documentation? All major documents are available at: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library Select HP Insight Management under Product and Solutions & check HP System Management Homepage to get SMH related documents.

    What are the recommended upgrade paths? See the table below: SMH DVD SPP Recommended SMH update for Linux Recommended SMH update for Windows 2003 and Widows 2003 R2 Recommended SMH update for other Windows OS versions

    v7.1.2 v7.1.2 2012.10.0 v7.3.2 v7.2.3 v7.3.2

    v7.2.0 v7.2.0 2013.02.0(B) v7.3.2 v7.2.3 v7.3.2

    v7.2.1 v7.2u1

    v7.3.2 v7.2.3 v7.3.2

    v7.2.2 v7.2u2 2013.09.0(B) v7.3.2 v7.2.3 v7.3.2

    v7.3.0 v7.3.0

    v7.3.2 not supported v7.3.2

    v7.3.1 v7.3.1 2014.02.0 v7.3.2 not supported v7.3.2

    How can I verify whether my setup is patched successfully? SMH version can be verified by executing following command on: Windows: hp\hpsmh\bin\smhlogreader version Linux: /opt/hp/hpsmh/bin/smhlogreader version Will VCA-VCRM communication be impacted due to the SMH certificate being deleted? VCA configures VCRM by importing the SMH certificate (sslshare\cert.pem) from the SMH of VCA to the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if user wants to continue with Trust by Certificate option, and remove the old, previously imported certificate. Should I reset password on all managed nodes, where SMH was/is running? Though SMH uses OS credentials using OS based APIs, user-provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. Passwords need to be reset if you suspect the vulnerable version of SMH was exploited by malicious users/ hackers.

    HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Version:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released Version:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released Version:4 (rev.4) - 13 May 2014 Added additional remediation steps for post update installation

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

    iEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd fm4AoKM1d7+F05Xo87Bicnmh0OHidg/O =bK11 -----END PGP SIGNATURE----- . This bulletin will give you the information needed to update your HP Insight Control server deployment solution.

    Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64

    References: CVE-2014-0160 (SSRT101538)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP is actively working to address this vulnerability for the impacted versions of HP Insight Control server deployment. This bulletin may be revised. It is recommended that customers take the following approaches depending on the version of HP Insight Control server deployment:

    To address the vulnerability in an initial installation of HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 only follow steps 1 through Step 3 of the following procedure, before initiating an operating system deployment.

    To address the vulnerability in a previous installation of HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 follow all steps in the following procedure.

    Delete the smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, row 1,2,3,4. Delete the affected hpsmh-7.*.rpm" from Component Copy Location listed in the following table, row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location suggested in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location

    1 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52 smhx86-cp023242.exe \express\hpfeatures\hpagents-ws\components\Win2003

    2 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37 smhamd64-cp023243.exe \express\hpfeatures\hpagents-ws\components\Win2003

    3 http://www.hp.com/swpublishing/MTX-2e19c856f0e84e20a14c63ecd0 smhamd64-cp023240.exe \express\hpfeatures\hpagents-ws\components\Win2008

    4 http://www.hp.com/swpublishing/MTX-41199f68c1144acb84a5798bf0 smhx86-cp023239.exe \express\hpfeatures\hpagents-ws\components\Win2008

    5 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components

    Table 1

    Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.3.2.2"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "20"
          },
          {
            "_id": null,
            "model": "v60",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.15"
          },
          {
            "_id": null,
            "model": "s9922l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ricon",
            "version": "16.10.3\\(3794\\)"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.1.2.5"
          },
          {
            "_id": null,
            "model": "gluster storage",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "application processing engine",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "v100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.24"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1g"
          },
          {
            "_id": null,
            "model": "simatic s7-1500",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "19"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.10"
          },
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.1.3.3"
          },
          {
            "_id": null,
            "model": "symantec messaging gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "10.6.1"
          },
          {
            "_id": null,
            "model": "virtualization",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "v100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.20"
          },
          {
            "_id": null,
            "model": "v60",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.25"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "13.10"
          },
          {
            "_id": null,
            "model": "cp 1543-1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "wincc open architecture",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.12"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.3.0.104"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.2.0.11"
          },
          {
            "_id": null,
            "model": "elan-8.2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "8.3.3"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "storage",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "filezilla",
            "version": "0.9.44"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "simatic s7-1500t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.4.0.102"
          },
          {
            "_id": null,
            "model": "v100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.21"
          },
          {
            "_id": null,
            "model": "symantec messaging gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "10.6.0"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "arch linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aruba",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmate",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bee ware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ca",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "extreme",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fortinet",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "global associates",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva s a",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "marklogic",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mcafee",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nvidia",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netbsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openvpn",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sophos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "unisys",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "watchguard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wind river",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opensuse",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pfsense",
            "version": null
          },
          {
            "_id": null,
            "model": "studio onsite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "suse",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "s u s e",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "s u s e",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "software collections for rhel",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "0"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "puppetlabs",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "chef",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opscode",
            "version": "11.1.2"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "chef",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "opscode",
            "version": "11.1.3"
          },
          {
            "_id": null,
            "model": "webyast",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "lifecycle management server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "3.2.15"
          },
          {
            "_id": null,
            "model": "openstack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "3.2.16"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.7"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.5"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.10"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails 3.1.0.rc5",
            "scope": null,
            "trust": 0.3,
            "vendor": "ruby",
            "version": null
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.8.4"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.14"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.12"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.4"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "1.2.7"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.12"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.11"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.17"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "cloudforms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.12"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.15"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.7.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.13"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.8.3"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.18"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.4"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.17"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.7"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.8.0"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.5.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.7"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.8"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.20"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.1.2"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.5.1"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.4"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.5"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.1.3"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.7.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.9"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.16"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails 3.1.0.rc6",
            "scope": null,
            "trust": 0.3,
            "vendor": "ruby",
            "version": null
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.8"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.11"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.19"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.13"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.11"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.8"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.10"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.8.2"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.7"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "HP",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "126605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126954"
          },
          {
            "db": "PACKETSTORM",
            "id": "126284"
          },
          {
            "db": "PACKETSTORM",
            "id": "126361"
          },
          {
            "db": "PACKETSTORM",
            "id": "126417"
          },
          {
            "db": "PACKETSTORM",
            "id": "126305"
          },
          {
            "db": "PACKETSTORM",
            "id": "126644"
          },
          {
            "db": "PACKETSTORM",
            "id": "126164"
          },
          {
            "db": "PACKETSTORM",
            "id": "127279"
          },
          {
            "db": "PACKETSTORM",
            "id": "127085"
          },
          {
            "db": "PACKETSTORM",
            "id": "126784"
          }
        ],
        "trust": 1.1
      },
      "cve": "CVE-2014-0160",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0160",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 5.0,
                "collateralDamagePotential": "LOW-MEDIUM",
                "confidentialityImpact": "PARTIAL",
                "confidentialityRequirement": "HIGH",
                "enviromentalScore": 6.5,
                "exploitability": "FUNCTIONAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0160",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "integrityRequirement": "HIGH",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "MEDIUM",
                "targetDistribution": "HIGH",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2014-0160",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0160",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2014-0160",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0160",
                "trust": 0.8,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-0160",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as \"heartbleed.\". RubyGems actionpack is prone to a denial-of-service vulnerability. \nRemote attackers can exploit this issue to cause denial-of-service conditions. \nOpenSSL is a 3rd party product that is embedded with some of HP Software\nproducts. This bulletin objective is to notify HP Software customers about\nproducts affected by the Heartbleed vulnerability. This weakness\npotentially allows disclosure of information protected, under normal\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\nbelow are vulnerable due to embedding OpenSSL standard release software. Each bulletin will include a patch and/or mitigation\nguideline. \n\nNote: OpenSSL is an external product embedded in HP products. \n\nBulletin Applicability:\n\nThis bulletin applies to each OpenSSL component that is embedded within the\nHP products listed in the security bulletin. The bulletin does not apply to\nany other 3rd party application (e.g. operating system, web server, or\napplication server) that may be required to be installed by the customer\naccording instructions in the product install guide. \n\nTo learn more about HP Software Incident Response, please visit http://www8.h\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\nenter.html . No user action is\nrequired to install them. \nHP StoreEver ESL G3 Tape Libraries with MCB rev 2  OpenSSL version 1.0.1f for\nthe following firmware versions:\n\n671H_GS00601\n665H_GS12501\n663H_GS04601\n\nHP StoreEver ESL G3 Tape Libraries with MCB rev 1  Open SSL version 1.0.1e in\n655H firmware versions:\n\n655H_GS10201\n\nHP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. \nIf the library firmware cannot be updated, HP recommends following the\nMitigation Instructions below. \n\nMitigation Instructions\n\nThe following configuration options that allow access to the Heartbeat\nfunction in the vulnerable versions of OpenSSL are not enabled by default. \nVerify that the following options are \"disabled\" using the Tape Library GUI:\n\nProduct Configuration Options to Disable TLS Heartbeat Functions\n\nSecure SMI-S\nCVTL User\n\nNote: Disabling these features blocks the vulnerable OpenSSL function in both\nthe ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape\nDrives. The basic functionality of the library is not affected by these\nconfiguration changes and SSL access to the user interface is not affected by\nthis configuration change or setting. ============================================================================\nUbuntu Security Notice USN-2165-1\nApril 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSL could be made to expose sensitive information over the network,\npossibly including private keys. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nNeel Mehta discovered that OpenSSL incorrectly handled memory in the TLS\nheartbeat extension. (CVE-2014-0160)\n\nYuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled\ntiming during swap operations in the Montgomery ladder implementation. An\nattacker could use this issue to perform side-channel attacks and possibly\nrecover ECDSA nonces. (CVE-2014-0076)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.2\n\nUbuntu 12.10:\n  libssl1.0.0                     1.0.1c-3ubuntu2.7\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.12\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. Since this issue may have resulted in compromised\nprivate keys, it is recommended to regenerate them. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1g-i486-1_slack14.1.txz:  Upgraded. \n  Thanks for Neel Mehta of Google Security for discovering this bug and to\n  Adam Langley \u003cagl@chromium.org\u003e and Bodo Moeller \u003cbmoeller@acm.org\u003e for\n  preparing the fix. \n  Fix for the attack described in the paper \"Recovering OpenSSL\n  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\n  by Yuval Yarom and Naomi Benger. Details can be obtained from:\n  http://eprint.iacr.org/2014/140\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n5467a62ebfbe9a9bfff64dcc4cfcdf7d  openssl-1.0.1g-i486-1_slack14.0.txz\nbdadd9920f2ce6fe4a0a7bd0d96f99df  openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n11ede2992e2b5d15bd3ffc5807571350  openssl-1.0.1g-x86_64-1_slack14.0.txz\n858ea6409aab45a67a880458ce48f923  openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8638083d9768ffcc4b7c597806ca634c  openssl-1.0.1g-i486-1_slack14.1.txz\n4d9dfe9db9e1f286ead72fc60971807b  openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd85f8f451f71dd606f3adb59e582322a  openssl-1.0.1g-x86_64-1_slack14.1.txz\n43ff4bbfe26f99e7a3b9145146d191a0  openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n265a66855320207d4a7567ac5ae9a747  a/openssl-solibs-1.0.1g-i486-1.txz\nbf07a4b17f1c78a4081e2cfb711b8748  n/openssl-1.0.1g-i486-1.txz\n\nSlackware x86_64 -current packages:\n27e5135d764bd87bdb784b288e416b22  a/openssl-solibs-1.0.1g-x86_64-1.txz\n5ef747eed99ac34102b34d8d0eaed3a8  n/openssl-1.0.1g-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \nIf bulk software or firmware updates are required, use an unaffected or\npatched version of HP Smart Update Manager (HP SUM) to do single or batch\nupdates. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: rhevm-spice-client security update\nAdvisory ID:       RHSA-2014:0416-01\nProduct:           Red Hat Enterprise Virtualization\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0416.html\nIssue date:        2014-04-17\nCVE Names:         CVE-2012-4929 CVE-2013-0169 CVE-2013-4353 \n                   CVE-2014-0160 \n=====================================================================\n\n1. Summary:\n\nUpdated rhevm-spice-client packages that fix multiple security issues are\nnow available for Red Hat Enterprise Virtualization Manager 3. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV-M 3.3 - noarch\n\n3. Description:\n\nRed Hat Enterprise Virtualization Manager provides access to virtual\nmachines using SPICE. These SPICE client packages provide the SPICE client\nand usbclerk service for both Windows 32-bit operating systems and Windows\n64-bit operating systems. \n\nThe rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE\nclient. OpenSSL, a general purpose cryptography library with a TLS\nimplementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer\npackage has been updated to correct the following issues:\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server. (CVE-2014-0160)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the way OpenSSL handled\nTLS/SSL protocol handshake packets. A specially crafted handshake packet\ncould cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text. \n(CVE-2012-4929)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter. \n\nThe updated mingw-virt-viewer Windows SPICE client further includes OpenSSL\nsecurity fixes that have no security impact on mingw-virt-viewer itself. \nThe security fixes included in this update address the following CVE\nnumbers:\n\nCVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166\n\nAll Red Hat Enterprise Virtualization Manager users are advised to upgrade\nto these updated packages, which address these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n857051 - CVE-2012-4929 SSL/TLS CRIME attack against HTTPS\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets\n1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets\n\n6. Package List:\n\nRHEV-M 3.3:\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-spice-client-3.3-12.el6_5.src.rpm\n\nnoarch:\nrhevm-spice-client-x64-cab-3.3-12.el6_5.noarch.rpm\nrhevm-spice-client-x64-msi-3.3-12.el6_5.noarch.rpm\nrhevm-spice-client-x86-cab-3.3-12.el6_5.noarch.rpm\nrhevm-spice-client-x86-msi-3.3-12.el6_5.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-4929.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-0169.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4353.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0160.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n\nThe HP SIM software itself is not vulnerable to CVE-2014-0160 (\"Heartbleed\"). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04239372\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04239372\nVersion: 4\n\nHPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on\nLinux and Windows, Remote Disclosure of Information, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-04-13\nLast Updated: 2014-05-13\n\nPotential Security Impact: Remote disclosure of information, Denial of\nService (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS). \n\nReferences:\n\nCVE-2014-0160 (SSRT101501) Disclosure of Information - \"Heartbleed\"\nCVE-2013-4353 Denial of Service (DoS)\nCVE-2013-6449 Denial of Service (DoS)\nCVE-2013-6450 Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3,\nv7.3.1 for Linux and Windows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-4353    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2013-6449    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2013-6450    (AV:N/AC:M/Au:N/C:N/I:P/A:P)       5.8\nCVE-2014-0160    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH):\n\nProduct version/Platform\n Download Location\n\nSMH 7.2.3 Windows x86\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n\nSMH 7.2.3 Windows x64\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n\nSMH 7.3.2.1(B) Windows x86\n http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a\n\nSMH 7.3.2.1(B) Windows x64\n http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76\n\nSMH 7.3.2 Linux x86\n http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178\n\nSMH 7.3.2 Linux x64\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n\nNotes\n\nSMH 7.2.3 recommended for customers running Windows 2003 OS\nUpdated OpenSSL to version 1.0.1g\n\nNote: If you believe your SMH installation was exploited while it was running\ncomponents vulnerable to heartbleed, there are some steps to perform after\nyouve upgraded to the non-vulnerable components. These steps include\nrevoking, recreating, and re-importing certificates and resetting passwords\nthat might have been harvested by a malicious attacker using the heartbleed\nvulnerability. \n\nImpact on VCA - VCRM communication: VCA configures VCRM by importing the SMH\ncertificate from the SMH of VCA into the SMH of VCRM. When this certificate\nis deleted \u0026 regenerated (as suggested before), it needs to be (re)imported\nif the user wants to continue with Trust by Certificate option, and the\noutdated certificate should be revoked (deleted) from each location where it\nwas previously imported. \nIf you use HPSIMs 2-way trust feature, and have imported SMH certificates\ninto HPSIM, you will also need to revoke those SMH certificated from HPSIM\nand reimport the newly created SMH certificates. \nThough SMH uses OS credentials using OS-based APIs, user provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. If you suspect your systems using SMH were exploited while they\nwere vulnerable to heartbleed, these passwords need to be reset. \n\nFrequently Asked Questions\n\nWill updated systems require a reboot after applying the SMH patch?\nNo, reboot of the system will not be required. Installing the new build is\nsufficient to get back to the normal state. \nIs a Firmware Update necessary in addition to the SMH patch?\nNo, only the SMH update is sufficient to remove the heartbleed-vulnerable\nversion of SMH. \nWill new certificates be issued along with the patch, or need to be handled\nseparately?\nIf you suspect the certificate has been compromised due to this\nvulnerability, we do recommend to delete and revoke the certificate, or SMH\nwill reuse the existing certificate. New certificate will be created when SMH\nservice starts (at the end of the fresh / upgrade installation). Instructions\non deleting the certificate are in the notes above. \nWhere can I get SMH documentation?\nAll major documents are available at:\nhttp://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library\nSelect HP Insight Management under Product and Solutions \u0026 check HP System\nManagement Homepage to get SMH related documents. \n\nWhat are the recommended upgrade paths?\nSee the table below:\nSMH\n DVD\n SPP\n Recommended SMH update for Linux\n Recommended SMH update for Windows 2003 and Widows 2003 R2\n Recommended SMH update for other Windows OS versions\n\nv7.1.2\n v7.1.2\n 2012.10.0\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.0\n v7.2.0\n 2013.02.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.1\n v7.2u1\n\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.2\n v7.2u2\n 2013.09.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.3.0\n v7.3.0\n\n v7.3.2\n not supported\n v7.3.2\n\nv7.3.1\n v7.3.1\n 2014.02.0\n v7.3.2\n not supported\n v7.3.2\n\nHow can I verify whether my setup is patched successfully?\nSMH version can be verified by executing following command on:\nWindows: hp\\hpsmh\\bin\\smhlogreader version\nLinux: /opt/hp/hpsmh/bin/smhlogreader version\nWill VCA-VCRM communication be impacted due to the SMH certificate being\ndeleted?\nVCA configures VCRM by importing the SMH certificate (sslshare\\cert.pem) from\nthe SMH of VCA to the SMH of VCRM. When this certificate is deleted \u0026\nregenerated (as suggested before), it needs to be (re)imported if user wants\nto continue with Trust by Certificate option, and remove the old, previously\nimported certificate. \nShould I reset password on all managed nodes, where SMH was/is running?\nThough SMH uses OS credentials using OS based APIs, user-provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. Passwords need to be reset if you suspect the vulnerable version of\nSMH was exploited by malicious users/ hackers. \n\nHISTORY\nVersion:1 (rev.1) - 13 April 2014 Initial release\nVersion:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released\nVersion:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released\nVersion:4 (rev.4) - 13 May 2014 Added additional remediation steps for post\nupdate installation\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd\nfm4AoKM1d7+F05Xo87Bicnmh0OHidg/O\n=bK11\n-----END PGP SIGNATURE-----\n. This bulletin will give you the information needed to\nupdate your HP Insight Control server deployment solution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\n\nReferences: CVE-2014-0160 (SSRT101538)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-0160    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP is actively working to address this vulnerability for the impacted\nversions of HP Insight Control server deployment. This bulletin may be\nrevised. It is recommended that customers take the following approaches\ndepending on the version of HP Insight Control server deployment:\n\nTo address the vulnerability in an initial installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 only follow steps 1\nthrough Step 3 of the following procedure, before initiating an operating\nsystem deployment. \n\nTo address the vulnerability in a previous installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 follow all steps in the\nfollowing procedure. \n\nDelete the smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location listed\nin the following table, row 1,2,3,4. \nDelete the affected hpsmh-7.*.rpm\" from Component Copy Location listed in the\nfollowing table, row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nsuggested in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n smhx86-cp023242.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n2\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n smhamd64-cp023243.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n3\n http://www.hp.com/swpublishing/MTX-2e19c856f0e84e20a14c63ecd0\n smhamd64-cp023240.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-41199f68c1144acb84a5798bf0\n smhx86-cp023239.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nTable 1\n\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          },
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          },
          {
            "db": "PACKETSTORM",
            "id": "126644"
          },
          {
            "db": "PACKETSTORM",
            "id": "126784"
          },
          {
            "db": "PACKETSTORM",
            "id": "127085"
          },
          {
            "db": "PACKETSTORM",
            "id": "127279"
          },
          {
            "db": "PACKETSTORM",
            "id": "126045"
          },
          {
            "db": "PACKETSTORM",
            "id": "126086"
          },
          {
            "db": "PACKETSTORM",
            "id": "126164"
          },
          {
            "db": "PACKETSTORM",
            "id": "126305"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          },
          {
            "db": "PACKETSTORM",
            "id": "126197"
          },
          {
            "db": "PACKETSTORM",
            "id": "126361"
          },
          {
            "db": "PACKETSTORM",
            "id": "126284"
          },
          {
            "db": "PACKETSTORM",
            "id": "126954"
          },
          {
            "db": "PACKETSTORM",
            "id": "126605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126417"
          }
        ],
        "trust": 3.51
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/720951",
            "trust": 0.8,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32745",
            "trust": 0.4,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0160",
            "trust": 3.9
          },
          {
            "db": "EXPLOIT-DB",
            "id": "32745",
            "trust": 1.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#720951",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "57721",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59243",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57836",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57968",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59347",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57966",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57483",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57347",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59139",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030079",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030074",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030081",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030080",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030026",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030077",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030082",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030078",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "66690",
            "trust": 1.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "32764",
            "trust": 1.1
          },
          {
            "db": "USCERT",
            "id": "TA14-098A",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-635659",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "64074",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "65604",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-135-02",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126605",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126954",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126284",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126361",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126197",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126417",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126305",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126644",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126164",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126086",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126045",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "127279",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "127085",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126784",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          },
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          },
          {
            "db": "PACKETSTORM",
            "id": "126605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126954"
          },
          {
            "db": "PACKETSTORM",
            "id": "126284"
          },
          {
            "db": "PACKETSTORM",
            "id": "126361"
          },
          {
            "db": "PACKETSTORM",
            "id": "126197"
          },
          {
            "db": "PACKETSTORM",
            "id": "126417"
          },
          {
            "db": "PACKETSTORM",
            "id": "126305"
          },
          {
            "db": "PACKETSTORM",
            "id": "126644"
          },
          {
            "db": "PACKETSTORM",
            "id": "126164"
          },
          {
            "db": "PACKETSTORM",
            "id": "126086"
          },
          {
            "db": "PACKETSTORM",
            "id": "126045"
          },
          {
            "db": "PACKETSTORM",
            "id": "127279"
          },
          {
            "db": "PACKETSTORM",
            "id": "127085"
          },
          {
            "db": "PACKETSTORM",
            "id": "126784"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "id": "VAR-201404-0592",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6038711649999999
      },
      "last_update_date": "2026-04-10T23:34:59.841000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2017/01/23/heartbleed_2017/"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/"
          },
          {
            "title": "Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e4799ab8fe4804274ba2db4d65cd867b"
          },
          {
            "title": "Debian Security Advisories: DSA-2896-1 openssl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=264ec318be06a69e28012f62b2dc5bb7"
          },
          {
            "title": "Ubuntu Security Notice: openssl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2165-1"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2014-0160 "
          },
          {
            "title": "exploits",
            "trust": 0.1,
            "url": "https://github.com/vs4vijay/exploits "
          },
          {
            "title": "VULNIX",
            "trust": 0.1,
            "url": "https://github.com/El-Palomo/VULNIX "
          },
          {
            "title": "openssl-heartbleed-fix",
            "trust": 0.1,
            "url": "https://github.com/sammyfung/openssl-heartbleed-fix "
          },
          {
            "title": "cve-2014-0160",
            "trust": 0.1,
            "url": "https://github.com/cved-sources/cve-2014-0160 "
          },
          {
            "title": "heartbleed_check",
            "trust": 0.1,
            "url": "https://github.com/ehoffmann-cp/heartbleed_check "
          },
          {
            "title": "heartbleed",
            "trust": 0.1,
            "url": "https://github.com/okrutnik420/heartbleed "
          },
          {
            "title": "heartbleed-test.crx",
            "trust": 0.1,
            "url": "https://github.com/iwaffles/heartbleed-test.crx "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Maheshmaske111/te "
          },
          {
            "title": "AradSocket",
            "trust": 0.1,
            "url": "https://github.com/araditc/AradSocket "
          },
          {
            "title": "sslscan",
            "trust": 0.1,
            "url": "https://github.com/kaisenlinux/sslscan "
          },
          {
            "title": "Springboard_Capstone_Project",
            "trust": 0.1,
            "url": "https://github.com/jonahwinninghoff/Springboard_Capstone_Project "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/MrE-Fog/heartbleeder "
          },
          {
            "title": "buffer_overflow_exploit",
            "trust": 0.1,
            "url": "https://github.com/olivamadrigal/buffer_overflow_exploit "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening "
          },
          {
            "title": "insecure_project",
            "trust": 0.1,
            "url": "https://github.com/turtlesec-no/insecure_project "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Maheshmaske111/ssl "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/H4R335HR/heartbleed "
          },
          {
            "title": "nmap-scripts",
            "trust": 0.1,
            "url": "https://github.com/takeshixx/nmap-scripts "
          },
          {
            "title": "knockbleed",
            "trust": 0.1,
            "url": "https://github.com/siddolo/knockbleed "
          },
          {
            "title": "heartbleed-masstest",
            "trust": 0.1,
            "url": "https://github.com/musalbas/heartbleed-masstest "
          },
          {
            "title": "HeartBleedDotNet",
            "trust": 0.1,
            "url": "https://github.com/ShawInnes/HeartBleedDotNet "
          },
          {
            "title": "heartbleed_test_openvpn",
            "trust": 0.1,
            "url": "https://github.com/weisslj/heartbleed_test_openvpn "
          },
          {
            "title": "paraffin",
            "trust": 0.1,
            "url": "https://github.com/vmeurisse/paraffin "
          },
          {
            "title": "sslscan",
            "trust": 0.1,
            "url": "https://github.com/rbsec/sslscan "
          },
          {
            "title": "Heartbleed_Dockerfile_with_Nginx",
            "trust": 0.1,
            "url": "https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx "
          },
          {
            "title": "heartbleed-bug",
            "trust": 0.1,
            "url": "https://github.com/cldme/heartbleed-bug "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/H4CK3RT3CH/awesome-web-hacking "
          },
          {
            "title": "Web-Hacking",
            "trust": 0.1,
            "url": "https://github.com/adm0i/Web-Hacking "
          },
          {
            "title": "cybersecurity-ethical-hacking",
            "trust": 0.1,
            "url": "https://github.com/paulveillard/cybersecurity-ethical-hacking "
          },
          {
            "title": "Lastest-Web-Hacking-Tools-vol-I",
            "trust": 0.1,
            "url": "https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I "
          },
          {
            "title": "HTBValentineWriteup",
            "trust": 0.1,
            "url": "https://github.com/zimmel15/HTBValentineWriteup "
          },
          {
            "title": "heartbleed-poc",
            "trust": 0.1,
            "url": "https://github.com/sensepost/heartbleed-poc "
          },
          {
            "title": "CVE-2014-0160",
            "trust": 0.1,
            "url": "https://github.com/0x90/CVE-2014-0160 "
          },
          {
            "title": "Certified-Ethical-Hacker-Exam-CEH-v10",
            "trust": 0.1,
            "url": "https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10 "
          },
          {
            "title": "cs558heartbleed",
            "trust": 0.1,
            "url": "https://github.com/gkaptch1/cs558heartbleed "
          },
          {
            "title": "HeartBleed",
            "trust": 0.1,
            "url": "https://github.com/archaic-magnon/HeartBleed "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/undacmic/heartbleed-proof-of-concept "
          },
          {
            "title": "openvpn-jookk",
            "trust": 0.1,
            "url": "https://github.com/Jeypi04/openvpn-jookk "
          },
          {
            "title": "Heartbleed",
            "trust": 0.1,
            "url": "https://github.com/Saiprasad16/Heartbleed "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/KickFootCode/LoveYouALL "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/imesecan/LeakReducer-artifacts "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/TVernet/Kali-Tools-liste-et-description "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/k4u5h41/Heartbleed "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/ronaldogdm/Heartbleed "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/rochacbruno/my-awesome-stars "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/asadhasan73/temp_comp_sec "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Aakaashzz/Heartbleed "
          },
          {
            "title": "tls-channel",
            "trust": 0.1,
            "url": "https://github.com/marianobarrios/tls-channel "
          },
          {
            "title": "fuzzx_cpp_demo",
            "trust": 0.1,
            "url": "https://github.com/guardstrikelab/fuzzx_cpp_demo "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Ppamo/recon_net_tools "
          },
          {
            "title": "heatbleeding",
            "trust": 0.1,
            "url": "https://github.com/idkqh7/heatbleeding "
          },
          {
            "title": "HeartBleed-Vulnerability-Checker",
            "trust": 0.1,
            "url": "https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker "
          },
          {
            "title": "heartbleed",
            "trust": 0.1,
            "url": "https://github.com/iSCInc/heartbleed "
          },
          {
            "title": "heartbleed-dtls",
            "trust": 0.1,
            "url": "https://github.com/hreese/heartbleed-dtls "
          },
          {
            "title": "heartbleedchecker",
            "trust": 0.1,
            "url": "https://github.com/roganartu/heartbleedchecker "
          },
          {
            "title": "nmap-heartbleed",
            "trust": 0.1,
            "url": "https://github.com/azet/nmap-heartbleed "
          },
          {
            "title": "sslscan",
            "trust": 0.1,
            "url": "https://github.com/delishen/sslscan "
          },
          {
            "title": "web-hacking",
            "trust": 0.1,
            "url": "https://github.com/hr-beast/web-hacking "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Miss-Brain/Web-Application-Security "
          },
          {
            "title": "web-hacking",
            "trust": 0.1,
            "url": "https://github.com/Hemanthraju02/web-hacking "
          },
          {
            "title": "awesome-web-hacking",
            "trust": 0.1,
            "url": "https://github.com/QWERTSKIHACK/awesome-web-hacking "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/himera25/web-hacking-list "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/dorota-fiit/bp-Heartbleed-defense-game "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Maheshmaske111/sslscan "
          },
          {
            "title": "Heart-bleed",
            "trust": 0.1,
            "url": "https://github.com/anonymouse327311/Heart-bleed "
          },
          {
            "title": "goScan",
            "trust": 0.1,
            "url": "https://github.com/stackviolator/goScan "
          },
          {
            "title": "sec-tool-list",
            "trust": 0.1,
            "url": "https://github.com/alphaSeclab/sec-tool-list "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/utensil/awesome-stars-test "
          },
          {
            "title": "insecure-cplusplus-dojo",
            "trust": 0.1,
            "url": "https://github.com/patricia-gallardo/insecure-cplusplus-dojo "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/jubalh/awesome-package-maintainer "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Elnatty/tryhackme_labs "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/hzuiw33/OpenSSL "
          },
          {
            "title": "makeItBleed",
            "trust": 0.1,
            "url": "https://github.com/mcampa/makeItBleed "
          },
          {
            "title": "CVE-2014-0160-Chrome-Plugin",
            "trust": 0.1,
            "url": "https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin "
          },
          {
            "title": "heartbleedfixer.com",
            "trust": 0.1,
            "url": "https://github.com/reenhanced/heartbleedfixer.com "
          },
          {
            "title": "CVE-2014-0160-Scanner",
            "trust": 0.1,
            "url": "https://github.com/obayesshelton/CVE-2014-0160-Scanner "
          },
          {
            "title": "openmagic",
            "trust": 0.1,
            "url": "https://github.com/isgroup-srl/openmagic "
          },
          {
            "title": "heartbleeder",
            "trust": 0.1,
            "url": "https://github.com/titanous/heartbleeder "
          },
          {
            "title": "cardiac-arrest",
            "trust": 0.1,
            "url": "https://github.com/ah8r/cardiac-arrest "
          },
          {
            "title": "heartbleed_openvpn_poc",
            "trust": 0.1,
            "url": "https://github.com/tam7t/heartbleed_openvpn_poc "
          },
          {
            "title": "docker-wheezy-with-heartbleed",
            "trust": 0.1,
            "url": "https://github.com/simonswine/docker-wheezy-with-heartbleed "
          },
          {
            "title": "docker-testssl",
            "trust": 0.1,
            "url": "https://github.com/mbentley/docker-testssl "
          },
          {
            "title": "heartbleedscanner",
            "trust": 0.1,
            "url": "https://github.com/hybridus/heartbleedscanner "
          },
          {
            "title": "HeartLeak",
            "trust": 0.1,
            "url": "https://github.com/OffensivePython/HeartLeak "
          },
          {
            "title": "HBL",
            "trust": 0.1,
            "url": "https://github.com/ssc-oscar/HBL "
          },
          {
            "title": "awesome-stars",
            "trust": 0.1,
            "url": "https://github.com/utensil/awesome-stars "
          },
          {
            "title": "SecurityTesting_web-hacking",
            "trust": 0.1,
            "url": "https://github.com/mostakimur/SecurityTesting_web-hacking "
          },
          {
            "title": "awesome-web-hacking",
            "trust": 0.1,
            "url": "https://github.com/winterwolf32/awesome-web-hacking "
          },
          {
            "title": "awesome-web-hacking-1",
            "trust": 0.1,
            "url": "https://github.com/winterwolf32/awesome-web-hacking-1 "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Mehedi-Babu/ethical_hacking_cyber "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking "
          },
          {
            "title": "awesome-web-hacking",
            "trust": 0.1,
            "url": "https://github.com/thanshurc/awesome-web-hacking "
          },
          {
            "title": "hack",
            "trust": 0.1,
            "url": "https://github.com/nvnpsplt/hack "
          },
          {
            "title": "awesome-web-hacking",
            "trust": 0.1,
            "url": "https://github.com/noname1007/awesome-web-hacking "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/ImranTheThirdEye/awesome-web-hacking "
          },
          {
            "title": "web-hacking",
            "trust": 0.1,
            "url": "https://github.com/Ondrik8/web-hacking "
          },
          {
            "title": "CheckSSL-ciphersuite",
            "trust": 0.1,
            "url": "https://github.com/kal1gh0st/CheckSSL-ciphersuite "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/undacmic/HeartBleed-Demo "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/MrE-Fog/ssl-heartbleed.nse "
          },
          {
            "title": "welivesecurity",
            "trust": 0.1,
            "url": "https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.7,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0376.html"
          },
          {
            "trust": 1.9,
            "url": "http://heartbleed.com/"
          },
          {
            "trust": 1.9,
            "url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/"
          },
          {
            "trust": 1.9,
            "url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html"
          },
          {
            "trust": 1.9,
            "url": "https://code.google.com/p/mod-spdy/issues/detail?id=85"
          },
          {
            "trust": 1.9,
            "url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160"
          },
          {
            "trust": 1.9,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed"
          },
          {
            "trust": 1.9,
            "url": "http://www.debian.org/security/2014/dsa-2896"
          },
          {
            "trust": 1.9,
            "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
          },
          {
            "trust": 1.9,
            "url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
          },
          {
            "trust": 1.7,
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
          },
          {
            "trust": 1.2,
            "url": "http://www.ubuntu.com/usn/usn-2165-1"
          },
          {
            "trust": 1.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
          },
          {
            "trust": 1.1,
            "url": "http://www.openssl.org/news/secadv_20140407.txt"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030078"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/109"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/190"
          },
          {
            "trust": 1.1,
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0396.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030082"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57347"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139722163017074\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030077"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0377.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030080"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030074"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/90"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030081"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0378.html"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/91"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57483"
          },
          {
            "trust": 1.1,
            "url": "http://www.splunk.com/view/sp-caaamb3"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030079"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57721"
          },
          {
            "trust": 1.1,
            "url": "http://www.blackberry.com/btsc/kb35882"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030026"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/66690"
          },
          {
            "trust": 1.1,
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
          },
          {
            "trust": 1.1,
            "url": "http://www.us-cert.gov/ncas/alerts/ta14-098a"
          },
          {
            "trust": 1.1,
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57966"
          },
          {
            "trust": 1.1,
            "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/173"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57968"
          },
          {
            "trust": 1.1,
            "url": "http://www.exploit-db.com/exploits/32745"
          },
          {
            "trust": 1.1,
            "url": "http://www.kb.cert.org/vuls/id/720951"
          },
          {
            "trust": 1.1,
            "url": "http://www.exploit-db.com/exploits/32764"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57836"
          },
          {
            "trust": 1.1,
            "url": "https://gist.github.com/chapmajs/10473815"
          },
          {
            "trust": 1.1,
            "url": "http://cogentdatahub.com/releasenotes.html"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905458328378\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139869891830365\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139889113431619\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1"
          },
          {
            "trust": 1.1,
            "url": "http://www.kerio.com/support/kerio-control/release-history"
          },
          {
            "trust": 1.1,
            "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3"
          },
          {
            "trust": 1.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0165.html"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result\u0026javax.portlet.begcachetok=com.vignette.cachetoken\u0026javax.portlet.endcachetok=com.vignette.cachetoken"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "trust": 1.1,
            "url": "https://filezilla-project.org/versions.php?type=server"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=141287864628122\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/dec/23"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139817727317190\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139757726426985\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139758572430452\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905653828999\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139842151128341\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905405728262\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139833395230364\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139824993005633\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139843768401936\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905202427693\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139774054614965\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139889295732144\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139835815211508\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=140724451518351\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139808058921905\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139836085512508\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139869720529462\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905868529690\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139765756720506\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=140015787404650\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139824923705461\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139757919027752\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139774703817488\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905243827825\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=140075368411126\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905295427946\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139835844111589\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139757819327350\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139817685517037\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905351928096\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139817782017443\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160512_00"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661"
          },
          {
            "trust": 1.1,
            "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf"
          },
          {
            "trust": 1.1,
            "url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59347"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59243"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59139"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
          },
          {
            "trust": 1.1,
            "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01"
          },
          {
            "trust": 1.1,
            "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html"
          },
          {
            "trust": 1.1,
            "url": "http://support.citrix.com/article/ctx140605"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
          },
          {
            "trust": 1.1,
            "url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
          },
          {
            "trust": 1.1,
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 1.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 1.1,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-0160"
          },
          {
            "trust": 0.8,
            "url": "http://seclists.org/oss-sec/2014/q2/22"
          },
          {
            "trust": 0.8,
            "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc6520"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/openssl-1.0.1-notes.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts-"
          },
          {
            "trust": 0.8,
            "url": "http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html"
          },
          {
            "trust": 0.8,
            "url": "http://xkcd.com/1354/"
          },
          {
            "trust": 0.8,
            "url": "http://www.exploit-db.com/exploits/32745/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2014-0160 "
          },
          {
            "trust": 0.8,
            "url": "http://www.ubuntu.com/usn/usn-2165-1/"
          },
          {
            "trust": 0.8,
            "url": "http://www.freshports.org/security/openssl/"
          },
          {
            "trust": 0.8,
            "url": "http://kb.bluecoat.com/index?page=content\u0026id=sa79"
          },
          {
            "trust": 0.8,
            "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid="
          },
          {
            "trust": 0.8,
            "url": "http://learn.extremenetworks.com/rs/extreme/images/cert_vu%23720951_vulnerability_advisory_04_11_2014v2.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.fortiguard.com/advisory/fg-ir-14-011/"
          },
          {
            "trust": 0.8,
            "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc"
          },
          {
            "trust": 0.8,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml"
          },
          {
            "trust": 0.8,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04239375"
          },
          {
            "trust": 0.8,
            "url": "http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?\u0026uid=swg21669774"
          },
          {
            "trust": 0.8,
            "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00037\u0026languageid=en-fr"
          },
          {
            "trust": 0.8,
            "url": "https://kb.juniper.net/jsa10623"
          },
          {
            "trust": 0.8,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10071"
          },
          {
            "trust": 0.8,
            "url": "http://mail-index.netbsd.org/security-announce/2014/04/08/msg000085.html"
          },
          {
            "trust": 0.8,
            "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.3/common/014_openssl.patch"
          },
          {
            "trust": 0.8,
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.533622"
          },
          {
            "trust": 0.8,
            "url": "http://kb.vmware.com/kb/2076225"
          },
          {
            "trust": 0.8,
            "url": "https://support.windriver.com/"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx"
          },
          {
            "trust": 0.8,
            "url": "https://forum.peplink.com/threads/3062-special-notice-on-openssl-heartbleed-vulnerability"
          },
          {
            "trust": 0.8,
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk100173"
          },
          {
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/av14-001.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140734-1.html"
          },
          {
            "trust": 0.3,
            "url": "rubygems.org/gems/actionpack"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036483"
          },
          {
            "trust": 0.3,
            "url": "http://puppetlabs.com/security/cve/cve-2013-6414"
          },
          {
            "trust": 0.3,
            "url": "http://rubygems.org/"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0008.html"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2013-1794.html"
          },
          {
            "trust": 0.3,
            "url": "http://puppetlabs.com/security/cve/cve-2014-0082"
          },
          {
            "trust": 0.3,
            "url": "http://weblog.rubyonrails.org/2014/2/18/rails_3_2_17_4_0_3_and_4_1_0_beta2_have_been_released/"
          },
          {
            "trust": 0.3,
            "url": "http://rubyonrails.org/"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0306.html"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0215.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4353"
          },
          {
            "trust": 0.2,
            "url": "http://www.hp.com/swpublishing/mtx-d1488fd987894bc4ab3fe0ef52"
          },
          {
            "trust": 0.2,
            "url": "http://www.hp.com/swpublishing/mtx-4575754bbb614b58bf0ae1ac37"
          },
          {
            "trust": 0.2,
            "url": "http://www.hp.com/swpublishing/mtx-bfd3c0fb11184796b9428ced37"
          },
          {
            "trust": 0.2,
            "url": "http://support.openview.hp.com/downloads.jsp"
          },
          {
            "trust": 0.2,
            "url": "http://www8.h"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "http://seclists.org/fulldisclosure/2019/jan/42"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/./dsa-2896"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
          },
          {
            "trust": 0.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-135-02"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2165-1/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450"
          },
          {
            "trust": 0.1,
            "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-3d92ccccf85f404e8ba36a8178"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-37075daeead2433cb41b59ae76"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-27e03b2f9cd24e77adc9dba94a"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/go/insightupdates"
          },
          {
            "trust": 0.1,
            "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0160.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4353.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/site/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0416.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-4929.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-41199f68c1144acb84a5798bf0"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-2e19c856f0e84e20a14c63ecd0"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lrvug_00092"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00051"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/pc_00299"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lranlsys_00074"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03305"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03329"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/pc_00296"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03307"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00052"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03315"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03306"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lranlsys_00075"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03328"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03332"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lrvug_00094"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03316"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03304"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03333"
          },
          {
            "trust": 0.1,
            "url": "http://h18013.www1.hp.com/products/servers/management/agents/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://eprint.iacr.org/2014/140"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/support/eslg3"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-9c71e9ff82af4d1fbdea666d97"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-ade2403c9999459aa758e16d46"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-16533b4917c84c8c81b703f354"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-06eee9db0f4a40d98d8cb32421"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/p"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          },
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          },
          {
            "db": "PACKETSTORM",
            "id": "126605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126954"
          },
          {
            "db": "PACKETSTORM",
            "id": "126284"
          },
          {
            "db": "PACKETSTORM",
            "id": "126361"
          },
          {
            "db": "PACKETSTORM",
            "id": "126197"
          },
          {
            "db": "PACKETSTORM",
            "id": "126417"
          },
          {
            "db": "PACKETSTORM",
            "id": "126305"
          },
          {
            "db": "PACKETSTORM",
            "id": "126644"
          },
          {
            "db": "PACKETSTORM",
            "id": "126164"
          },
          {
            "db": "PACKETSTORM",
            "id": "126086"
          },
          {
            "db": "PACKETSTORM",
            "id": "126045"
          },
          {
            "db": "PACKETSTORM",
            "id": "127279"
          },
          {
            "db": "PACKETSTORM",
            "id": "127085"
          },
          {
            "db": "PACKETSTORM",
            "id": "126784"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#720951",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160",
            "ident": null
          },
          {
            "db": "BID",
            "id": "64074",
            "ident": null
          },
          {
            "db": "BID",
            "id": "65604",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126605",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126954",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126284",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126361",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126197",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126417",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126305",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126644",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126164",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126086",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126045",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "127279",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "127085",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126784",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-04-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#720951",
            "ident": null
          },
          {
            "date": "2014-04-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0160",
            "ident": null
          },
          {
            "date": "2013-12-02T00:00:00",
            "db": "BID",
            "id": "64074",
            "ident": null
          },
          {
            "date": "2014-02-18T00:00:00",
            "db": "BID",
            "id": "65604",
            "ident": null
          },
          {
            "date": "2014-05-13T18:24:00",
            "db": "PACKETSTORM",
            "id": "126605",
            "ident": null
          },
          {
            "date": "2014-06-05T21:02:31",
            "db": "PACKETSTORM",
            "id": "126954",
            "ident": null
          },
          {
            "date": "2014-04-23T21:25:00",
            "db": "PACKETSTORM",
            "id": "126284",
            "ident": null
          },
          {
            "date": "2014-04-28T20:36:00",
            "db": "PACKETSTORM",
            "id": "126361",
            "ident": null
          },
          {
            "date": "2014-04-17T22:02:09",
            "db": "PACKETSTORM",
            "id": "126197",
            "ident": null
          },
          {
            "date": "2014-05-01T02:16:33",
            "db": "PACKETSTORM",
            "id": "126417",
            "ident": null
          },
          {
            "date": "2014-04-24T22:21:23",
            "db": "PACKETSTORM",
            "id": "126305",
            "ident": null
          },
          {
            "date": "2014-05-16T04:40:57",
            "db": "PACKETSTORM",
            "id": "126644",
            "ident": null
          },
          {
            "date": "2014-04-15T23:01:44",
            "db": "PACKETSTORM",
            "id": "126164",
            "ident": null
          },
          {
            "date": "2014-04-09T22:48:55",
            "db": "PACKETSTORM",
            "id": "126086",
            "ident": null
          },
          {
            "date": "2014-04-07T22:44:13",
            "db": "PACKETSTORM",
            "id": "126045",
            "ident": null
          },
          {
            "date": "2014-06-30T23:47:20",
            "db": "PACKETSTORM",
            "id": "127279",
            "ident": null
          },
          {
            "date": "2014-06-13T13:31:03",
            "db": "PACKETSTORM",
            "id": "127085",
            "ident": null
          },
          {
            "date": "2014-05-23T13:13:00",
            "db": "PACKETSTORM",
            "id": "126784",
            "ident": null
          },
          {
            "date": "2014-04-07T22:55:03.893000",
            "db": "NVD",
            "id": "CVE-2014-0160",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-05-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#720951",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0160",
            "ident": null
          },
          {
            "date": "2015-04-13T21:20:00",
            "db": "BID",
            "id": "64074",
            "ident": null
          },
          {
            "date": "2015-04-13T21:44:00",
            "db": "BID",
            "id": "65604",
            "ident": null
          },
          {
            "date": "2025-10-22T01:15:53.233000",
            "db": "NVD",
            "id": "CVE-2014-0160",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "OpenSSL TLS heartbeat extension read overflow discloses sensitive information",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "64074"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-202404-0120

    Vulnerability from variot - Updated: 2026-04-10 23:30

    Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

    This issue affects Apache HTTP Server: through 2.4.58. Apache Software Foundation of Apache HTTP Server A vulnerability exists in products from multiple vendors, including improper validation of quantities specified in input.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-6729-2 April 17, 2024

    apache2 vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
    • Ubuntu 16.04 LTS (Available with Ubuntu Pro)

    Summary:

    Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

    Original advisory details:

    Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709)

    Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795)

    Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 18.04 LTS (Available with Ubuntu Pro): apache2 2.4.29-1ubuntu4.27+esm2

    Ubuntu 16.04 LTS (Available with Ubuntu Pro): apache2 2.4.18-2ubuntu3.17+esm12

    In general, a standard system update will make all the necessary changes.

    References: https://ubuntu.com/security/notices/USN-6729-2 https://ubuntu.com/security/notices/USN-6729-1 CVE-2023-38709, CVE-2024-24795, CVE-2024-27316

    .

    For the oldstable distribution (bullseye), these problems have been fixed in version 2.4.59-1~deb11u1.

    For the stable distribution (bookworm), these problems have been fixed in version 2.4.59-1~deb12u1.

    We recommend that you upgrade your apache2 packages.

    The following advisory data is extracted from:

    https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json

    Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

    • Packet Storm Staff

    ==================================================================== Red Hat Security Advisory

    Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update Advisory ID: RHSA-2024:6927-03 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2024:6927 Issue date: 2024-09-24 Revision: 03 CVE Names: CVE-2023-38709 ====================================================================

    Summary:

    Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    Description:

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.

    Security Fix(es):

    • jbcs-httpd24-httpd: HTTP response splitting (CVE-2023-38709)

    A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-31


                                           https://security.gentoo.org/
    

    Severity: Low Title: Apache HTTPD: Multiple Vulnerabilities Date: September 28, 2024 Bugs: #928540, #935296, #935427, #936257 ID: 202409-31


    Synopsis

    Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service.

    Affected packages

    Package Vulnerable Unaffected


    www-servers/apache < 2.4.62 >= 2.4.62

    Description

    Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Apache HTTPD users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.62"

    References

    [ 1 ] CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 [ 2 ] CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 [ 3 ] CVE-2024-27316 https://nvd.nist.gov/vuln/detail/CVE-2024-27316 [ 4 ] CVE-2024-36387 https://nvd.nist.gov/vuln/detail/CVE-2024-36387 [ 5 ] CVE-2024-38472 https://nvd.nist.gov/vuln/detail/CVE-2024-38472 [ 6 ] CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 [ 7 ] CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 [ 8 ] CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 [ 9 ] CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 [ 10 ] CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 [ 11 ] CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 [ 12 ] CVE-2024-39884 https://nvd.nist.gov/vuln/detail/CVE-2024-39884 [ 13 ] CVE-2024-40725 https://nvd.nist.gov/vuln/detail/CVE-2024-40725 [ 14 ] CVE-2024-40898 https://nvd.nist.gov/vuln/detail/CVE-2024-40898

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202409-31

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-07-29-2024-4 macOS Sonoma 14.6

    macOS Sonoma 14.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214119.

    Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories.

    Accounts Available for: macOS Sonoma Impact: A malicious application may be able to access private information Description: The issue was addressed with improved checks. CVE-2024-40804: IES Red Team of ByteDance

    apache Available for: macOS Sonoma Impact: Multiple issues in apache Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2023-38709: Yeto CVE-2024-24795: Yeto CVE-2024-27316: Yeto

    APFS Available for: macOS Sonoma Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with improved restriction of data container access. CVE-2024-40783: Csaba Fitzl (@theevilbit) of Kandji

    AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to bypass Privacy preferences Description: A downgrade issue was addressed with additional code- signing restrictions. CVE-2024-40774: Mickey Jin (@patch1t) CVE-2024-40814: Mickey Jin (@patch1t)

    AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to leak sensitive user information Description: A downgrade issue was addressed with additional code- signing restrictions. CVE-2024-40775: Mickey Jin (@patch1t)

    AppleVA Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: The issue was addressed with improved memory handling. CVE-2024-27877: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

    ASP TCP Available for: macOS Sonoma Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-27878: CertiK SkyFall Team

    CoreGraphics Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2024-40799: D4m0n

    CoreMedia Available for: macOS Sonoma Impact: Processing a maliciously crafted video file may lead to unexpected app termination Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-27873: Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations

    curl Available for: macOS Sonoma Impact: Multiple issues in curl Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466

    DesktopServices Available for: macOS Sonoma Impact: An app may be able to overwrite arbitrary files Description: The issue was addressed with improved checks. CVE-2024-40827: an anonymous researcher

    dyld Available for: macOS Sonoma Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with additional validation. CVE-2024-40815: w0wbox

    Family Sharing Available for: macOS Sonoma Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved data protection. CVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji

    ImageIO Available for: macOS Sonoma Impact: Processing an image may lead to a denial-of-service Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2023-6277 CVE-2023-52356

    ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2024-40806: Yisumi

    ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-40777: Junsung Lee working with Trend Micro Zero Day Initiative, and Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations

    ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An integer overflow was addressed with improved input validation. CVE-2024-40784: Junsung Lee working with Trend Micro Zero Day Initiative, Gandalf4a

    Kernel Available for: macOS Sonoma Impact: A local attacker may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved private data redaction for log entries. CVE-2024-27863: CertiK SkyFall Team

    Kernel Available for: macOS Sonoma Impact: A local attacker may be able to cause unexpected system shutdown Description: An out-of-bounds read was addressed with improved input validation. CVE-2024-40816: sqrtpwn

    Kernel Available for: macOS Sonoma Impact: A local attacker may be able to cause unexpected system shutdown Description: A type confusion issue was addressed with improved memory handling. CVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University

    Keychain Access Available for: macOS Sonoma Impact: An attacker may be able to cause unexpected app termination Description: A type confusion issue was addressed with improved checks. CVE-2024-40803: Patrick Wardle of DoubleYou & the Objective-See Foundation

    libxpc Available for: macOS Sonoma Impact: An app may be able to bypass Privacy preferences Description: A permissions issue was addressed with additional restrictions. CVE-2024-40805

    Messages Available for: macOS Sonoma Impact: An app may be able to view a contact's phone number in system logs Description: The issue was addressed with improved checks. CVE-2024-40832: Rodolphe BRUNETTI (@eisw0lf)

    NetworkExtension Available for: macOS Sonoma Impact: Private browsing may leak some browsing history Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2024-40796: Adam M.

    OpenSSH Available for: macOS Sonoma Impact: A remote attacker may be able to cause arbitrary code execution Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2024-6387

    PackageKit Available for: macOS Sonoma Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved checks. CVE-2024-40781: Mickey Jin (@patch1t) CVE-2024-40802: Mickey Jin (@patch1t)

    PackageKit Available for: macOS Sonoma Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved checks. CVE-2024-40823: Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong

    PackageKit Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: A permissions issue was addressed with additional restrictions. CVE-2024-27882: Mickey Jin (@patch1t) CVE-2024-27883: Mickey Jin (@patch1t), and Csaba Fitzl (@theevilbit) of Kandji

    Photos Storage Available for: macOS Sonoma Impact: Photos in the Hidden Photos Album may be viewed without authentication Description: An authentication issue was addressed with improved state management. CVE-2024-40778: Mateen Alinaghi

    Restore Framework Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: An input validation issue was addressed with improved input validation. CVE-2024-40800: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

    Safari Available for: macOS Sonoma Impact: An app may bypass Gatekeeper checks Description: A race condition was addressed with improved locking. CVE-2023-27952: Csaba Fitzl (@theevilbit) of Offensive Security

    Safari Available for: macOS Sonoma Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. CVE-2024-40817: Yadhu Krishna M and Narendra Bhati, Manager of Cyber Security At Suma Soft Pvt. Ltd, Pune (India)

    Sandbox Available for: macOS Sonoma Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed through improved state management. CVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog), and Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong

    Sandbox Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: A path handling issue was addressed with improved validation. CVE-2024-27871: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Kandji, and Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong

    Scripting Bridge Available for: macOS Sonoma Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2024-27881: Kirin (@Pwnrin)

    Security Available for: macOS Sonoma Impact: Third party app extensions may not receive the correct sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2024-40821: Joshua Jones

    Security Available for: macOS Sonoma Impact: An app may be able to read Safari's browsing history Description: This issue was addressed with improved redaction of sensitive information. CVE-2024-40798: Adam M.

    Security Initialization Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: This issue was addressed with improved validation of symlinks. CVE-2024-27872: Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong

    Setup Assistant Available for: macOS Sonoma Impact: Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled Description: A logic issue was addressed with improved state management. CVE-2024-27862: Jiwon Park

    Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: A logic issue was addressed with improved checks. CVE-2024-40833: an anonymous researcher CVE-2024-40835: an anonymous researcher CVE-2024-40836: an anonymous researcher CVE-2024-40807: an anonymous researcher

    Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass sensitive Shortcuts app settings Description: This issue was addressed by adding an additional prompt for user consent. CVE-2024-40834: Marcio Almeida from Tanto Security

    Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass Internet permission requirements Description: A logic issue was addressed with improved checks. CVE-2024-40809: an anonymous researcher CVE-2024-40812: an anonymous researcher

    Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass Internet permission requirements Description: This issue was addressed by adding an additional prompt for user consent. CVE-2024-40787: an anonymous researcher

    Shortcuts Available for: macOS Sonoma Impact: An app may be able to access user-sensitive data Description: This issue was addressed by removing the vulnerable code. CVE-2024-40793: Kirin (@Pwnrin)

    Siri Available for: macOS Sonoma Impact: An attacker with physical access may be able to use Siri to access sensitive user data Description: This issue was addressed by restricting options offered on a locked device. CVE-2024-40818: Bistrit Dahal and Srijan Poudel

    Siri Available for: macOS Sonoma Impact: An attacker with physical access to a device may be able to access contacts from the lock screen Description: This issue was addressed by restricting options offered on a locked device. CVE-2024-40822: Srijan Poudel

    StorageKit Available for: macOS Sonoma Impact: A malicious app may be able to gain root privileges Description: The issue was addressed with improved checks. CVE-2024-40828: Mickey Jin (@patch1t)

    sudo Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: The issue was addressed with improved checks. CVE-2024-40811: Arsenii Kostromin (0x3c3e)

    WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 273176 CVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab WebKit Bugzilla: 268770 CVE-2024-40782: Maksymilian Motyl

    WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 275431 CVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab WebKit Bugzilla: 275273 CVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab

    WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. WebKit Bugzilla: 273805 CVE-2024-40785: Johan Carlsson (joaxcar)

    WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with Trend Micro Zero Day Initiative

    WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. WebKit Bugzilla: 274165 CVE-2024-4558

    WebKit Available for: macOS Sonoma Impact: Private Browsing tabs may be accessed without authentication Description: This issue was addressed through improved state management. WebKit Bugzilla: 275272 CVE-2024-40794: Matthew Butler

    Additional recognition

    AirDrop We would like to acknowledge Linwz of DEVCORE for their assistance.

    DiskArbitration We would like to acknowledge Yann GASCUEL of Alter Solutions for their assistance.

    Image Capture We would like to acknowledge an anonymous researcher for their assistance.

    Shortcuts We would like to acknowledge an anonymous researcher for their assistance.

    WebKit We would like to acknowledge an anonymous researcher for their assistance.

    macOS Sonoma 14.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Releases web site: https://support.apple.com/HT201222.

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmaoH5kACgkQX+5d1TXa IvoS9g/9FoLSV93tVrIOZIM4w/BEZRFu/T1DfMPzOsZsOrvaQicKq7ezW+pRrMXI G0QBIz1QGCYZikcbyQOpgzl9Rk7ckfq+mMCn1ESWku1DbR6MOU7lZEpWRsjYStQY ra6BRT45GPtGG0YFyQXGnxMoS5IXopV5tmgQ4M4585xXso4/Dw192Vq/68NPIB2V ywa6fCo6VC7/hHMe0v5GFVJzmSymEYF3b0CNHZVFx1K793hHrYjH1Dj4NcRlqyln Kp3IrABhPPW8l67gS6f8RicZwzWOH3Ubwv4kivlTtDusqeX+/7mlXrvGTYd5G39P 70jSwUeekfYkQYGT5yLjFCOTM98ApG4iHnryEkpNldMk9JRozoN3VT5PDv6b7EtR YsG1UiZNn0rq1TurFHdsX7G8LZX1jBe1XNy883FeuPlXuPQwGcds+Q5UpiGoM5Kj xx0SGiaK4Lg9tOsGDvHDvrtgl9vIGYy07953Gre+xUhdNs+AnG8KhwKs+n3WYjcL lH3ffMkq/NTVohaNaIcNk4YQ7Y5+y9Y0Z2YuYTmaOipxMNEpOnvJj6LB1H5Qgj4M LIuUxs1gl2b7B93J95w8FmdFewvUCgcZwTxU2ltsYAcZHnRwWE0twYP5v1Pc8tOG MZuvS0pTI+hgve1viS0inOnRpoYv+KzkaSYEhvsS16NgDuRUOqE= =eOPj -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ontap tools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "10"
          },
          {
            "_id": null,
            "model": "fabric operating system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": "ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "9"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.59"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "40"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "14.6"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "39"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "38"
          },
          {
            "_id": null,
            "model": "ontap",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c3\u30d7\u30eb",
            "version": "14.6"
          },
          {
            "_id": null,
            "model": "ontap tools",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": "fabric operating system",
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": null,
            "trust": 0.8,
            "vendor": "apache",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38709"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "179274"
          },
          {
            "db": "PACKETSTORM",
            "id": "181748"
          },
          {
            "db": "PACKETSTORM",
            "id": "181747"
          },
          {
            "db": "PACKETSTORM",
            "id": "182614"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2023-38709",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-38709",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "Low",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-029234",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-38709",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-029234",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38709"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. \n\nThis issue affects Apache HTTP Server: through 2.4.58. Apache Software Foundation of Apache HTTP Server A vulnerability exists in products from multiple vendors, including improper validation of quantities specified in input.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-6729-2\nApril 17, 2024\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. \n\nOriginal advisory details:\n\n Orange Tsai discovered that the Apache HTTP Server incorrectly handled\n validating certain input. A remote attacker could possibly use this\n issue to perform HTTP request splitting attacks. (CVE-2023-38709)\n\n Keran Mu and Jianjun Chen discovered that the Apache HTTP Server\n incorrectly handled validating certain input. A remote attacker could\n possibly use this issue to perform HTTP request splitting attacks. \n (CVE-2024-24795)\n\n Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled endless continuation frames. A remote attacker could\n possibly use this issue to cause the server to consume resources, leading\n to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. \n (CVE-2024-27316)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n  apache2                         2.4.29-1ubuntu4.27+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n  apache2                         2.4.18-2ubuntu3.17+esm12\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://ubuntu.com/security/notices/USN-6729-2\n  https://ubuntu.com/security/notices/USN-6729-1\n  CVE-2023-38709, CVE-2024-24795, CVE-2024-27316\n\n. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 2.4.59-1~deb11u1. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 2.4.59-1~deb12u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis:           Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update\nAdvisory ID:        RHSA-2024:6927-03\nProduct:            Red Hat JBoss Core Services\nAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6927\nIssue date:         2024-09-24\nRevision:           03\nCVE Names:          CVE-2023-38709\n====================================================================\n\nSummary: \n\nRed Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available. \n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. \n\nSecurity Fix(es):\n\n* jbcs-httpd24-httpd: HTTP response splitting (CVE-2023-38709)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202409-31\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n    Title: Apache HTTPD: Multiple Vulnerabilities\n     Date: September 28, 2024\n     Bugs: #928540, #935296, #935427, #936257\n       ID: 202409-31\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache HTTPD, the worst of\nwhich could result in denial of service. \n\nAffected packages\n=================\n\nPackage             Vulnerable    Unaffected\n------------------  ------------  ------------\nwww-servers/apache  \u003c 2.4.62      \u003e= 2.4.62\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache HTTPD. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTPD users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.62\"\n\nReferences\n==========\n\n[ 1 ] CVE-2023-38709\n      https://nvd.nist.gov/vuln/detail/CVE-2023-38709\n[ 2 ] CVE-2024-24795\n      https://nvd.nist.gov/vuln/detail/CVE-2024-24795\n[ 3 ] CVE-2024-27316\n      https://nvd.nist.gov/vuln/detail/CVE-2024-27316\n[ 4 ] CVE-2024-36387\n      https://nvd.nist.gov/vuln/detail/CVE-2024-36387\n[ 5 ] CVE-2024-38472\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38472\n[ 6 ] CVE-2024-38473\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38473\n[ 7 ] CVE-2024-38474\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38474\n[ 8 ] CVE-2024-38475\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38475\n[ 9 ] CVE-2024-38476\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38476\n[ 10 ] CVE-2024-38477\n      https://nvd.nist.gov/vuln/detail/CVE-2024-38477\n[ 11 ] CVE-2024-39573\n      https://nvd.nist.gov/vuln/detail/CVE-2024-39573\n[ 12 ] CVE-2024-39884\n      https://nvd.nist.gov/vuln/detail/CVE-2024-39884\n[ 13 ] CVE-2024-40725\n      https://nvd.nist.gov/vuln/detail/CVE-2024-40725\n[ 14 ] CVE-2024-40898\n      https://nvd.nist.gov/vuln/detail/CVE-2024-40898\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202409-31\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-07-29-2024-4 macOS Sonoma 14.6\n\nmacOS Sonoma 14.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT214119. \n\nApple maintains a Security Releases page at\nhttps://support.apple.com/HT201222 which lists recent\nsoftware updates with security advisories. \n\nAccounts\nAvailable for: macOS Sonoma\nImpact: A malicious application may be able to access private\ninformation\nDescription: The issue was addressed with improved checks. \nCVE-2024-40804: IES Red Team of ByteDance\n\napache\nAvailable for: macOS Sonoma\nImpact: Multiple issues in apache\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2023-38709: Yeto\nCVE-2024-24795: Yeto\nCVE-2024-27316: Yeto\n\nAPFS\nAvailable for: macOS Sonoma\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with improved restriction of data\ncontainer access. \nCVE-2024-40783: Csaba Fitzl (@theevilbit) of Kandji\n\nAppleMobileFileIntegrity\nAvailable for: macOS Sonoma\nImpact: An app may be able to bypass Privacy preferences\nDescription: A downgrade issue was addressed with additional code-\nsigning restrictions. \nCVE-2024-40774: Mickey Jin (@patch1t)\nCVE-2024-40814: Mickey Jin (@patch1t)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Sonoma\nImpact: An app may be able to leak sensitive user information\nDescription: A downgrade issue was addressed with additional code-\nsigning restrictions. \nCVE-2024-40775: Mickey Jin (@patch1t)\n\nAppleVA\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: The issue was addressed with improved memory handling. \nCVE-2024-27877: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nASP TCP\nAvailable for: macOS Sonoma\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A buffer overflow issue was addressed with improved memory\nhandling. \nCVE-2024-27878: CertiK SkyFall Team\n\nCoreGraphics\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2024-40799: D4m0n\n\nCoreMedia\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted video file may lead to\nunexpected app termination\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2024-27873: Amir Bazine and Karsten K\u00f6nig of CrowdStrike Counter\nAdversary Operations\n\ncurl\nAvailable for: macOS Sonoma\nImpact: Multiple issues in curl\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2024-2004\nCVE-2024-2379\nCVE-2024-2398\nCVE-2024-2466\n\nDesktopServices\nAvailable for: macOS Sonoma\nImpact: An app may be able to overwrite arbitrary files\nDescription: The issue was addressed with improved checks. \nCVE-2024-40827: an anonymous researcher\n\ndyld\nAvailable for: macOS Sonoma\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with additional validation. \nCVE-2024-40815: w0wbox\n\nFamily Sharing\nAvailable for: macOS Sonoma\nImpact: An app may be able to read sensitive location information\nDescription: This issue was addressed with improved data protection. \nCVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing an image may lead to a denial-of-service\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2023-6277\nCVE-2023-52356\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2024-40806: Yisumi\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An out-of-bounds access issue was addressed with improved\nbounds checking. \nCVE-2024-40777: Junsung Lee working with Trend Micro Zero Day\nInitiative, and Amir Bazine and Karsten K\u00f6nig of CrowdStrike Counter\nAdversary Operations\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2024-40784: Junsung Lee working with Trend Micro Zero Day\nInitiative, Gandalf4a\n\nKernel\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed with improved\nprivate data redaction for log entries. \nCVE-2024-27863: CertiK SkyFall Team\n\nKernel\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to cause unexpected system shutdown\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2024-40816: sqrtpwn\n\nKernel\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to cause unexpected system shutdown\nDescription: A type confusion issue was addressed with improved memory\nhandling. \nCVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University\n\nKeychain Access\nAvailable for: macOS Sonoma\nImpact: An attacker may be able to cause unexpected app termination\nDescription: A type confusion issue was addressed with improved checks. \nCVE-2024-40803: Patrick Wardle of DoubleYou \u0026 the Objective-See\nFoundation\n\nlibxpc\nAvailable for: macOS Sonoma\nImpact: An app may be able to bypass Privacy preferences\nDescription: A permissions issue was addressed with additional\nrestrictions. \nCVE-2024-40805\n\nMessages\nAvailable for: macOS Sonoma\nImpact: An app may be able to view a contact\u0027s phone number in system\nlogs\nDescription: The issue was addressed with improved checks. \nCVE-2024-40832: Rodolphe BRUNETTI (@eisw0lf)\n\nNetworkExtension\nAvailable for: macOS Sonoma\nImpact: Private browsing may leak some browsing history\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2024-40796: Adam M. \n\nOpenSSH\nAvailable for: macOS Sonoma\nImpact: A remote attacker may be able to cause arbitrary code execution\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2024-6387\n\nPackageKit\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved checks. \nCVE-2024-40781: Mickey Jin (@patch1t)\nCVE-2024-40802: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Sonoma\nImpact: An app may be able to access user-sensitive data\nDescription: The issue was addressed with improved checks. \nCVE-2024-40823: Zhongquan Li (@Guluisacat) from Dawn Security Lab of\nJingDong\n\nPackageKit\nAvailable for: macOS Sonoma\nImpact: An app may be able to modify protected parts of the file system\nDescription: A permissions issue was addressed with additional\nrestrictions. \nCVE-2024-27882: Mickey Jin (@patch1t)\nCVE-2024-27883: Mickey Jin (@patch1t), and Csaba Fitzl (@theevilbit) of\nKandji\n\nPhotos Storage\nAvailable for: macOS Sonoma\nImpact: Photos in the Hidden Photos Album may be viewed without\nauthentication\nDescription: An authentication issue was addressed with improved state\nmanagement. \nCVE-2024-40778: Mateen Alinaghi\n\nRestore Framework\nAvailable for: macOS Sonoma\nImpact: An app may be able to modify protected parts of the file system\nDescription: An input validation issue was addressed with improved input\nvalidation. \nCVE-2024-40800: Claudio Bozzato and Francesco Benvenuto of Cisco Talos\n\nSafari\nAvailable for: macOS Sonoma\nImpact: An app may bypass Gatekeeper checks\nDescription: A race condition was addressed with improved locking. \nCVE-2023-27952: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSafari\nAvailable for: macOS Sonoma\nImpact: Visiting a website that frames malicious content may lead to UI\nspoofing\nDescription: The issue was addressed with improved UI handling. \nCVE-2024-40817: Yadhu Krishna M and Narendra Bhati, Manager of Cyber\nSecurity At Suma Soft Pvt. Ltd, Pune (India)\n\nSandbox\nAvailable for: macOS Sonoma\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed through improved state management. \nCVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog), and\nZhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong\n\nSandbox\nAvailable for: macOS Sonoma\nImpact: An app may be able to access protected user data\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2024-27871: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of\nKandji, and Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong\n\nScripting Bridge\nAvailable for: macOS Sonoma\nImpact: An app may be able to access information about a user\u2019s contacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2024-27881: Kirin (@Pwnrin)\n\nSecurity\nAvailable for: macOS Sonoma\nImpact: Third party app extensions may not receive the correct sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2024-40821: Joshua Jones\n\nSecurity\nAvailable for: macOS Sonoma\nImpact: An app may be able to read Safari\u0027s browsing history\nDescription: This issue was addressed with improved redaction of\nsensitive information. \nCVE-2024-40798: Adam M. \n\nSecurity Initialization\nAvailable for: macOS Sonoma\nImpact: An app may be able to access protected user data\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2024-27872: Zhongquan Li (@Guluisacat) of Dawn Security Lab of\nJingDong\n\nSetup Assistant\nAvailable for: macOS Sonoma\nImpact: Enabling Lockdown Mode while setting up a Mac may cause\nFileVault to become unexpectedly disabled\nDescription: A logic issue was addressed with improved state management. \nCVE-2024-27862: Jiwon Park\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to use sensitive data with certain\nactions without prompting the user\nDescription: A logic issue was addressed with improved checks. \nCVE-2024-40833: an anonymous researcher\nCVE-2024-40835: an anonymous researcher\nCVE-2024-40836: an anonymous researcher\nCVE-2024-40807: an anonymous researcher\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to bypass sensitive Shortcuts app\nsettings\nDescription: This issue was addressed by adding an additional prompt for\nuser consent. \nCVE-2024-40834: Marcio Almeida from Tanto Security\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to bypass Internet permission\nrequirements\nDescription: A logic issue was addressed with improved checks. \nCVE-2024-40809: an anonymous researcher\nCVE-2024-40812: an anonymous researcher\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to bypass Internet permission\nrequirements\nDescription: This issue was addressed by adding an additional prompt for\nuser consent. \nCVE-2024-40787: an anonymous researcher\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by removing the vulnerable code. \nCVE-2024-40793: Kirin (@Pwnrin)\n\nSiri\nAvailable for: macOS Sonoma\nImpact: An attacker with physical access may be able to use Siri to\naccess sensitive user data\nDescription: This issue was addressed by restricting options offered on\na locked device. \nCVE-2024-40818: Bistrit Dahal and Srijan Poudel\n\nSiri\nAvailable for: macOS Sonoma\nImpact: An attacker with physical access to a device may be able to\naccess contacts from the lock screen\nDescription: This issue was addressed by restricting options offered on\na locked device. \nCVE-2024-40822: Srijan Poudel\n\nStorageKit\nAvailable for: macOS Sonoma\nImpact: A malicious app may be able to gain root privileges\nDescription: The issue was addressed with improved checks. \nCVE-2024-40828: Mickey Jin (@patch1t)\n\nsudo\nAvailable for: macOS Sonoma\nImpact: An app may be able to modify protected parts of the file system\nDescription: The issue was addressed with improved checks. \nCVE-2024-40811: Arsenii Kostromin (0x3c3e)\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: A use-after-free issue was addressed with improved memory\nmanagement. \nWebKit Bugzilla: 273176\nCVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab\nWebKit Bugzilla: 268770\nCVE-2024-40782: Maksymilian Motyl\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 275431\nCVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab\nWebKit Bugzilla: 275273\nCVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to a cross\nsite scripting attack\nDescription: This issue was addressed with improved checks. \nWebKit Bugzilla: 273805\nCVE-2024-40785: Johan Carlsson (joaxcar)\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: An out-of-bounds access issue was addressed with improved\nbounds checking. \nCVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nWebKit Bugzilla: 274165\nCVE-2024-4558\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Private Browsing tabs may be accessed without authentication\nDescription: This issue was addressed through improved state management. \nWebKit Bugzilla: 275272\nCVE-2024-40794: Matthew Butler\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Linwz of DEVCORE for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Yann GASCUEL of Alter Solutions for their\nassistance. \n\nImage Capture\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nShortcuts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Sonoma 14.6 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Releases\nweb site: https://support.apple.com/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmaoH5kACgkQX+5d1TXa\nIvoS9g/9FoLSV93tVrIOZIM4w/BEZRFu/T1DfMPzOsZsOrvaQicKq7ezW+pRrMXI\nG0QBIz1QGCYZikcbyQOpgzl9Rk7ckfq+mMCn1ESWku1DbR6MOU7lZEpWRsjYStQY\nra6BRT45GPtGG0YFyQXGnxMoS5IXopV5tmgQ4M4585xXso4/Dw192Vq/68NPIB2V\nywa6fCo6VC7/hHMe0v5GFVJzmSymEYF3b0CNHZVFx1K793hHrYjH1Dj4NcRlqyln\nKp3IrABhPPW8l67gS6f8RicZwzWOH3Ubwv4kivlTtDusqeX+/7mlXrvGTYd5G39P\n70jSwUeekfYkQYGT5yLjFCOTM98ApG4iHnryEkpNldMk9JRozoN3VT5PDv6b7EtR\nYsG1UiZNn0rq1TurFHdsX7G8LZX1jBe1XNy883FeuPlXuPQwGcds+Q5UpiGoM5Kj\nxx0SGiaK4Lg9tOsGDvHDvrtgl9vIGYy07953Gre+xUhdNs+AnG8KhwKs+n3WYjcL\nlH3ffMkq/NTVohaNaIcNk4YQ7Y5+y9Y0Z2YuYTmaOipxMNEpOnvJj6LB1H5Qgj4M\nLIuUxs1gl2b7B93J95w8FmdFewvUCgcZwTxU2ltsYAcZHnRwWE0twYP5v1Pc8tOG\nMZuvS0pTI+hgve1viS0inOnRpoYv+KzkaSYEhvsS16NgDuRUOqE=\n=eOPj\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-38709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234"
          },
          {
            "db": "PACKETSTORM",
            "id": "179274"
          },
          {
            "db": "PACKETSTORM",
            "id": "178035"
          },
          {
            "db": "PACKETSTORM",
            "id": "178131"
          },
          {
            "db": "PACKETSTORM",
            "id": "178096"
          },
          {
            "db": "PACKETSTORM",
            "id": "178298"
          },
          {
            "db": "PACKETSTORM",
            "id": "181748"
          },
          {
            "db": "PACKETSTORM",
            "id": "181747"
          },
          {
            "db": "PACKETSTORM",
            "id": "181910"
          },
          {
            "db": "PACKETSTORM",
            "id": "179789"
          },
          {
            "db": "PACKETSTORM",
            "id": "182614"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-38709",
            "trust": 3.6
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2024/04/04/3",
            "trust": 1.8
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2025/07/10/3",
            "trust": 1.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2025/07/10/2",
            "trust": 1.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-319-04",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96191615",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU91930855",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99032532",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "179274",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "178035",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "178131",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "178096",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "178298",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "181748",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "181747",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "181910",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "179789",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "182614",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "179274"
          },
          {
            "db": "PACKETSTORM",
            "id": "178035"
          },
          {
            "db": "PACKETSTORM",
            "id": "178131"
          },
          {
            "db": "PACKETSTORM",
            "id": "178096"
          },
          {
            "db": "PACKETSTORM",
            "id": "178298"
          },
          {
            "db": "PACKETSTORM",
            "id": "181748"
          },
          {
            "db": "PACKETSTORM",
            "id": "181747"
          },
          {
            "db": "PACKETSTORM",
            "id": "181910"
          },
          {
            "db": "PACKETSTORM",
            "id": "179789"
          },
          {
            "db": "PACKETSTORM",
            "id": "182614"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38709"
          }
        ]
      },
      "id": "VAR-202404-0120",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.625
      },
      "last_update_date": "2026-04-10T23:30:53.560000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "120911",
            "trust": 0.8,
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-1284",
            "trust": 1.0
          },
          {
            "problemtype": "Improper validation of quantity specified in input (CWE-1284) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38709"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38709"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2024/jul/18"
          },
          {
            "trust": 1.8,
            "url": "http://www.openwall.com/lists/oss-security/2024/04/04/3"
          },
          {
            "trust": 1.0,
            "url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
          },
          {
            "trust": 1.0,
            "url": "https://support.apple.com/kb/ht214119"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2025/07/10/3"
          },
          {
            "trust": 1.0,
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/i2n2nzex3mr64iwsgl3qgn7ksrugaemf/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lx5u34kygdyprh3aj6mddcbjdwdpxnvj/"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wnv4szapvs43dzwnfu7xbyyozezmi4zc/"
          },
          {
            "trust": 1.0,
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99032532/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96191615/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91930855/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-04"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27316"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-24795"
          },
          {
            "trust": 0.4,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273491"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://ubuntu.com/security/notices/usn-6729-1"
          },
          {
            "trust": 0.2,
            "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_6_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4197.json"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2024:4197"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.9"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.17"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.57-2ubuntu2.4"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-6729-2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-43622"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-45802"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/apache2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-31122"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-6729-3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.1"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2024:6928"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6928.json"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295011"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2024:6927"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-36387"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38474"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38476"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-39573"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38473"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-39884"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38475"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/glsa/202409-31"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38472"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-40898"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-40725"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-38477"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27872"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27952"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2004"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht201222."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-52356"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27863"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2466"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2379"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27871"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-6277"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2398"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-27862"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht214119."
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273499"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2024:9306"
          },
          {
            "trust": 0.1,
            "url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://issues.redhat.com/browse/rhel-14668"
          },
          {
            "trust": 0.1,
            "url": "https://issues.redhat.com/browse/rhel-6576"
          },
          {
            "trust": 0.1,
            "url": "https://issues.redhat.com/browse/rhel-49856"
          },
          {
            "trust": 0.1,
            "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9306.json"
          },
          {
            "trust": 0.1,
            "url": "https://issues.redhat.com/browse/rhel-6575"
          }
        ],
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "179274"
          },
          {
            "db": "PACKETSTORM",
            "id": "178035"
          },
          {
            "db": "PACKETSTORM",
            "id": "178131"
          },
          {
            "db": "PACKETSTORM",
            "id": "178096"
          },
          {
            "db": "PACKETSTORM",
            "id": "178298"
          },
          {
            "db": "PACKETSTORM",
            "id": "181748"
          },
          {
            "db": "PACKETSTORM",
            "id": "181747"
          },
          {
            "db": "PACKETSTORM",
            "id": "181910"
          },
          {
            "db": "PACKETSTORM",
            "id": "179789"
          },
          {
            "db": "PACKETSTORM",
            "id": "182614"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38709"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "PACKETSTORM",
            "id": "179274",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "178035",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "178131",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "178096",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "178298",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "181748",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "181747",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "181910",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "179789",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "182614",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38709",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2024-07-01T14:40:30",
            "db": "PACKETSTORM",
            "id": "179274",
            "ident": null
          },
          {
            "date": "2024-04-12T14:46:14",
            "db": "PACKETSTORM",
            "id": "178035",
            "ident": null
          },
          {
            "date": "2024-04-18T15:28:17",
            "db": "PACKETSTORM",
            "id": "178131",
            "ident": null
          },
          {
            "date": "2024-04-17T15:49:51",
            "db": "PACKETSTORM",
            "id": "178096",
            "ident": null
          },
          {
            "date": "2024-04-29T14:47:52",
            "db": "PACKETSTORM",
            "id": "178298",
            "ident": null
          },
          {
            "date": "2024-09-24T13:46:16",
            "db": "PACKETSTORM",
            "id": "181748",
            "ident": null
          },
          {
            "date": "2024-09-24T13:46:08",
            "db": "PACKETSTORM",
            "id": "181747",
            "ident": null
          },
          {
            "date": "2024-09-30T14:35:24",
            "db": "PACKETSTORM",
            "id": "181910",
            "ident": null
          },
          {
            "date": "2024-07-30T12:21:31",
            "db": "PACKETSTORM",
            "id": "179789",
            "ident": null
          },
          {
            "date": "2024-11-13T15:40:54",
            "db": "PACKETSTORM",
            "id": "182614",
            "ident": null
          },
          {
            "date": "2025-07-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-029234",
            "ident": null
          },
          {
            "date": "2024-04-04T20:15:08.047000",
            "db": "NVD",
            "id": "CVE-2023-38709",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2025-07-15T05:48:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-029234",
            "ident": null
          },
          {
            "date": "2025-11-04T22:15:53.457000",
            "db": "NVD",
            "id": "CVE-2023-38709",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "178035"
          },
          {
            "db": "PACKETSTORM",
            "id": "178131"
          },
          {
            "db": "PACKETSTORM",
            "id": "178298"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "_id": null,
        "data": "Apache\u00a0Software\u00a0Foundation\u00a0 of \u00a0Apache\u00a0HTTP\u00a0Server\u00a0 Vulnerability related to improper validation of quantities specified in inputs in products from multiple vendors such as",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029234"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "overflow, spoof, code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "179789"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-201710-0207

    Vulnerability from variot - Updated: 2026-04-10 23:24

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The GTK group key reloading vulnerability exists in the WPA2 wireless network. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    Installation note:

    Firmware version 7.6.9 is installed on AirPort Express, AirPort Extreme, or AirPort Time Capsule base stations with 802.11n using AirPort Utility for Mac or iOS.

    AirPort Utility for Mac is a free download from https://support.apple.com/downloads/ and AirPort Utility for iOS is a free download from the App Store.

    Software Description: - linux-firmware: Firmware for Linux kernel drivers

    Details:

    Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    Title: Microsoft Security Update Releases Issued: October 16, 2017


    Summary

    The following CVE has undergone a major revision increment.

    • CVE-2017-13080

    CVE Revision Information:

    CVE-2017-13080

    • Title: CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability
    • https://portal.msrc.microsoft.com/en-us/security-guidance
    • Reason for Revision: CVE-2017-13080 has been added to the October 2017 security release in lieu of ADV170016, which has been deprecated. CVE-2017-13080 was released as part of a multi-vendor coordinated disclosure. Please see the FAQ for more information.
    • Originally posted: October 16, 2017
    • Updated: N/A
    • CVE Severity Rating: Important
    • Version: 1.0

    Other Information

    Recognize and avoid fraudulent email to Microsoft customers:

    If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

    The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at .


    THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.


    Microsoft respects your privacy. Please read our online Privacy Statement at .

    If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: .

    These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.

    For legal Information, see: .

    This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052

    -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) - not licensed for commercial use: www.pgp.com Charset: utf-8

    wsFVAwUBWeTb2vsCXwi14Wq8AQimsw//UE92KMajVPARF4zMmfyQnbypCJhwOhsG n7uhJwIF8STYnUDQPfjDPGzmJSDIiQTg3PeewAzg+Ib3GZCsPdUQHMEl/DfGLFWy k814Bh158GDGvWIwDYkIgn1cRrdFP63gVg13ImvgCA2i8KOg9gy1LcnJ1tkIuHAJ bv22fe3zT9PgfLArRpm/nb3qMRnx/VRkTeS80y/RW2a2tkPSzyqLBRgZEP7t+RxJ M4G7cFRS0xpLrPE7PYn8f+tdjA04dWPO77eLOG+gDSpK5mFc8ccdjW2VoKJlRT0I i2HESEZipsuVDd4X3lkl5BigtxdKFTNDIFhE/m3pybDTbjClhjSHF+SR7T8yCOO8 fiXm1Nt0201321dhlNrtxGFV5+Q1lixO0+X7XDGCiZFTECs18vpGrDNZGQGqJ7Hj gmdSCNnfW7tashCXAIUtvoHTzK6v0hLh4ufelvdNgw8+qLUB6Z9RmrHzCHRm/i2p IuCtzp4GlPE0cBz3kUPmS0VYrYddEPS/n/vffeQpfAbbFENclTrEwTTxEYkP/vC0 qh2DNFCKnpvs8EUz/dtAdBuDaF3zuENMf/LJJf1EKOnp06b0JsRYDplKKgICgxrF kpFoAwAE14+KYcEUQhP6/jvDJXmWfMRk60Bsbs0qsfTAsFL7O9z0NrjI5xZEjF3j OYE0vOnWj3g= =2086 -----END PGP SIGNATURE----- . ========================================================================== Kernel Live Patch Security Notice LSN-0036-1 April 2, 2018

    linux vulnerability

    A security issue affects these releases of Ubuntu:

    | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |

    Summary:

    Several security issues were fixed in the kernel. (CVE-2017-13080)

    Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995)

    Update instructions:

    The problem can be corrected by updating your livepatches to the following versions:

    | Kernel | Version | flavors | |-----------------+----------+--------------------------| | 4.4.0-116.140 | 33.2 | generic, lowlatency | | lts-4.4.0-116.140_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |

    Additionally, you should install an updated kernel with these fixes and reboot at your convienience.

    References: CVE-2017-13080, CVE-2017-16995

    -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2017-12-6-2 iOS 11.2

    iOS 11.2 addresses the following:

    IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero

    IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privilege Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13879: Apple

    IOSurface Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13861: Ian Beer of Google Project Zero

    Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple CVE-2017-13876: Ian Beer of Google Project Zero

    Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad

    Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero

    Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13867: Ian Beer of Google Project Zero

    Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero

    Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Incorrect certificate is used for encryption Description: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate. CVE-2017-13874: an anonymous researcher

    Mail Drafts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH

    Wi-Fi Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in iOS 11.1. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    Installation note:

    This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

    iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

    The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

    To check that the iPhone, iPod touch, or iPad has been updated:

    • Navigate to Settings
    • Select General
    • Select About. The version after applying this update will be "11.2".

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN+gpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYDcQ// Q65i3ww4QzpeKJFL+7HA/S7GjzL01/Gmw0CirxBIdFVuOlOm5w6PKfXl7U+UPcdf jJZoIF7Jc5A34FR0szXHsy17kDwaT2fLGTkDJkdNvw3Utw2/MmmBFuaS4SIs3y/+ rXeLWfvCpaJcOLGdhHzM8ubP/k5MLTFopWvUdNeb1lrxxd91xnqibe4TrSs2dVBj gwEIBVfIWeLNaaEscujIRHxv/7f2szzxORzrZx+kXY/ar5HQMKqdlx9yuMetkuXx mT7dUV0ZkKlD73gJBtsHOkyGVUJWThg/xkGpXv11pTt2P/Xo/rhrucK5lcBuiUeJ NBb9isZmzBOf1rmfR/7cTMr/guY29kqN24+XYFLOiHlvBl43QZv5Hj2JiSyP8jVr LKLtBMk/2JLdSH4sFH9kgJ2kB0NB5raiS9CxsNiNmhftvSt9iB19vybr7B04SVBw hCsTA4HrdHVgbp4PSs4kAR/kpmT4yj0ms6++RCDggqZsk4M1uzagokAukqp3ou/k 0qkbjw1uciRAHlED6NmzrZ/aRWS+ASJAkLLCRE07IHGQJt8g2UUMipnPhsM+jA6u GnBD6cJHaTIdvHPEii5XVdynrsBG7Zb1txZsVUoNaa2jV4JBNihVv0Q2xjDxC5CI vyQU45YrbuD1sgtMoBdJhCznxWnQLt3A4LsKRsDy/00= =/F1Z -----END PGP SIGNATURE-----

    .

    Alternatively, on your watch, select "My Watch > General > About".

    Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. This is the list of vulnerabilities that are addressed here: CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz

    Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz

    MD5 signatures: +-------------+

    Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz

    Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz

    Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----

    iEYEARECAAYFAlnnrOgACgkQakRjwEAQIjPgvQCfRcXlhuFjrDNPbEUeZrYLxnkW b+4An0l5cZOdtohI7Fq0NbryWajCOnM2 =5HQM -----END PGP SIGNATURE----- . CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: an anonymous researcher CVE-2017-13866: an anonymous researcher Entry added December 13, 2017

    Wi-Fi Available for: Apple TV (4th generation) Released for Apple TV 4K in tvOS 11.1

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "_id": null,
            "model": "openstack cloud",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.7"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.8"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "linux enterprise point of sale",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "_id": null,
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.2"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "17.04"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "9front",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "adtran",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aerohive",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "alcatel lucent",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "android open source",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "arch linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aruba",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "barracuda",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cambium",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "centos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cradlepoint",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cypress semiconductor",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dell",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "digi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "draytek",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "edimax computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "engenius",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "endian",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "espressif",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "extreme",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "f secure",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fortinet",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hostap",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ipfire",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lancom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lede",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lifx",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lenovo",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microchip",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mojo",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nest",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netbsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netgear",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opnsense",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "omnirom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "open mesh",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "peplink",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "riverbed",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ruckus",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "samsung mobile",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sonos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sony",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sophos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tp link",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "texas instruments",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba commerce",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba electronic devices storage",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba memory",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "turris omnia",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "volumio",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "watchguard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xiaomi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xirrus",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zebra",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dd wrt",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "eero",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pfsense",
            "version": null
          },
          {
            "_id": null,
            "model": "alliance wi-fi protected access 2",
            "scope": null,
            "trust": 0.6,
            "vendor": "wi fi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux desktop",
            "version": "12"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux server",
            "version": "11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "17.04"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.2"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux desktop",
            "version": "7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.7.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.7.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux point of sale",
            "version": "11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "12"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "openstack cloud",
            "version": "6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Apple",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "144860"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144828"
          },
          {
            "db": "PACKETSTORM",
            "id": "145430"
          },
          {
            "db": "PACKETSTORM",
            "id": "145271"
          },
          {
            "db": "PACKETSTORM",
            "id": "144829"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2017-13080",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 5.5,
                "id": "CVE-2017-13080",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.1,
                "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CNVD-2017-30403",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "id": "CVE-2017-13080",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-13080",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-30403",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-383",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-13080",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or \"KRACK\" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The GTK group key reloading vulnerability exists in the WPA2 wireless network. \nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nFirmware version 7.6.9 is installed on AirPort Express, AirPort\nExtreme, or AirPort Time Capsule base stations with 802.11n using\nAirPort Utility for Mac or iOS. \n\nAirPort Utility for Mac is a free download from\nhttps://support.apple.com/downloads/ and AirPort Utility for iOS\nis a free download from the App Store. \n\nSoftware Description:\n- linux-firmware: Firmware for Linux kernel drivers\n\nDetails:\n\nMathy Vanhoef discovered that the firmware for several Intel WLAN\ndevices incorrectly handled WPA2 in relation to Wake on WLAN. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: October 16, 2017\n********************************************************************\n\nSummary\n=======\n\nThe following CVE has undergone a major revision increment. \n\n* CVE-2017-13080\n\n\nCVE Revision Information:\n=====================\n\nCVE-2017-13080\n\n - Title: CVE-2017-13080 | Windows Wireless WPA Group Key \n Reinstallation Vulnerability\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: CVE-2017-13080 has been added to the October \n 2017 security release in lieu of ADV170016, which has been \n deprecated. CVE-2017-13080 was released as part of a multi-vendor \n coordinated disclosure. Please see the FAQ for more information. \n - Originally posted: October 16, 2017\n - Updated: N/A \n - CVE Severity Rating: Important\n - Version: 1.0\n\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat . \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at . \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n. \n\nThis newsletter was sent by:\nMicrosoft Corporation\n1 Microsoft Way\nRedmond, Washington, USA\n98052\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 10.2.0 (Build 1950) - not licensed for commercial use: www.pgp.com\nCharset: utf-8\n\nwsFVAwUBWeTb2vsCXwi14Wq8AQimsw//UE92KMajVPARF4zMmfyQnbypCJhwOhsG\nn7uhJwIF8STYnUDQPfjDPGzmJSDIiQTg3PeewAzg+Ib3GZCsPdUQHMEl/DfGLFWy\nk814Bh158GDGvWIwDYkIgn1cRrdFP63gVg13ImvgCA2i8KOg9gy1LcnJ1tkIuHAJ\nbv22fe3zT9PgfLArRpm/nb3qMRnx/VRkTeS80y/RW2a2tkPSzyqLBRgZEP7t+RxJ\nM4G7cFRS0xpLrPE7PYn8f+tdjA04dWPO77eLOG+gDSpK5mFc8ccdjW2VoKJlRT0I\ni2HESEZipsuVDd4X3lkl5BigtxdKFTNDIFhE/m3pybDTbjClhjSHF+SR7T8yCOO8\nfiXm1Nt0201321dhlNrtxGFV5+Q1lixO0+X7XDGCiZFTECs18vpGrDNZGQGqJ7Hj\ngmdSCNnfW7tashCXAIUtvoHTzK6v0hLh4ufelvdNgw8+qLUB6Z9RmrHzCHRm/i2p\nIuCtzp4GlPE0cBz3kUPmS0VYrYddEPS/n/vffeQpfAbbFENclTrEwTTxEYkP/vC0\nqh2DNFCKnpvs8EUz/dtAdBuDaF3zuENMf/LJJf1EKOnp06b0JsRYDplKKgICgxrF\nkpFoAwAE14+KYcEUQhP6/jvDJXmWfMRk60Bsbs0qsfTAsFL7O9z0NrjI5xZEjF3j\nOYE0vOnWj3g=\n=2086\n-----END PGP SIGNATURE-----\n. ==========================================================================\nKernel Live Patch Security Notice LSN-0036-1\nApril 2, 2018\n\nlinux vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu:\n\n| Series           | Base kernel  | Arch     | flavors          |\n|------------------+--------------+----------+------------------|\n| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |\n| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |\n| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |\n| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |\n\nSummary:\n\nSeveral security issues were fixed in the kernel. (CVE-2017-13080)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation\nin the Linux kernel improperly performed sign extension in some situations. \nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2017-16995)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your livepatches to the following\nversions:\n\n| Kernel          | Version  | flavors                  |\n|-----------------+----------+--------------------------|\n| 4.4.0-116.140   | 33.2     | generic, lowlatency      |\n| lts-4.4.0-116.140_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |\n\nAdditionally, you should install an updated kernel with these fixes and\nreboot at your convienience. \n\nReferences:\n  CVE-2017-13080, CVE-2017-16995\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-6-2 iOS 11.2\n\niOS 11.2 addresses the following:\n\nIOKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple memory corruption issues were addressed through\nimproved state management. \nCVE-2017-13847: Ian Beer of Google Project Zero\n\nIOMobileFrameBuffer\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privilege\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13879: Apple\n\nIOSurface\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13861: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13862: Apple\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2017-13833: Brandon Azad\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2017-13855: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13867: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13865: Ian Beer of Google Project Zero\nCVE-2017-13868: Brandon Azad\nCVE-2017-13869: Jann Horn of Google Project Zero\n\nMail\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Incorrect certificate is used for encryption\nDescription: A S/MIME issue existed in the handling of encrypted\nemail. This issue was addressed through improved selection of the\nencryption certificate. \nCVE-2017-13874: an anonymous researcher\n\nMail Drafts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker with a privileged network position may be able to\nintercept mail\nDescription: An encryption issue existed with S/MIME credetials. The\nissue was addressed with additional checks and user control. \nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\nWi-Fi\nAvailable for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,\niPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,\niPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,\nand iPod touch 6th generation\nReleased for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)\nand later in iOS 11.1. This was addressed with improved state management. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"11.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN+gpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYDcQ//\nQ65i3ww4QzpeKJFL+7HA/S7GjzL01/Gmw0CirxBIdFVuOlOm5w6PKfXl7U+UPcdf\njJZoIF7Jc5A34FR0szXHsy17kDwaT2fLGTkDJkdNvw3Utw2/MmmBFuaS4SIs3y/+\nrXeLWfvCpaJcOLGdhHzM8ubP/k5MLTFopWvUdNeb1lrxxd91xnqibe4TrSs2dVBj\ngwEIBVfIWeLNaaEscujIRHxv/7f2szzxORzrZx+kXY/ar5HQMKqdlx9yuMetkuXx\nmT7dUV0ZkKlD73gJBtsHOkyGVUJWThg/xkGpXv11pTt2P/Xo/rhrucK5lcBuiUeJ\nNBb9isZmzBOf1rmfR/7cTMr/guY29kqN24+XYFLOiHlvBl43QZv5Hj2JiSyP8jVr\nLKLtBMk/2JLdSH4sFH9kgJ2kB0NB5raiS9CxsNiNmhftvSt9iB19vybr7B04SVBw\nhCsTA4HrdHVgbp4PSs4kAR/kpmT4yj0ms6++RCDggqZsk4M1uzagokAukqp3ou/k\n0qkbjw1uciRAHlED6NmzrZ/aRWS+ASJAkLLCRE07IHGQJt8g2UUMipnPhsM+jA6u\nGnBD6cJHaTIdvHPEii5XVdynrsBG7Zb1txZsVUoNaa2jV4JBNihVv0Q2xjDxC5CI\nvyQU45YrbuD1sgtMoBdJhCznxWnQLt3A4LsKRsDy/00=\n=/F1Z\n-----END PGP SIGNATURE-----\n\n\n\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz:  Upgraded. \n  This update includes patches to mitigate the WPA2 protocol issues known\n  as \"KRACK\" (Key Reinstallation AttaCK), which may be used to decrypt data,\n  hijack TCP connections, and to forge and inject packets. This is the\n  list of vulnerabilities that are addressed here:\n  CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the\n    4-way handshake. \n  CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way\n    handshake. \n  CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group\n    key handshake. \n  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)\n    Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)\n    while processing it. \n  CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. \n  CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)\n    PeerKey (TPK) key in the TDLS handshake. \n  For more information, see:\n    https://www.krackattacks.com/\n    https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd8ecfaadb50b3547967ab53733ffc019  wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nf25216d28800504ce498705da7c9a825  wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n15c61050e4bab2581757befd86be74c0  wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n49fd537a520338744f7757615556d352  wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc5539f40c8510af89be92945f0f80185  wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n4c527ff84fcdfd7839f217bbce2e4ae4  wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n28bd88a54e96368f7a7020c1f5fb67fe  n/wpa_supplicant-2.6-i586-2.txz\n\nSlackware x86_64 -current package:\n464fc6b48d1ac077f47e9a3a8534c160  n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address.      |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlnnrOgACgkQakRjwEAQIjPgvQCfRcXlhuFjrDNPbEUeZrYLxnkW\nb+4An0l5cZOdtohI7Fq0NbryWajCOnM2\n=5HQM\n-----END PGP SIGNATURE-----\n. \nCVE-2017-7156: an anonymous researcher\nCVE-2017-7157: an anonymous researcher\nCVE-2017-13856: Jeonghoon Shin\nCVE-2017-13870: an anonymous researcher\nCVE-2017-13866: an anonymous researcher\nEntry added December 13, 2017\n\nWi-Fi\nAvailable for: Apple TV (4th generation)\nReleased for Apple TV 4K in tvOS 11.1",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "PACKETSTORM",
            "id": "144860"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144828"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "PACKETSTORM",
            "id": "144666"
          },
          {
            "db": "PACKETSTORM",
            "id": "145228"
          },
          {
            "db": "PACKETSTORM",
            "id": "144636"
          },
          {
            "db": "PACKETSTORM",
            "id": "147010"
          },
          {
            "db": "PACKETSTORM",
            "id": "145271"
          },
          {
            "db": "PACKETSTORM",
            "id": "144829"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "PACKETSTORM",
            "id": "145430"
          }
        ],
        "trust": 3.51
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-13080",
            "trust": 3.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519",
            "trust": 3.1
          },
          {
            "db": "LENOVO",
            "id": "LEN-17420",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "101274",
            "trust": 2.3
          },
          {
            "db": "SECTRACK",
            "id": "1039703",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039572",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039573",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039576",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039577",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039578",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039581",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039585",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-901333",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-003",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-005",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383",
            "trust": 0.8
          },
          {
            "db": "JUNIPER",
            "id": "JSA10827",
            "trust": 0.8
          },
          {
            "db": "DLINK",
            "id": "SAP10075",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3967",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4125",
            "trust": 0.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-45682",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "52CDA2A8-8175-413F-97BB-CF2E4C75F7C4",
            "trust": 0.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-114-01",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144860",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145394",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "148445",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144828",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145430",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144666",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145228",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144636",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "147010",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145271",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144829",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144663",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "PACKETSTORM",
            "id": "144860"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144828"
          },
          {
            "db": "PACKETSTORM",
            "id": "145430"
          },
          {
            "db": "PACKETSTORM",
            "id": "144666"
          },
          {
            "db": "PACKETSTORM",
            "id": "145228"
          },
          {
            "db": "PACKETSTORM",
            "id": "144636"
          },
          {
            "db": "PACKETSTORM",
            "id": "147010"
          },
          {
            "db": "PACKETSTORM",
            "id": "145271"
          },
          {
            "db": "PACKETSTORM",
            "id": "144829"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "id": "VAR-201710-0207",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          }
        ],
        "trust": 1.6125
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          }
        ]
      },
      "last_update_date": "2026-04-10T23:24:45.096000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Patch for WPA2 Wireless Network GTK Group Key Reload Vulnerability (CNVD-2017-30403)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/103821"
          },
          {
            "title": "Multiple WiFi product WPA2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75497"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172911 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: linux-firmware vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3505-1"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172907 - Security Advisory"
          },
          {
            "title": "Red Hat: CVE-2017-13080",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-13080"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-13080"
          },
          {
            "title": "Apple: Wi-Fi Update for Boot Camp 6.4.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4dc3bb86865485e4364fd6b2dc2fc379"
          },
          {
            "title": "Apple: watchOS 4.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=345c3fa8a313cd9a1ced5ef372c465c4"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.6.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=43d8dcf7961e20b6ec02761d12969c19"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.7.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7ca8130f8030911575aa17c0e84114dd"
          },
          {
            "title": "Debian CVElist Bug Report Logs: firmware-brcm80211: BroadPwn vulnerability CVE-2017-9417",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2e0affd9108e95fa2aa2c706c74cd8a9"
          },
          {
            "title": "Ubuntu Security Notice: wpa vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3455-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3999-1 wpa -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=08990d9925276738bd732fa4d58f9ef0"
          },
          {
            "title": "Apple: tvOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7a8e908aff7c02a31b2d335766e6d5c2"
          },
          {
            "title": "HP: HPSBHF03582 rev. 2 - KRACK Vulnerability Affecting WPA2 Wireless Security",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03582"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-23] hostapd: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201710-23"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-22] wpa_supplicant: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201710-22"
          },
          {
            "title": "HP: HPSBPI03574 rev. 1 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03574"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=6df91267eee9400a24a98876f50ffe84"
          },
          {
            "title": "Apple: iOS 11.2",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=75d972e5e0d4b4019a5bb869f1befb00"
          },
          {
            "title": "HP: HPSBHF03697 rev. 1 - Intel\u00ae PROSet/Wireless WiFi Software November 2020 Security Updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03697"
          },
          {
            "title": "Apple: tvOS 11.2",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=8d9ba2a4e31c3f4387eccea1c1dbc99c"
          },
          {
            "title": "Apple: watchOS 4.2",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=8658f9579768b2f61d8a0c0f1d03ed58"
          },
          {
            "title": "Apple: iOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7814c280e80969d4c4d88f74b13290f2"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014November 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=8c29eb008bb212762e5cfb25c7c5c0d5"
          },
          {
            "title": "Apple: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=8e90004e437eabc9a0809772bb0707c4"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20171016-wpa"
          },
          {
            "title": "HP: HPSBHF03571 rev. 6  -  Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03571"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
          },
          {
            "title": "Apple: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=870f3f04ef17f7b183f74ae687a1561d"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
          },
          {
            "title": "vanhoefm-krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/84KaliPleXon3/vanhoefm-krackattacks-scripts "
          },
          {
            "title": "krankattack",
            "trust": 0.1,
            "url": "https://github.com/DevKosov/krankattack "
          },
          {
            "title": "krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/vanhoefm/krackattacks-scripts "
          },
          {
            "title": "KRACK",
            "trust": 0.1,
            "url": "https://github.com/chinatso/KRACK "
          },
          {
            "title": "krackinfo",
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo "
          },
          {
            "title": "nixos-issue-db-example",
            "trust": 0.1,
            "url": "https://github.com/andir/nixos-issue-db-example "
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/11/07/android_november_security_update/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/10/16/wpa2_inscure_krackattack/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-323",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-330",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.securityfocus.com/bid/101274"
          },
          {
            "trust": 3.3,
            "url": "https://source.android.com/security/bulletin/2017-11-01"
          },
          {
            "trust": 2.6,
            "url": "https://www.krackattacks.com/"
          },
          {
            "trust": 2.5,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "trust": 2.5,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171016-wpa"
          },
          {
            "trust": 2.5,
            "url": "http://www.debian.org/security/2017/dsa-3999"
          },
          {
            "trust": 2.5,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-13080"
          },
          {
            "trust": 2.5,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "trust": 1.8,
            "url": "http://www.kb.cert.org/vuls/id/228519"
          },
          {
            "trust": 1.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039585"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039581"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039578"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039577"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039573"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039572"
          },
          {
            "trust": 1.7,
            "url": "https://support.lenovo.com/us/en/product_security/len-17420"
          },
          {
            "trust": 1.7,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "trust": 1.7,
            "url": "http://www.ubuntu.com/usn/usn-3455-1"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039703"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/201711-03"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208222"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208221"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208220"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208219"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208334"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208327"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208325"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "trust": 1.7,
            "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03792en_us"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-003"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13080"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/323.html"
          },
          {
            "trust": 0.8,
            "url": "https://papers.mathyvanhoef.com/ccs2017.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-krack-vulnerability"
          },
          {
            "trust": 0.8,
            "url": "https://www3.aerohive.com/support/security-bulletins/product-security-announcement-aerohives-response-to-krack-10162017.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.al-enterprise.com/en/support/security-alert-krack"
          },
          {
            "trust": 0.8,
            "url": "https://support.apple.com/en-gb/ht208222"
          },
          {
            "trust": 0.8,
            "url": "https://security.archlinux.org/avg-447"
          },
          {
            "trust": 0.8,
            "url": "https://www.asus.com/static_webpage/asus-product-security-advisory/"
          },
          {
            "trust": 0.8,
            "url": "https://community.barracudanetworks.com/forum/index.php?/topic/23525-security-advisories/page-2"
          },
          {
            "trust": 0.8,
            "url": "https://lists.centos.org/pipermail/centos-announce/2017-october/022569.html"
          },
          {
            "trust": 0.8,
            "url": "https://community.cypress.com/docs/doc-13871"
          },
          {
            "trust": 0.8,
            "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10075"
          },
          {
            "trust": 0.8,
            "url": "http://www.dell.com/support/article/sln307822"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/espressif/esp8266_nonos_sdk"
          },
          {
            "trust": 0.8,
            "url": "https://extremeportal.force.com/extrarticledetail?n=000018005"
          },
          {
            "trust": 0.8,
            "url": "https://bodhi.fedoraproject.org/updates/fedora-2017-60bfb576b7"
          },
          {
            "trust": 0.8,
            "url": "http://www.fortiguard.com/psirt/fg-ir-17-196"
          },
          {
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 0.8,
            "url": "https://bugs.gentoo.org/634440"
          },
          {
            "trust": 0.8,
            "url": "https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null\u0026doclocale=en_us\u0026docid=emr_na-a00029151en_us"
          },
          {
            "trust": 0.8,
            "url": "https://w1.fi/security/2017-1/"
          },
          {
            "trust": 0.8,
            "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00101\u0026languageid=en-fr"
          },
          {
            "trust": 0.8,
            "url": "https://kb.juniper.net/jsa10827"
          },
          {
            "trust": 0.8,
            "url": "https://support.lenovo.com/ca/en/product_security/len-17420"
          },
          {
            "trust": 0.8,
            "url": "http://www.microchip.com/wwwproducts/en/atwinc1500"
          },
          {
            "trust": 0.8,
            "url": "http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html"
          },
          {
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049498/security-advisory-for-wpa-2-vulnerabilities-psv-2017-2826-psv-2017-2836-psv-2017-2837"
          },
          {
            "trust": 0.8,
            "url": "https://forum.peplink.com/t/security-advisory-wpa2-vulnerability-vu-228519/12715"
          },
          {
            "trust": 0.8,
            "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-101617-v1.0.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://www.suse.com/de-de/support/kb/doc/?id=7022107"
          },
          {
            "trust": 0.8,
            "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---wpa-and-wpa2-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "http://www.slackware.com/changelog/stable.php?cpu=x86_64"
          },
          {
            "trust": 0.8,
            "url": "https://community.sophos.com/kb/en-us/127658"
          },
          {
            "trust": 0.8,
            "url": "https://www.toshibacommerce.com/wps/myportal/%21ut/p/a1/rzrnc8igeiz_sw8egqhjcdmmwr8abw2dqcnfoyqotidrrk399uxrrwotuzgws7a87y6z88iuzmcq2u4uwcnlzypjnjj5-exr_wnhya-laxtrid-j3uchdtb8gylmuw6qzgktovtowsrrqlrs6-8dbeqhwc1mykqnlabgdjlf1yjvn7i5af4qtdwsn2tri7j"
          },
          {
            "trust": 0.8,
            "url": "http://www.toshiba-personalstorage.net/en/news/hdd/ot_notice/20171017.htm"
          },
          {
            "trust": 0.8,
            "url": "http://support.toshiba.com/support/staticcontentdetail?contentid=4015875\u0026isfromtoclink=false"
          },
          {
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/unifi-updates-blog/firmware-3-9-3-7537-for-uap-usw-has-been-released/ba-p/2099365"
          },
          {
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "trust": 0.8,
            "url": "http://en.miui.com/thread-954223-1-1.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.zebra.com/content/dam/zebra_new_ia/en-us/support-and-downloads/lifeguard-security/krack-security-bulletin.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_wpa2_key_management.shtml"
          },
          {
            "trust": 0.8,
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk120938"
          },
          {
            "trust": 0.8,
            "url": "https://community.rsa.com/docs/doc-84103"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k23642330"
          },
          {
            "trust": 0.8,
            "url": "https://forum.mikrotik.com/viewtopic.php?f=21\u0026t=126695"
          },
          {
            "trust": 0.8,
            "url": "https://community.linksys.com/t5/wireless-routers/krack-vulnerability/td-p/1218573"
          },
          {
            "trust": 0.6,
            "url": "https://www.kb.cert.org/vuls/id/228519/"
          },
          {
            "trust": 0.6,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3967/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4125/"
          },
          {
            "trust": 0.6,
            "url": "https://support.lenovo.com/us/en/product_security/len-45682"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13804"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13799"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13849"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13077"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13078"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13795"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13783"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13803"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13791"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13788"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13784"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13796"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/itunes/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13792"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13785"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13798"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13802"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13793"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13794"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13865"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13868"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13876"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13862"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13869"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13833"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13861"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13867"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13855"
          },
          {
            "trust": 0.2,
            "url": "https://www.pgp.com"
          },
          {
            "trust": 0.2,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13081"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/3505-1/"
          },
          {
            "trust": 0.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-114-01"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7113"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13844"
          },
          {
            "trust": 0.1,
            "url": "https://nmap.org/mailman/listinfo/fulldisclosure"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13805"
          },
          {
            "trust": 0.1,
            "url": "http://seclists.org/fulldisclosure/"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht208038"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13866"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7156"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13856"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13870"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7157"
          },
          {
            "trust": 0.1,
            "url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e."
          },
          {
            "trust": 0.1,
            "url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://support.microsoft.com/"
          },
          {
            "trust": 0.1,
            "url": "https://technet.microsoft.com/security/dn753714\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.169.1"
          },
          {
            "trust": 0.1,
            "url": "https://www.ubuntu.com/usn/usn-3505-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.164.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.157.14"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.127.24"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16995"
          },
          {
            "trust": 0.1,
            "url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13847"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13860"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13879"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13874"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht204641"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13078"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13080"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13082"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13077"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13087"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13081"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13086"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13082"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13087"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13086"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13088"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13079"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13079"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13088"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "PACKETSTORM",
            "id": "144860"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144828"
          },
          {
            "db": "PACKETSTORM",
            "id": "145430"
          },
          {
            "db": "PACKETSTORM",
            "id": "144666"
          },
          {
            "db": "PACKETSTORM",
            "id": "145228"
          },
          {
            "db": "PACKETSTORM",
            "id": "144636"
          },
          {
            "db": "PACKETSTORM",
            "id": "147010"
          },
          {
            "db": "PACKETSTORM",
            "id": "145271"
          },
          {
            "db": "PACKETSTORM",
            "id": "144829"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144860",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "145394",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "148445",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144828",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "145430",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144666",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "145228",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144636",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "147010",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "145271",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144829",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144663",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-10-17T00:00:00",
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4",
            "ident": null
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519",
            "ident": null
          },
          {
            "date": "2017-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30403",
            "ident": null
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13080",
            "ident": null
          },
          {
            "date": "2017-11-02T23:31:30",
            "db": "PACKETSTORM",
            "id": "144860",
            "ident": null
          },
          {
            "date": "2017-12-13T03:33:33",
            "db": "PACKETSTORM",
            "id": "145394",
            "ident": null
          },
          {
            "date": "2018-07-05T23:02:22",
            "db": "PACKETSTORM",
            "id": "148445",
            "ident": null
          },
          {
            "date": "2017-11-01T15:44:40",
            "db": "PACKETSTORM",
            "id": "144828",
            "ident": null
          },
          {
            "date": "2017-12-15T04:44:44",
            "db": "PACKETSTORM",
            "id": "145430",
            "ident": null
          },
          {
            "date": "2017-10-18T10:11:11",
            "db": "PACKETSTORM",
            "id": "144666",
            "ident": null
          },
          {
            "date": "2017-12-06T22:22:00",
            "db": "PACKETSTORM",
            "id": "145228",
            "ident": null
          },
          {
            "date": "2017-10-16T15:02:22",
            "db": "PACKETSTORM",
            "id": "144636",
            "ident": null
          },
          {
            "date": "2018-04-02T20:22:22",
            "db": "PACKETSTORM",
            "id": "147010",
            "ident": null
          },
          {
            "date": "2017-12-08T14:44:44",
            "db": "PACKETSTORM",
            "id": "145271",
            "ident": null
          },
          {
            "date": "2017-11-01T15:46:36",
            "db": "PACKETSTORM",
            "id": "144829",
            "ident": null
          },
          {
            "date": "2017-10-18T20:44:00",
            "db": "PACKETSTORM",
            "id": "144663",
            "ident": null
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-383",
            "ident": null
          },
          {
            "date": "2017-10-17T13:29:00.397000",
            "db": "NVD",
            "id": "CVE-2017-13080",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-11-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519",
            "ident": null
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30403",
            "ident": null
          },
          {
            "date": "2020-11-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13080",
            "ident": null
          },
          {
            "date": "2021-12-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-383",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-13080",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "security feature problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-1243

    Vulnerability from variot - Updated: 2026-04-10 23:20

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Linux Kernel Is vulnerable to the use of freed memory.Information is obtained and service operation is interrupted (DoS) It may be put into a state. ========================================================================== Ubuntu Security Notice USN-4345-1 April 28, 2020

    linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ==========================================================================

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 LTS

    Summary:

    Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-11884)

    It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234)

    Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768)

    It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942)

    It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608)

    It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609)

    It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668)

    It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648)

    Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 18.04 LTS: linux-image-4.15.0-1038-oracle 4.15.0-1038.42 linux-image-4.15.0-1058-gke 4.15.0-1058.61 linux-image-4.15.0-1059-kvm 4.15.0-1059.60 linux-image-4.15.0-1061-raspi2 4.15.0-1061.65 linux-image-4.15.0-1066-aws 4.15.0-1066.70 linux-image-4.15.0-1077-snapdragon 4.15.0-1077.84 linux-image-4.15.0-1080-oem 4.15.0-1080.90 linux-image-4.15.0-99-generic 4.15.0-99.100 linux-image-4.15.0-99-generic-lpae 4.15.0-99.100 linux-image-4.15.0-99-lowlatency 4.15.0-99.100 linux-image-aws-lts-18.04 4.15.0.1066.69 linux-image-generic 4.15.0.99.89 linux-image-generic-lpae 4.15.0.99.89 linux-image-gke 4.15.0.1058.62 linux-image-gke-4.15 4.15.0.1058.62 linux-image-kvm 4.15.0.1059.59 linux-image-lowlatency 4.15.0.99.89 linux-image-oem 4.15.0.1080.84 linux-image-oracle-lts-18.04 4.15.0.1038.47 linux-image-powerpc-e500mc 4.15.0.99.89 linux-image-powerpc-smp 4.15.0.99.89 linux-image-powerpc64-emb 4.15.0.99.89 linux-image-powerpc64-smp 4.15.0.99.89 linux-image-raspi2 4.15.0.1061.59 linux-image-snapdragon 4.15.0.1077.80 linux-image-virtual 4.15.0.99.89

    Ubuntu 16.04 LTS: linux-image-4.15.0-1038-oracle 4.15.0-1038.42~16.04.1 linux-image-4.15.0-1061-gcp 4.15.0-1061.65 linux-image-4.15.0-1066-aws 4.15.0-1066.70~16.04.1 linux-image-4.15.0-1082-azure 4.15.0-1082.92~16.04.1 linux-image-4.15.0-99-generic 4.15.0-99.100~16.04.1 linux-image-4.15.0-99-generic-lpae 4.15.0-99.100~16.04.1 linux-image-4.15.0-99-lowlatency 4.15.0-99.100~16.04.1 linux-image-aws-hwe 4.15.0.1066.66 linux-image-azure 4.15.0.1082.81 linux-image-azure-edge 4.15.0.1082.81 linux-image-gcp 4.15.0.1061.75 linux-image-generic-hwe-16.04 4.15.0.99.106 linux-image-generic-lpae-hwe-16.04 4.15.0.99.106 linux-image-gke 4.15.0.1061.75 linux-image-lowlatency-hwe-16.04 4.15.0.99.106 linux-image-oem 4.15.0.99.106 linux-image-oracle 4.15.0.1038.31 linux-image-virtual-hwe-16.04 4.15.0.99.106

    After a standard system update you need to reboot your computer to make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    Security Fix(es):

    • kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)

    • kernel: Use after free via PI futex state (CVE-2021-3347)

    • kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)

    • kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)

    • kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)

    • kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    • kernel crash when call the timer function (sctp_generate_proto_unreach_event) of sctp module (BZ#1707184)

    • SCSI error handling process on HP P440ar controller gets stuck indefinitely in device reset operation (BZ#1830268)

    • netfilter: reproducible deadlock on nft_log module autoload (BZ#1858329)

    • netfilter: NULL pointer dereference in nf_tables_set_lookup() (BZ#1873171)

    • [DELL EMC 7.9 Bug]: No acpi_pad threads on top command for "power cap policy equal to 0 watts" (BZ#1883174)

    • A race between i40e_ndo_set_vf_mac() and i40e_vsi_clear() in the i40e driver causes a use after free condition of the kmalloc-4096 slab cache. (BZ#1886003)

    • netxen driver performs poorly with RT kernel (BZ#1894274)

    • gendisk->disk_part_tbl->last_lookup retains pointer after partition deletion (BZ#1898596)

    • Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1910763)

    • RHEL7.9 - zfcp: fix handling of FCP_RESID_OVER bit in fcp ingress path (BZ#1917839)

    • RHEL7.9 - mm/THP: do not access vma->vm_mm after calling handle_userfault (BZ#1917840)

    • raid: wrong raid io account (BZ#1927106)

    • qla2x00_status_cont_entry() missing upstream patch that prevents unnecessary ABRT/warnings (BZ#1933784)

    • RHEL 7.9.z - System hang caused by workqueue stall in qla2xxx driver (BZ#1937945)

    • selinux: setsebool can trigger a deadlock (BZ#1939091)

    • [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on Hyper-V (BZ#1941841)

    • Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    The system must be rebooted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):

    1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers 1930249 - CVE-2020-12363 kernel: Improper input validation in some Intel(R) Graphics Drivers 1930251 - CVE-2020-12364 kernel: Null pointer dereference in some Intel(R) Graphics Drivers 1940627 - CVE-2020-27170 kernel: Speculation on pointer arithmetic against bpf_context pointer 1941841 - [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on Hyper-V

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: kernel-3.10.0-1160.31.1.el7.src.rpm

    noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm

    x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    Source: kernel-3.10.0-1160.31.1.el7.src.rpm

    noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm

    x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: kernel-3.10.0-1160.31.1.el7.src.rpm

    noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm

    ppc64: bpftool-3.10.0-1160.31.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-3.10.0-1160.31.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.31.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.31.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.ppc64.rpm perf-3.10.0-1160.31.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm python-perf-3.10.0-1160.31.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm

    ppc64le: bpftool-3.10.0-1160.31.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.ppc64le.rpm perf-3.10.0-1160.31.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm python-perf-3.10.0-1160.31.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm

    s390x: bpftool-3.10.0-1160.31.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-3.10.0-1160.31.1.el7.s390x.rpm kernel-debug-3.10.0-1160.31.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.31.1.el7.s390x.rpm kernel-devel-3.10.0-1160.31.1.el7.s390x.rpm kernel-headers-3.10.0-1160.31.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.31.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.31.1.el7.s390x.rpm perf-3.10.0-1160.31.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm python-perf-3.10.0-1160.31.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm

    x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm

    ppc64le: bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm

    x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: kernel-3.10.0-1160.31.1.el7.src.rpm

    noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm

    x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. 7) - noarch, x86_64

    2. Description:

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

    Bug Fix(es):

    • lru-add-drain workqueue on RT is allocated without being used (BZ#1894587)

    • kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118)

    • -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 =====================================================================

    1. Summary:

    Red Hat OpenShift Container Platform release 4.7.0 is now available.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

    This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release:

    https://access.redhat.com/errata/RHSA-2020:5634

    Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    You may download the oc tool and use it to inspect release image metadata as follows:

    (For x86_64 architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64

    The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70

    (For s390x architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x

    The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d

    (For ppc64le architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le

    The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6

    All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.

    Security Fix(es):

    • crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)

    • golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)

    • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

    • nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

    • kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)

    • containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)

    • heketi: gluster-block volume password details available in logs (CVE-2020-10763)

    • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

    • jwt-go: access restriction bypass vulnerability (CVE-2020-26160)

    • golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)

    • golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1620608 - Restoring deployment config with history leads to weird state 1752220 - [OVN] Network Policy fails to work when project label gets overwritten 1756096 - Local storage operator should implement must-gather spec 1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 1768255 - installer reports 100% complete but failing components 1770017 - Init containers restart when the exited container is removed from node. 1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating 1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset 1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale 1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating create commands 1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions 1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved" 1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor 1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. 1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image 1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration 1806000 - CRI-O failing with: error reserving ctr name 1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1810438 - Installation logs are not gathered from OCP nodes 1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist 1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation 1813012 - EtcdDiscoveryDomain no longer needed 1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints 1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use 1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist 1819457 - Package Server is in 'Cannot update' status despite properly working 1820141 - [RFE] deploy qemu-quest-agent on the nodes 1822744 - OCS Installation CI test flaking 1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario 1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool 1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file 1829723 - User workload monitoring alerts fire out of the box 1832968 - oc adm catalog mirror does not mirror the index image itself 1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1834995 - olmFull suite always fails once th suite is run on the same cluster 1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz 1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4 1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1838751 - [oVirt][Tracker] Re-enable skipped network tests 1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups 1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed 1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP 1841119 - Get rid of config patches and pass flags directly to kcm 1841175 - When an Install Plan gets deleted, OLM does not create a new one 1841381 - Issue with memoryMB validation 1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option 1844727 - Etcd container leaves grep and lsof zombie processes 1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs 1847074 - Filter bar layout issues at some screen widths on search page 1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural 1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5 1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service 1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard 1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing 1851693 - The oc apply should return errors instead of hanging there when failing to create the CRD 1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service 1853115 - the restriction of --cloud option should be shown in help text. 1853116 - --to option does not work with --credentials-requests flag. 1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854567 - "Installed Operators" list showing "duplicated" entries during installation 1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present 1855351 - Inconsistent Installer reactions to Ctrl-C during user input process 1855408 - OVN cluster unstable after running minimal scale test 1856351 - Build page should show metrics for when the build ran, not the last 30 minutes 1856354 - New APIServices missing from OpenAPI definitions 1857446 - ARO/Azure: excessive pod memory allocation causes node lockup 1857877 - Operator upgrades can delete existing CSV before completion 1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed 1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created 1860136 - default ingress does not propagate annotations to route object on update 1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed" 1860518 - unable to stop a crio pod 1861383 - Route with haproxy.router.openshift.io/timeout: 365d kills the ingress controller 1862430 - LSO: PV creation lock should not be acquired in a loop 1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. 1862608 - Virtual media does not work on hosts using BIOS, only UEFI 1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network 1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff 1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt 1866043 - Configurable table column headers can be illegible 1866087 - Examining agones helm chart resources results in "Oh no!" 1866261 - Need to indicate the intentional behavior for Ansible in the create api help info 1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement 1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity 1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help 1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed 1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations 1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x 1866482 - Few errors are seen when oc adm must-gather is run 1866605 - No metadata.generation set for build and buildconfig objects 1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name 1866901 - Deployment strategy for BMO allows multiple pods to run at the same time 1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. 1867165 - Cannot assign static address to baremetal install bootstrap vm 1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS 1867477 - HPA monitoring cpu utilization fails for deployments which have init containers 1867518 - [oc] oc should not print so many goroutines when ANY command fails 1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster 1867965 - OpenShift Console Deployment Edit overwrites deployment yaml 1868004 - opm index add appears to produce image with wrong registry server binary 1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table" 1868104 - Baremetal actuator should not delete Machine objects 1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead 1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters 1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node 1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running 1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation 1868765 - [vsphere][ci] could not reserve an IP address: no available addresses 1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster 1868976 - Prometheus error opening query log file on EBS backed PVC 1869293 - The configmap name looks confusing in aide-ds pod logs 1869606 - crio's failing to delete a network namespace 1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes 1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance] 1870373 - Ingress Operator reports available when DNS fails to provision 1870467 - D/DC Part of Helm / Operator Backed should not have HPA 1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json 1870800 - [4.6] Managed Column not appearing on Pods Details page 1871170 - e2e tests are needed to validate the functionality of the etcdctl container 1872001 - EtcdDiscoveryDomain no longer needed 1872095 - content are expanded to the whole line when only one column in table on Resource Details page 1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console 1872128 - Can't run container with hostPort on ipv6 cluster 1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective 1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity 1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them 1872821 - [DOC] Typo in Ansible Operator Tutorial 1872907 - Fail to create CR from generated Helm Base Operator 1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page) 1873007 - [downstream] failed to read config when running the operator-sdk in the home path 1873030 - Subscriptions without any candidate operators should cause resolution to fail 1873043 - Bump to latest available 1.19.x k8s 1873114 - Nodes goes into NotReady state (VMware) 1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem 1873305 - Failed to power on /inspect node when using Redfish protocol 1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information 1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation 1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working 1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters 1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\"/mount-point\\") set in config.json failed: permission denied\"" 1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver 1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider 1874240 - [vsphere] unable to deprovision - Runtime error list attached objects 1874248 - Include validation for vcenter host in the install-config 1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6 1874583 - apiserver tries and fails to log an event when shutting down 1874584 - add retry for etcd errors in kube-apiserver 1874638 - Missing logging for nbctl daemon 1874736 - [downstream] no version info for the helm-operator 1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution 1874968 - Accessibility: The project selection drop down is a keyboard trap 1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users 1875516 - disabled scheduling is easy to miss in node page of OCP console 1875598 - machine status is Running for a master node which has been terminated from the console 1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. 1876166 - need to be able to disable kube-apiserver connectivity checks 1876469 - Invalid doc link on yaml template schema description 1876701 - podCount specDescriptor change doesn't take effect on operand details page 1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt 1876935 - AWS volume snapshot is not deleted after the cluster is destroyed 1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted 1877105 - add redfish to enabled_bios_interfaces 1877116 - e2e aws calico tests fail with rpc error: code = ResourceExhausted 1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown 1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices' 1877681 - Manually created PV can not be used 1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53 1877740 - RHCOS unable to get ip address during first boot 1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5 1877919 - panic in multus-admission-controller 1877924 - Cannot set BIOS config using Redfish with Dell iDracs 1878022 - Met imagestreamimport error when import the whole image repository 1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated 1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status 1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM 1878766 - CPU consumption on nodes is higher than the CPU count of the node. 1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. 1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image" 1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode 1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1878953 - RBAC error shows when normal user access pvc upload page 1878956 - oc api-resources does not include API version 1878972 - oc adm release mirror removes the architecture information 1879013 - [RFE]Improve CD-ROM interface selection 1879056 - UI should allow to change or unset the evictionStrategy 1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled 1879094 - RHCOS dhcp kernel parameters not working as expected 1879099 - Extra reboot during 4.5 -> 4.6 upgrade 1879244 - Error adding container to network "ipvlan-host-local": "master" field is required 1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder 1879282 - Update OLM references to point to the OLM's new doc site 1879283 - panic after nil pointer dereference in pkg/daemon/update.go 1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests 1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’ 1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. 1879565 - IPv6 installation fails on node-valid-hostname 1879777 - Overlapping, divergent openshift-machine-api namespace manifests 1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy 1879930 - Annotations shouldn't be removed during object reconciliation 1879976 - No other channel visible from console 1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. 1880148 - dns daemonset rolls out slowly in large clusters 1880161 - Actuator Update calls should have fixed retry time 1880259 - additional network + OVN network installation failed 1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed" 1880410 - Convert Pipeline Visualization node to SVG 1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn 1880443 - broken machine pool management on OpenStack 1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. 1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation 1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables) 1880785 - CredentialsRequest missing description in oc explain 1880787 - No description for Provisioning CRD for oc explain 1880902 - need dnsPlocy set in crd ingresscontrollers 1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster 1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use 1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets 1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node 1881268 - Image uploading failed but wizard claim the source is available 1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration 1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup 1881881 - unable to specify target port manually resulting in application not reachable 1881898 - misalignment of sub-title in quick start headers 1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster 1882057 - Not able to select access modes for snapshot and clone 1882140 - No description for spec.kubeletConfig 1882176 - Master recovery instructions don't handle IP change well 1882191 - Installation fails against external resources which lack DNS Subject Alternative Name 1882209 - [ BateMetal IPI ] local coredns resolution not working 1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version" 1882268 - [e2e][automation]Add Integration Test for Snapshots 1882361 - Retrieve and expose the latest report for the cluster 1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use 1882556 - git:// protocol in origin tests is not currently proxied 1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4 1882608 - Spot instance not getting created on AzureGovCloud 1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance 1882649 - IPI installer labels all images it uploads into glance as qcow2 1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic 1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page 1882660 - Operators in a namespace should be installed together when approve one 1882667 - [ovn] br-ex Link not found when scale up RHEL worker 1882723 - [vsphere]Suggested mimimum value for providerspec not working 1882730 - z systems not reporting correct core count in recording rule 1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully 1882781 - nameserver= option to dracut creates extra NM connection profile 1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined 1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status 1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace 1883425 - Gather top installplans and their count 1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2 1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error 1883560 - operator-registry image needs clean up in /tmp 1883563 - Creating duplicate namespace from create namespace modal breaks the UI 1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful" 1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate 1883660 - e2e-metal-ipi CI job consistently failing on 4.4 1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests 1883766 - [e2e][automation] Adjust tests for UI changes 1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations 1883773 - opm alpha bundle build fails on win10 home 1883790 - revert "force cert rotation every couple days for development" in 4.7 1883803 - node pull secret feature is not working as expected 1883836 - Jenkins imagestream ubi8 and nodejs12 update 1883847 - The UI does not show checkbox for enable encryption at rest for OCS 1883853 - go list -m all does not work 1883905 - race condition in opm index add --overwrite-latest 1883946 - Understand why trident CSI pods are getting deleted by OCP 1884035 - Pods are illegally transitioning back to pending 1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace 1884131 - oauth-proxy repository should run tests 1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied 1884221 - IO becomes unhealthy due to a file change 1884258 - Node network alerts should work on ratio rather than absolute values 1884270 - Git clone does not support SCP-style ssh locations 1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout 1884435 - vsphere - loopback is randomly not being added to resolver 1884565 - oauth-proxy crashes on invalid usage 1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy 1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users 1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment 1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. 1884632 - Adding BYOK disk encryption through DES 1884654 - Utilization of a VMI is not populated 1884655 - KeyError on self._existing_vifs[port_id] 1884664 - Operator install page shows "installing..." instead of going to install status page 1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac' 1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure 1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps 1884739 - Node process segfaulted 1884824 - Update baremetal-operator libraries to k8s 1.19 1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping 1885138 - Wrong detection of pending state in VM details 1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2 1885165 - NoRunningOvnMaster alert falsely triggered 1885170 - Nil pointer when verifying images 1885173 - [e2e][automation] Add test for next run configuration feature 1885179 - oc image append fails on push (uploading a new layer) 1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig 1885218 - [e2e][automation] Add virtctl to gating script 1885223 - Sync with upstream (fix panicking cluster-capacity binary) 1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2 1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2 1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2 1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2 1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI 1885315 - unit tests fail on slow disks 1885319 - Remove redundant use of group and kind of DataVolumeTemplate 1885343 - Console doesn't load in iOS Safari when using self-signed certificates 1885344 - 4.7 upgrade - dummy bug for 1880591 1885358 - add p&f configuration to protect openshift traffic 1885365 - MCO does not respect the install section of systemd files when enabling 1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating 1885398 - CSV with only Webhook conversion can't be installed 1885403 - Some OLM events hide the underlying errors 1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case 1885425 - opm index add cannot batch add multiple bundles that use skips 1885543 - node tuning operator builds and installs an unsigned RPM 1885644 - Panic output due to timeouts in openshift-apiserver 1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment 1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations 1885706 - Cypress: Fix 'link-name' accesibility violation 1885761 - DNS fails to resolve in some pods 1885856 - Missing registry v1 protocol usage metric on telemetry 1885864 - Stalld service crashed under the worker node 1885930 - [release 4.7] Collect ServiceAccount statistics 1885940 - kuryr/demo image ping not working 1886007 - upgrade test with service type load balancer will never work 1886022 - Move range allocations to CRD's 1886028 - [BM][IPI] Failed to delete node after scale down 1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas 1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd 1886154 - System roles are not present while trying to create new role binding through web console 1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm 1886168 - Remove Terminal Option for Windows Nodes 1886200 - greenwave / CVP is failing on bundle validations, cannot stage push 1886229 - Multipath support for RHCOS sysroot 1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage 1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status 1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL 1886397 - Move object-enum to console-shared 1886423 - New Affinities don't contain ID until saving 1886435 - Azure UPI uses deprecated command 'group deployment' 1886449 - p&f: add configuration to protect oauth server traffic 1886452 - layout options doesn't gets selected style on click i.e grey background 1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest 1886524 - Change default terminal command for Windows Pods 1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution 1886600 - panic: assignment to entry in nil map 1886620 - Application behind service load balancer with PDB is not disrupted 1886627 - Kube-apiserver pods restarting/reinitializing periodically 1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider 1886636 - Panic in machine-config-operator 1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. 1886751 - Gather MachineConfigPools 1886766 - PVC dropdown has 'Persistent Volume' Label 1886834 - ovn-cert is mandatory in both master and node daemonsets 1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState 1886861 - ordered-values.yaml not honored if values.schema.json provided 1886871 - Neutron ports created for hostNetworking pods 1886890 - Overwrite jenkins-agent-base imagestream 1886900 - Cluster-version operator fills logs with "Manifest: ..." spew 1886922 - [sig-network] pods should successfully create sandboxes by getting pod 1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console 1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO 1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded 1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster 1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6 1887046 - Event for LSO need update to avoid confusion 1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image 1887375 - User should be able to specify volumeMode when creating pvc from web-console 1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval 1887428 - oauth-apiserver service should be monitored by prometheus 1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False" 1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data 1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes 1887465 - Deleted project is still referenced 1887472 - unable to edit application group for KSVC via gestures (shift+Drag) 1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface 1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster 1887525 - Failures to set master HardwareDetails cannot easily be debugged 1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable 1887585 - ovn-masters stuck in crashloop after scale test 1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator 1887740 - cannot install descheduler operator after uninstalling it 1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events 1887750 - oc explain localvolumediscovery returns empty description 1887751 - oc explain localvolumediscoveryresult returns empty description 1887778 - Add ContainerRuntimeConfig gatherer 1887783 - PVC upload cannot continue after approve the certificate 1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard 1887799 - User workload monitoring prometheus-config-reloader OOM 1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky 1887863 - Installer panics on invalid flavor 1887864 - Clean up dependencies to avoid invalid scan flagging 1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison 1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig 1888015 - workaround kubelet graceful termination of static pods bug 1888028 - prevent extra cycle in aggregated apiservers 1888036 - Operator details shows old CRD versions 1888041 - non-terminating pods are going from running to pending 1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect 1888073 - Operator controller continuously busy looping 1888118 - Memory requests not specified for image registry operator 1888150 - Install Operand Form on OperatorHub is displaying unformatted text 1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced 1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt 1888363 - namespaces crash in dev 1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created 1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected 1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC 1888494 - imagepruner pod is error when image registry storage is not configured 1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree" 1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error 1888601 - The poddisruptionbudgets is using the operator service account, instead of gather 1888657 - oc doesn't know its name 1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable 1888671 - Document the Cloud Provider's ignore-volume-az setting 1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image 1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName() 1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set 1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster 1888866 - AggregatedAPIDown permanently firing after removing APIService 1888870 - JS error when using autocomplete in YAML editor 1888874 - hover message are not shown for some properties 1888900 - align plugins versions 1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation 1889213 - The error message of uploading failure is not clear enough 1889267 - Increase the time out for creating template and upload image in the terraform 1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages) 1889374 - Kiali feature won't work on fresh 4.6 cluster 1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode 1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade 1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information 1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance 1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown 1889577 - Resources are not shown on project workloads page 1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment 1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages 1889692 - Selected Capacity is showing wrong size 1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15 1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1889710 - Prometheus metrics on disk take more space compared to OCP 4.5 1889721 - opm index add semver-skippatch mode does not respect prerelease versions 1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab 1889767 - [vsphere] Remove certificate from upi-installer image 1889779 - error when destroying a vSphere installation that failed early 1889787 - OCP is flooding the oVirt engine with auth errors 1889838 - race in Operator update after fix from bz1888073 1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1 1889863 - Router prints incorrect log message for namespace label selector 1889891 - Backport timecache LRU fix 1889912 - Drains can cause high CPU usage 1889921 - Reported Degraded=False Available=False pair does not make sense 1889928 - [e2e][automation] Add more tests for golden os 1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings 1890074 - MCO extension kernel-headers is invalid 1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest 1890130 - multitenant mode consistently fails CI 1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e 1890145 - The mismatched of font size for Status Ready and Health Check secondary text 1890180 - FieldDependency x-descriptor doesn't support non-sibling fields 1890182 - DaemonSet with existing owner garbage collected 1890228 - AWS: destroy stuck on route53 hosted zone not found 1890235 - e2e: update Protractor's checkErrors logging 1890250 - workers may fail to join the cluster during an update from 4.5 1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member 1890270 - External IP doesn't work if the IP address is not assigned to a node 1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability 1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere 1890467 - unable to edit an application without a service 1890472 - [Kuryr] Bulk port creation exception not completely formatted 1890494 - Error assigning Egress IP on GCP 1890530 - cluster-policy-controller doesn't gracefully terminate 1890630 - [Kuryr] Available port count not correctly calculated for alerts 1890671 - [SA] verify-image-signature using service account does not work 1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest 1890808 - New etcd alerts need to be added to the monitoring stack 1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha. 1890984 - Rename operator-webhook-config to sriov-operator-webhook-config 1890995 - wew-app should provide more insight into why image deployment failed 1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call 1891047 - Helm chart fails to install using developer console because of TLS certificate error 1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler 1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI 1891108 - p&f: Increase the concurrency share of workload-low priority level 1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine) 1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown 1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart) 1891362 - Wrong metrics count for openshift_build_result_total 1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message 1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message 1891376 - Extra text in Cluster Utilization charts 1891419 - Wrong detail head on network policy detail page. 1891459 - Snapshot tests should report stderr of failed commands 1891498 - Other machine config pools do not show during update 1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage 1891551 - Clusterautoscaler doesn't scale up as expected 1891552 - Handle missing labels as empty. 1891555 - The windows oc.exe binary does not have version metadata 1891559 - kuryr-cni cannot start new thread 1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11 1891625 - [Release 4.7] Mutable LoadBalancer Scope 1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml 1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails 1891740 - OperatorStatusChanged is noisy 1891758 - the authentication operator may spam DeploymentUpdated event endlessly 1891759 - Dockerfile builds cannot change /etc/pki/ca-trust 1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1 1891825 - Error message not very informative in case of mode mismatch 1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. 1891951 - UI should show warning while creating pools with compression on 1891952 - [Release 4.7] Apps Domain Enhancement 1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace 1891995 - OperatorHub displaying old content 1891999 - Storage efficiency card showing wrong compression ratio 1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.28' not found (required by ./opm) 1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator' 1892288 - assisted install workflow creates excessive control-plane disruption 1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config 1892358 - [e2e][automation] update feature gate for kubevirt-gating job 1892376 - Deleted netnamespace could not be re-created 1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky 1892393 - TestListPackages is flaky 1892448 - MCDPivotError alert/metric missing 1892457 - NTO-shipped stalld needs to use FIFO for boosting. 1892467 - linuxptp-daemon crash 1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env 1892653 - User is unable to create KafkaSource with v1beta 1892724 - VFS added to the list of devices of the nodeptpdevice CRD 1892799 - Mounting additionalTrustBundle in the operator 1893117 - Maintenance mode on vSphere blocks installation. 1893351 - TLS secrets are not able to edit on console. 1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots 1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability 1893546 - Deploy using virtual media fails on node cleaning step 1893601 - overview filesystem utilization of OCP is showing the wrong values 1893645 - oc describe route SIGSEGV 1893648 - Ironic image building process is not compatible with UEFI secure boot 1893724 - OperatorHub generates incorrect RBAC 1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted 1893776 - No useful metrics for image pull time available, making debugging issues there impossible 1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator 1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD 1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS 1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped 1893944 - Wrong product name for Multicloud Object Gateway 1893953 - (release-4.7) Gather default StatefulSet configs 1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating" 1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser 1893972 - Should skip e2e test cases as early as possible 1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://' 1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective 1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set 1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. 1894065 - tag new packages to enable TLS support 1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0 1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries 1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM 1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted 1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI) 1894216 - Improve OpenShift Web Console availability 1894275 - Fix CRO owners file to reflect node owner 1894278 - "database is locked" error when adding bundle to index image 1894330 - upgrade channels needs to be updated for 4.7 1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient" 1894374 - Dont prevent the user from uploading a file with incorrect extension 1894432 - [oVirt] sometimes installer timeout on tmp_import_vm 1894477 - bash syntax error in nodeip-configuration.service 1894503 - add automated test for Polarion CNV-5045 1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets 1894645 - Cinder volume provisioning crashes on nil cloud provider 1894677 - image-pruner job is panicking: klog stack 1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0 1894860 - 'backend' CI job passing despite failing tests 1894910 - Update the node to use the real-time kernel fails 1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package 1895065 - Schema / Samples / Snippets Tabs are all selected at the same time 1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI 1895141 - panic in service-ca injector 1895147 - Remove memory limits on openshift-dns 1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation 1895268 - The bundleAPIs should NOT be empty 1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster 1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release" 1895360 - Machine Config Daemon removes a file although its defined in the dropin 1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1 1895372 - Web console going blank after selecting any operator to install from OperatorHub 1895385 - Revert KUBELET_LOG_LEVEL back to level 3 1895423 - unable to edit an application with a custom builder image 1895430 - unable to edit custom template application 1895509 - Backup taken on one master cannot be restored on other masters 1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image 1895838 - oc explain description contains '/' 1895908 - "virtio" option is not available when modifying a CD-ROM to disk type 1895909 - e2e-metal-ipi-ovn-dualstack is failing 1895919 - NTO fails to load kernel modules 1895959 - configuring webhook token authentication should prevent cluster upgrades 1895979 - Unable to get coreos-installer with --copy-network to work 1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV 1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded) 1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed 1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest 1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded 1896244 - Found a panic in storage e2e test 1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general 1896302 - [e2e][automation] Fix 4.6 test failures 1896365 - [Migration]The SDN migration cannot revert under some conditions 1896384 - [ovirt IPI]: local coredns resolution not working 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6 1896529 - Incorrect instructions in the Serverless operator and application quick starts 1896645 - documentationBaseURL needs to be updated for 4.7 1896697 - [Descheduler] policy.yaml param in cluster configmap is empty 1896704 - Machine API components should honour cluster wide proxy settings 1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters 1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails 1896918 - start creating new-style Secrets for AWS 1896923 - DNS pod /metrics exposed on anonymous http port 1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1897003 - VNC console cannot be connected after visit it in new window 1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals 1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO 1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored 1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. 1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces 1897138 - oVirt provider uses depricated cluster-api project 1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly 1897252 - Firing alerts are not showing up in console UI after cluster is up for some time 1897354 - Operator installation showing success, but Provided APIs are missing 1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused" 1897412 - [sriov]disableDrain did not be updated in CRD of manifest 1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page 1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost' 1897520 - After restarting nodes the image-registry co is in degraded true state. 1897584 - Add casc plugins 1897603 - Cinder volume attachment detection failure in Kubelet 1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition 1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannotCreate OCS Cluster Service1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing 1897897 - ptp lose sync openshift 4.6 1898036 - no network after reboot (IPI) 1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically 1898097 - mDNS floods the baremetal network 1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem 1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied 1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster 1898174 - [OVN] EgressIP does not guard against node IP assignment 1898194 - GCP: can't install on custom machine types 1898238 - Installer validations allow same floating IP for API and Ingress 1898268 - [OVN]:make checkbroken on 4.6 1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default 1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover 1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. 1898407 - [Deployment timing regression] Deployment takes longer with 4.7 1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service 1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1898500 - Failure to upgrade operator when a Service is included in a Bundle 1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic 1898532 - Display names defined in specDescriptors not respected 1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted 1898613 - Whereabouts should exclude IPv6 ranges 1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase 1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator 1898839 - Wrong YAML in operator metadata 1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job 1898873 - Remove TechPreview Badge from Monitoring 1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way 1899111 - [RFE] Update jenkins-maven-agen to maven36 1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist 1899175 - bump the RHCOS boot images for 4.7 1899198 - Use new packages for ipa ramdisks 1899200 - In Installed Operators page I cannot search for an Operator by it's name 1899220 - Support AWS IMDSv2 1899350 - configure-ovs.sh doesn't configure bonding options 1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found" 1899459 - Failed to start monitoring pods once the operator removed from override list of CVO 1899515 - Passthrough credentials are not immediately re-distributed on update 1899575 - update discovery burst to reflect lots of CRDs on openshift clusters 1899582 - update discovery burst to reflect lots of CRDs on openshift clusters 1899588 - Operator objects are re-created after all other associated resources have been deleted 1899600 - Increased etcd fsync latency as of OCP 4.6 1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup 1899627 - Project dashboard Active status using small icon 1899725 - Pods table does not wrap well with quick start sidebar open 1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD) 1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality 1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0" 1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap 1899853 - additionalSecurityGroupIDs not working for master nodes 1899922 - NP changes sometimes influence new pods. 1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet 1900008 - Fix internationalized sentence fragments in ImageSearch.tsx 1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx 1900020 - Remove &apos; from internationalized keys 1900022 - Search Page - Top labels field is not applied to selected Pipeline resources 1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently 1900126 - Creating a VM results in suggestion to create a default storage class when one already exists 1900138 - [OCP on RHV] Remove insecure mode from the installer 1900196 - stalld is not restarted after crash 1900239 - Skip "subPath should be able to unmount" NFS test 1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists 1900377 - [e2e][automation] create new css selector for active users 1900496 - (release-4.7) Collect spec config for clusteroperator resources 1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks 1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue 1900759 - include qemu-guest-agent by default 1900790 - Track all resource counts via telemetry 1900835 - Multus errors when cachefile is not found 1900935 -oc adm release mirrorpanic panic: runtime error 1900989 - accessing the route cannot wake up the idled resources 1901040 - When scaling down the status of the node is stuck on deleting 1901057 - authentication operator health check failed when installing a cluster behind proxy 1901107 - pod donut shows incorrect information 1901111 - Installer dependencies are broken 1901200 - linuxptp-daemon crash when enable debug log level 1901301 - CBO should handle platform=BM without provisioning CR 1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly 1901363 - High Podready Latency due to timed out waiting for annotations 1901373 - redundant bracket on snapshot restore button 1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true" 1901395 - "Edit virtual machine template" action link should be removed 1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting 1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP 1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema 1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance" 1901604 - CNO blocks editing Kuryr options 1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled 1901909 - The device plugin pods / cni pod are restarted every 5 minutes 1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service 1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error 1902059 - Wire a real signer for service accout issuer 1902091 -cluster-image-registry-operatorpod leaves connections open when fails connecting S3 storage 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod 1902253 - MHC status doesnt set RemediationsAllowed = 0 1902299 - Failed to mirror operator catalog - error: destination registry required 1902545 - Cinder csi driver node pod should add nodeSelector for Linux 1902546 - Cinder csi driver node pod doesn't run on master node 1902547 - Cinder csi driver controller pod doesn't run on master node 1902552 - Cinder csi driver does not use the downstream images 1902595 - Project workloads list view doesn't show alert icon and hover message 1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent 1902601 - Cinder csi driver pods run as BestEffort qosClass 1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group 1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails 1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked 1902824 - failed to generate semver informed package manifest: unable to determine default channel 1902894 - hybrid-overlay-node crashing trying to get node object during initialization 1902969 - Cannot load vmi detail page 1902981 - It should default to current namespace when create vm from template 1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI 1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry 1903034 - OLM continuously printing debug logs 1903062 - [Cinder csi driver] Deployment mounted volume have no write access 1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready 1903107 - Enable vsphere-problem-detector e2e tests 1903164 - OpenShift YAML editor jumps to top every few seconds 1903165 - Improve Canary Status Condition handling for e2e tests 1903172 - Column Management: Fix sticky footer on scroll 1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled 1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format: 1903192 - Role name missing on create role binding form 1903196 - Popover positioning is misaligned for Overview Dashboard status items 1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. 1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components 1903248 - Backport Upstream Static Pod UID patch 1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests] 1903290 - Kubelet repeatedly log the same log line from exited containers 1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. 1903382 - Panic when task-graph is canceled with a TaskNode with no tasks 1903400 - Migrate a VM which is not running goes to pending state 1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page 1903414 - NodePort is not working when configuring an egress IP address 1903424 - mapi_machine_phase_transition_seconds_sum doesn't work 1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum" 1903639 - Hostsubnet gatherer produces wrong output 1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service 1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started 1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image 1903717 - Handle different Pod selectors for metal3 Deployment 1903733 - Scale up followed by scale down can delete all running workers 1903917 - Failed to load "Developer Catalog" page 1903999 - Httplog response code is always zero 1904026 - The quota controllers should resync on new resources and make progress 1904064 - Automated cleaning is disabled by default 1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases 1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap 1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1904133 - KubeletConfig flooded with failure conditions 1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart 1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi ! 1904244 - MissingKey errors for two plugins using i18next.t 1904262 - clusterresourceoverride-operator has version: 1.0.0 every build 1904296 - VPA-operator has version: 1.0.0 every build 1904297 - The index image generated by "opm index prune" leaves unrelated images 1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards 1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade 1904497 - vsphere-problem-detector: Run on vSphere cloud only 1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set 1904502 - vsphere-problem-detector: allow longer timeouts for some operations 1904503 - vsphere-problem-detector: emit alerts 1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1904578 - metric scraping for vsphere problem detector is not configured 1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade 1904663 - IPI pointer customization MachineConfig always generated 1904679 - [Feature:ImageInfo] Image info should display information about images 1904683 -[sig-builds][Feature:Builds] s2i build with a root user imagetests use docker.io image 1904684 - [sig-cli] oc debug ensure it works with image streams 1904713 - Helm charts with kubeVersion restriction are filtered incorrectly 1904776 - Snapshot modal alert is not pluralized 1904824 - Set vSphere hostname from guestinfo before NM starts 1904941 - Insights status is always showing a loading icon 1904973 - KeyError: 'nodeName' on NP deletion 1904985 - Prometheus and thanos sidecar targets are down 1904993 - Many ampersand special characters are found in strings 1905066 - QE - Monitoring test cases - smoke test suite automation 1905074 - QE -Gherkin linter to maintain standards 1905100 - Too many haproxy processes in default-router pod causing high load average 1905104 - Snapshot modal disk items missing keys 1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm 1905119 - Race in AWS EBS determining whether custom CA bundle is used 1905128 - [e2e][automation] e2e tests succeed without actually execute 1905133 - operator conditions special-resource-operator 1905141 - vsphere-problem-detector: report metrics through telemetry 1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures 1905194 - Detecting broken connections to the Kube API takes up to 15 minutes 1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests 1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP 1905253 - Inaccurate text at bottom of Events page 1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905299 - OLM fails to update operator 1905307 - Provisioning CR is missing from must-gather 1905319 - cluster-samples-operator containers are not requesting required memory resource 1905320 - csi-snapshot-webhook is not requesting required memory resource 1905323 - dns-operator is not requesting required memory resource 1905324 - ingress-operator is not requesting required memory resource 1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory 1905328 - Changing the bound token service account issuer invalids previously issued bound tokens 1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory 1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails 1905347 - QE - Design Gherkin Scenarios 1905348 - QE - Design Gherkin Scenarios 1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod 1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted 1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input 1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation 1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1 1905404 - The example of "Remove the entrypoint on the mysql:latest image" foroc image appenddoes not work 1905416 - Hyperlink not working from Operator Description 1905430 - usbguard extension fails to install because of missing correct protobuf dependency version 1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads 1905502 - Test flake - unable to get https transport for ephemeral-registry 1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. 1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs 1905610 - Fix typo in export script 1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster 1905640 - Subscription manual approval test is flaky 1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry 1905696 - ClusterMoreUpdatesModal component did not get internationalized 1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes 1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project 1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster 1905792 - [OVN]Cannot create egressfirewalll with dnsName 1905889 - Should create SA for each namespace that the operator scoped 1905920 - Quickstart exit and restart 1905941 - Page goes to error after create catalogsource 1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711 1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters 1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected 1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it 1906118 - OCS feature detection constantly polls storageclusters and storageclasses 1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource 1906121 - [oc] After new-project creation, the kubeconfig file does not set the project 1906134 - OLM should not create OperatorConditions for copied CSVs 1906143 - CBO supports log levels 1906186 - i18n: Translators are not able to translatethiswithout context for alert manager config 1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots 1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. 1906276 -oc image appendcan't work with multi-arch image with --filter-by-os='.*' 1906318 - use proper term for Authorized SSH Keys 1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional 1906356 - Unify Clone PVC boot source flow with URL/Container boot source 1906397 - IPA has incorrect kernel command line arguments 1906441 - HorizontalNav and NavBar have invalid keys 1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log 1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project 1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them 1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures 1906511 - Root reprovisioning tests flaking often in CI 1906517 - Validation is not robust enough and may prevent to generate install-confing. 1906518 - Update snapshot API CRDs to v1 1906519 - Update LSO CRDs to use v1 1906570 - Number of disruptions caused by reboots on a cluster cannot be measured 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope 1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs 1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs 1906679 - quick start panel styles are not loaded 1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber 1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form 1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created 1906689 - user can pin to nav configmaps and secrets multiple times 1906691 - Add doc which describes disabling helm chart repository 1906713 - Quick starts not accesible for a developer user 1906718 - helm chart "provided by Redhat" is misspelled 1906732 - Machine API proxy support should be tested 1906745 - Update Helm endpoints to use Helm 3.4.x 1906760 - performance issues with topology constantly re-rendering 1906766 - localizedAutoscaled&Autoscalingpod texts overlap with the pod ring 1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section 1906769 - topology fails to load with non-kubeadmin user 1906770 - shortcuts on mobiles view occupies a lot of space 1906798 - Dev catalog customization doesn't update console-config ConfigMap 1906806 - Allow installing extra packages in ironic container images 1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer 1906835 - Topology view shows add page before then showing full project workloads 1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version 1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy 1906860 - Bump kube dependencies to v1.20 for Net Edge components 1906864 - Quick Starts Tour: Need to adjust vertical spacing 1906866 - Translations of Sample-Utils 1906871 - White screen when sort by name in monitoring alerts page 1906872 - Pipeline Tech Preview Badge Alignment 1906875 - Provide an option to force backup even when API is not available. 1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities 1906879 - Add missing i18n keys 1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install 1906896 - No Alerts causes odd empty Table (Need no content message) 1906898 - Missing User RoleBindings in the Project Access Web UI 1906899 - Quick Start - Highlight Bounding Box Issue 1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1 1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers 1906935 - Delete resources when Provisioning CR is deleted 1906968 - Must-gather should support collecting kubernetes-nmstate resources 1906986 - Ensure failed pod adds are retried even if the pod object doesn't change 1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt 1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change 1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible. 1907269 - Tooltips data are different when checking stack or not checking stack for the same time 1907280 - Install tour of OCS not available. 1907282 - Topology page breaks with white screen 1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance 1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent 1907293 - Increase timeouts in e2e tests 1907295 - Gherkin script for improve management for helm 1907299 - Advanced Subscription Badge for KMS and Arbiter not present 1907303 - Align VM template list items by baseline 1907304 - Use PF styles for selected template card in VM Wizard 1907305 - Drop 'ISO' from CDROM boot source message 1907307 - Support and provider labels should be passed on between templates and sources 1907310 - Pin action should be renamed to favorite 1907312 - VM Template source popover is missing info about added date 1907313 - ClusterOperator objects cannot be overriden with cvo-overrides 1907328 - iproute-tc package is missing in ovn-kube image 1907329 - CLUSTER_PROFILE env. variable is not used by the CVO 1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached" 1907373 - Rebase to kube 1.20.0 1907375 - Bump to latest available 1.20.x k8s - workloads team 1907378 - Gather netnamespaces networking info 1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity 1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one 1907390 - prometheus-adapter: panic after k8s 1.20 bump 1907399 - build log icon link on topology nodes cause app to reload 1907407 - Buildah version not accessible 1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer" 1907453 - Dev Perspective -> running vm details -> resources -> no data 1907454 - Install PodConnectivityCheck CRD with CNO 1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources 1907475 - Unable to estimate the error rate of ingress across the connected fleet 1907480 -Active alertssection throwing forbidden error for users. 1907518 - Kamelets/Eventsource should be shown to user if they have create access 1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US 1907610 - Update kubernetes deps to 1.20 1907612 - Update kubernetes deps to 1.20 1907621 - openshift/installer: bump cluster-api-provider-kubevirt version 1907628 - Installer does not set primary subnet consistently 1907632 - Operator Registry should update its kubernetes dependencies to 1.20 1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters 1907644 - fix up handling of non-critical annotations on daemonsets/deployments 1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?) 1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication 1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail 1907767 - [e2e][automation]update test suite for kubevirt plugin 1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot 1907792 - Theoverridesof the OperatorCondition cannot block the operator upgrade 1907793 - Surface support info in VM template details 1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage 1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set 1907863 - Quickstarts status not updating when starting the tour 1907872 - dual stack with an ipv6 network fails on bootstrap phase 1907874 - QE - Design Gherkin Scenarios for epic ODC-5057 1907875 - No response when try to expand pvc with an invalid size 1907876 - Refactoring record package to make gatherer configurable 1907877 - QE - Automation- pipelines builder scripts 1907883 - Fix Pipleine creation without namespace issue 1907888 - Fix pipeline list page loader 1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form 1907892 - Unable to edit application deployed using "From Devfile" option 1907893 - navSortUtils.spec.ts unit test failure 1907896 - When a workload is added, Topology does not place the new items well 1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template 1907924 - Enable madvdontneed in OpenShift Images 1907929 - Enable madvdontneed in OpenShift System Components Part 2 1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot 1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context 1907948 - OCM-O bump to k8s 1.20 1907952 - bump to k8s 1.20 1907972 - Update OCM link to open Insights tab 1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI 1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916 1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni 1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk 1908035 - dynamic-demo-plugin build does not generate dist directory 1908135 - quick search modal is not centered over topology 1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled 1908159 - [AWS C2S] MCO fails to sync cloud config 1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384) 1908180 - Add source for template is stucking in preparing pvc 1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens 1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN 1908277 - QE - Automation- pipelines actions scripts 1908280 - Documentation describingignore-volume-azis incorrect 1908296 - Fix pipeline builder form yaml switcher validation issue 1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI 1908323 - Create button missing for PLR in the search page 1908342 - The new pv_collector_total_pv_count is not reported via telemetry 1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name 1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots 1908349 - Volume snapshot tests are failing after 1.20 rebase 1908353 - QE - Automation- pipelines runs scripts 1908361 - bump to k8s 1.20 1908367 - QE - Automation- pipelines triggers scripts 1908370 - QE - Automation- pipelines secrets scripts 1908375 - QE - Automation- pipelines workspaces scripts 1908381 - Go Dependency Fixes for Devfile Lib 1908389 - Loadbalancer Sync failing on Azure 1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived 1908407 - Backport Upstream 95269 to fix potential crash in kubelet 1908410 - Exclude Yarn from VSCode search 1908425 - Create Role Binding form subject type and name are undefined when All Project is selected 1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods 1908434 - Remove &apos from metal3-plugin internationalized strings 1908437 - Operator backed with no icon has no badge associated with the CSV tag 1908459 - bump to k8s 1.20 1908461 - Add bugzilla component to OWNERS file 1908462 - RHCOS 4.6 ostree removed dhclient 1908466 - CAPO AZ Screening/Validating 1908467 - Zoom in and zoom out in topology package should be sentence case 1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size 1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster 1908471 - OLM should bump k8s dependencies to 1.20 1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests 1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1908545 - VM clone dialog does not open 1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard 1908562 - Pod readiness is not being observed in real world cases 1908565 - [4.6] Cannot filter the platform/arch of the index image 1908573 - Align the style of flavor 1908583 - bootstrap does not run on additional networks if configured for master in install-config 1908596 - Race condition on operator installation 1908598 - Persistent Dashboard shows events for all provisioners 1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state 1908648 - Skip TestKernelType test on OKD, adjust TestExtensions 1908650 - The title of customize wizard is inconsistent 1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator 1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s] 1908687 - Option to save user settings separate when using local bridge (affects console developers only) 1908697 - Showkubectl diff command in the oc diff help page 1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom 1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds 1908717 - "missing unit character in duration" error in some network dashboards 1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload 1908747 - stale S3 CredentialsRequest in CCO manifest 1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase 1908830 - RHCOS 4.6 - Missing Initiatorname 1908868 - Update empty state message for EventSources and Channels tab 1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1908888 - Dualstack does not work with multiple gateways 1908889 - Bump CNO to k8s 1.20 1908891 - TestDNSForwarding DNS operator e2e test is failing frequently 1908914 - CNO: upgrade nodes before masters 1908918 - Pipeline builder yaml view sidebar is not responsive 1908960 - QE - Design Gherkin Scenarios 1908971 - Gherkin Script for pipeline debt 4.7 1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated 1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console 1908998 - [cinder-csi-driver] doesn't detect the credentials change 1909004 - "No datapoints found" for RHEL node's filesystem graph 1909005 - i18n: workloads list view heading is not translated 1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects 1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type 1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware 1909067 - Web terminal should keep latest output when connection closes 1909070 - PLR and TR Logs component is not streaming as fast as tkn 1909092 - Error Message should not confuse user on Channel form 1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page 1909108 - Machine API components should use 1.20 dependencies 1909116 - Catalog Sort Items dropdown is not aligned on Firefox 1909198 - Move Sink action option is not working 1909207 - Accessibility Issue on monitoring page 1909236 - Remove pinned icon overlap on resource name 1909249 - Intermittent packet drop from pod to pod 1909276 - Accessibility Issue on create project modal 1909289 - oc debug of an init container no longer works 1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2 1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle 1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it 1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O 1909464 - Build operator-registry with golang-1.15 1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found 1909521 - Add kubevirt cluster type for e2e-test workflow 1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created 1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node 1909610 - Fix available capacity when no storage class selected 1909678 - scale up / down buttons available on pod details side panel 1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined 1909739 - Arbiter request data changes 1909744 - cluster-api-provider-openstack: Bump gophercloud 1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline 1909791 - Update standalone kube-proxy config for EndpointSlice 1909792 - Empty states for some details page subcomponents are not i18ned 1909815 - Perspective switcher is only half-i18ned 1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body 1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI 1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing 1909911 - [OVN]EgressFirewall caused a segfault 1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument 1909958 - Support Quick Start Highlights Properly 1909978 - ignore-volume-az = yes not working on standard storageClass 1909981 - Improve statement in template select step 1909992 - Fail to pull the bundle image when using the private index image 1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev 1910036 - QE - Design Gherkin Scenarios ODC-4504 1910049 - UPI: ansible-galaxy is not supported 1910127 - [UPI on oVirt]: Improve UPI Documentation 1910140 - fix the api dashboard with changes in upstream kube 1.20 1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable 1910165 - DHCP to static lease script doesn't handle multiple addresses 1910305 - [Descheduler] - The minKubeVersion should be 1.20.0 1910409 - Notification drawer is not localized for i18n 1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials 1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation 1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page 1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work 1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready 1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability 1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded 1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected" 1910753 - Support Directory Path to Devfile 1910805 - Missing translation for Pipeline status and breadcrumb text 1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer 1910840 - Show Nonexistent command info in theoc rollback -hhelp page 1910859 - breadcrumbs doesn't use last namespace 1910866 - Unify templates string 1910870 - Unify template dropdown action 1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6 1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads" 1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard 1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration" 1911213 - Wrong and misleading warning for VMs that were created manually (not from template) 1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created 1911269 - waiting for the build message present when build exists 1911280 - Builder images are not detected for Dotnet, Httpd, NGINX 1911307 - Pod Scale-up requires extra privileges in OpenShift web-console 1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template 1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error 1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template 1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation 1911418 - [v2v] The target storage class name is not displayed if default storage class is used 1911434 - git ops empty state page displays icon with watermark 1911443 - SSH Cretifiaction field should be validated 1911465 - IOPS display wrong unit 1911474 - Devfile Application Group Does Not Delete Cleanly (errors) 1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController 1911574 - Expose volume mode on Upload Data form 1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined 1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel 1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle'' 1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state 1911782 - Descheduler should not evict pod used local storage by the PVC 1911796 - uploading flow being displayed before submitting the form 1912066 - The ansible type operator's manager container is not stable when managing the CR 1912077 - helm operator's default rbac forbidden 1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory' 1912237 - Rebase CSI sidecars for 4.7 1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page 1912409 - Fix flow schema deployment 1912434 - Update guided tour modal title 1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken 1912523 - Standalone pod status not updating in topology graph 1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion 1912558 - TaskRun list and detail screen doesn't show Pending status 1912563 - p&f: carry 97206: clean up executing request on panic 1912565 - OLM macOS local build broken by moby/term dependency 1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion 1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff 1912590 - publicImageRepository not being populated 1912640 - Go operator's controller pods is forbidden 1912701 - Handle dual-stack configuration for NIC IP 1912703 - multiple queries can't be plotted in the same graph under some conditons 1912730 - Operator backed: In-context should support visual connector if SBO is not installed 1912828 - Align High Performance VMs with High Performance in RHV-UI 1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates 1912852 - VM from wizard - available VM templates - "storage" field is "0 B" 1912888 - recycler template should be moved to KCM operator 1912907 - Helm chart repository index can contain unresolvable relative URL's 1912916 - Set external traffic policy to cluster for IBM platform 1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller 1912938 - Update confirmation modal for quick starts 1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment 1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment 1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver 1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912977 - rebase upstream static-provisioner 1913006 - Remove etcd v2 specific alerts with etcd_http* metrics 1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip 1913037 - update static-provisioner base image 1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state 1913085 - Regression OLM uses scoped client for CRD installation 1913096 - backport: cadvisor machine metrics are missing in k8s 1.19 1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually 1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root 1913196 - Guided Tour doesn't handle resizing of browser 1913209 - Support modal should be shown for community supported templates 1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort 1913249 - update info alert this template is not aditable 1913285 - VM list empty state should link to virtualization quick starts 1913289 - Rebase AWS EBS CSI driver for 4.7 1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled 1913297 - Remove restriction of taints for arbiter node 1913306 - unnecessary scroll bar is present on quick starts panel 1913325 - 1.20 rebase for openshift-apiserver 1913331 - Import from git: Fails to detect Java builder 1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used 1913343 - (release-4.7) Added changelog file for insights-operator 1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator 1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en." 1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads 1913420 - Time duration setting of resources is not being displayed 1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\" 1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase 1913560 - Normal user cannot load template on the new wizard 1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user 1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table 1913568 - Normal user cannot create template 1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker 1913585 - Topology descriptive text fixes 1913608 - Table data contains data value None after change time range in graph and change back 1913651 - Improved Red Hat image and crashlooping OpenShift pod collection 1913660 - Change location and text of Pipeline edit flow alert 1913685 - OS field not disabled when creating a VM from a template 1913716 - Include additional use of existing libraries 1913725 - Refactor Insights Operator Plugin states 1913736 - Regression: fails to deploy computes when using root volumes 1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes 1913751 - add third-party network plugin test suite to openshift-tests 1913783 - QE-To fix the merging pr issue, commenting the afterEach() block 1913807 - Template support badge should not be shown for community supported templates 1913821 - Need definitive steps about uninstalling descheduler operator 1913851 - Cluster Tasks are not sorted in pipeline builder 1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists 1913951 - Update the Devfile Sample Repo to an Official Repo Host 1913960 - Cluster Autoscaler should use 1.20 dependencies 1913969 - Field dependency descriptor can sometimes cause an exception 1914060 - Disk created from 'Import via Registry' cannot be used as boot disk 1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy 1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks) 1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances 1914125 - Still using /dev/vde as default device path when create localvolume 1914183 - Empty NAD page is missing link to quickstarts 1914196 - target port infrom dockerfileflow does nothing 1914204 - Creating VM from dev perspective may fail with template not found error 1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets 1914212 - [e2e][automation] Add test to validate bootable disk souce 1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes 1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 1914287 - Bring back selfLink 1914301 - User VM Template source should show the same provider as template itself 1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs 1914309 - /terminal page when WTO not installed shows nonsensical error 1914334 - order of getting started samples is arbitrary 1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x 1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI 1914405 - Quick search modal should be opened when coming back from a selection 1914407 - Its not clear that node-ca is running as non-root 1914427 - Count of pods on the dashboard is incorrect 1914439 - Typo in SRIOV port create command example 1914451 - cluster-storage-operator pod running as root 1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true 1914642 - Customize Wizard Storage tab does not pass validation 1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling 1914793 - device names should not be translated 1914894 - Warn about using non-groupified api version 1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug 1914932 - Put correct resource name in relatedObjects 1914938 - PVC disk is not shown on customization wizard general tab 1914941 - VM Template rootdisk is not deleted after fetching default disk bus 1914975 - Collect logs from openshift-sdn namespace 1915003 - No estimate of average node readiness during lifetime of a cluster 1915027 - fix MCS blocking iptables rules 1915041 - s3:ListMultipartUploadParts is relied on implicitly 1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons 1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours 1915085 - Pods created and rapidly terminated get stuck 1915114 - [aws-c2s] worker machines are not create during install 1915133 - Missing default pinned nav items in dev perspective 1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource 1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot 1915188 - Remove HostSubnet anonymization 1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment 1915217 - OKD payloads expect to be signed with production keys 1915220 - Remove dropdown workaround for user settings 1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure 1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod 1915277 - [e2e][automation]fix cdi upload form test 1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout 1915304 - Updating scheduling component builder & base images to be consistent with ART 1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node 1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection 1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod 1915357 - Dev Catalog doesn't load anything if virtualization operator is installed 1915379 - New template wizard should require provider and make support input a dropdown type 1915408 - Failure in operator-registry kind e2e test 1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation 1915460 - Cluster name size might affect installations 1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance 1915540 - Silent 4.7 RHCOS install failure on ppc64le 1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI) 1915582 - p&f: carry upstream pr 97860 1915594 - [e2e][automation] Improve test for disk validation 1915617 - Bump bootimage for various fixes 1915624 - "Please fill in the following field: Template provider" blocks customize wizard 1915627 - Translate Guided Tour text. 1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error 1915647 - Intermittent White screen when the connector dragged to revision 1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased 1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found" 1915661 - Can't run the 'oc adm prune' command in a pod 1915672 - Kuryr doesn't work with selfLink disabled. 1915674 - Golden image PVC creation - storage size should be taken from the template 1915685 - Message for not supported template is not clear enough 1915760 - Need to increase timeout to wait rhel worker get ready 1915793 - quick starts panel syncs incorrectly across browser windows 1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster 1915818 - vsphere-problem-detector: use "_totals" in metrics 1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol 1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version 1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0 1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics 1915885 - Kuryr doesn't support workers running on multiple subnets 1915898 - TaskRun log output shows "undefined" in streaming 1915907 - test/cmd/builds.sh uses docker.io 1915912 - sig-storage-csi-snapshotter image not available 1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard 1915939 - Resizing the browser window removes Web Terminal Icon 1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance] 1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7 1915962 - ROKS: manifest with machine health check fails to apply in 4.7 1915972 - Global configuration breadcrumbs do not work as expected 1915981 - Install ethtool and conntrack in container for debugging 1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception 1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups 1916021 - OLM enters infinite loop if Pending CSV replaces itself 1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry 1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations 1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk 1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration 1916145 - Explicitly set minimum versions of python libraries 1916164 - Update csi-driver-nfs builder & base images to be consistent with ART 1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7 1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third 1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2 1916379 - error metrics from vsphere-problem-detector should be gauge 1916382 - Can't create ext4 filesystems with Ignition 1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates 1916401 - Deleting an ingress controller with a bad DNS Record hangs 1916417 - [Kuryr] Must-gather does not have all Custom Resources information 1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image 1916454 - teach CCO about upgradeability from 4.6 to 4.7 1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation 1916502 - Boot disk mirroring fails with mdadm error 1916524 - Two rootdisk shows on storage step 1916580 - Default yaml is broken for VM and VM template 1916621 - oc adm node-logs examples are wrong 1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. 1916692 - Possibly fails to destroy LB and thus cluster 1916711 - Update Kube dependencies in MCO to 1.20.0 1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6 1916764 - editing a workload with no application applied, will auto fill the app 1916834 - Pipeline Metrics - Text Updates 1916843 - collect logs from openshift-sdn-controller pod 1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed 1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually 1916888 - OCS wizard Donor chart does not get updated whenDevice Typeis edited 1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together" 1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace 1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document 1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error 1917117 - Common templates - disks screen: invalid disk name 1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created 1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator 1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. 1917148 - [oVirt] Consume 23-10 ovirt sdk 1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened 1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console 1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory 1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7 1917327 - annotations.message maybe wrong for NTOPodsNotReady alert 1917367 - Refactor periodic.go 1917371 - Add docs on how to use the built-in profiler 1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console 1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui 1917484 - [BM][IPI] Failed to scale down machineset 1917522 - Deprecate --filter-by-os in oc adm catalog mirror 1917537 - controllers continuously busy reconciling operator 1917551 - use min_over_time for vsphere prometheus alerts 1917585 - OLM Operator install page missing i18n 1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types 1917605 - Deleting an exgw causes pods to no longer route to other exgws 1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API 1917656 - Add to Project/application for eventSources from topology shows 404 1917658 - Show TP badge for sources powered by camel connectors in create flow 1917660 - Editing parallelism of job get error info 1917678 - Could not provision pv when no symlink and target found on rhel worker 1917679 - Hide double CTA in admin pipelineruns tab 1917683 -NodeTextFileCollectorScrapeErroralert in OCP 4.6 cluster. 1917759 - Console operator panics after setting plugin that does not exists to the console-operator config 1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0 1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0 1917799 - Gather s list of names and versions of installed OLM operators 1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error 1917814 - Show Broker create option in eventing under admin perspective 1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1917872 - [oVirt] rebase on latest SDK 2021-01-12 1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image 1917938 - upgrade version of dnsmasq package 1917942 - Canary controller causes panic in ingress-operator 1918019 - Undesired scrollbars in markdown area of QuickStart 1918068 - Flaky olm integration tests 1918085 - reversed name of job and namespace in cvo log 1918112 - Flavor is not editable if a customize VM is created from cli 1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources 1918132 - i18n: Volume Snapshot Contents menu is not translated 1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2 1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP 1918153 - When&character is set as an environment variable in a build config it is getting converted as\u00261918185 - Capitalization on PLR details page 1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections 1918318 - Kamelet connector's are not shown in eventing section under Admin perspective 1918351 - Gather SAP configuration (SCC & ClusterRoleBinding) 1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1918395 - [ovirt] increase livenessProbe period 1918415 - MCD nil pointer on dropins 1918438 - [ja_JP, zh_CN] Serverless i18n misses 1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig 1918471 - CustomNoUpgrade Feature gates are not working correctly 1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk 1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART 1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART 1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197 1918639 - Event listener with triggerRef crashes the console 1918648 - Subscription page doesn't show InstallPlan correctly 1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack 1918748 - helmchartrepo is not http(s)_proxy-aware 1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI 1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin 1918826 - Insights popover icons are not horizontally aligned 1918879 - need better debug for bad pull secrets 1918958 - The default NMstate instance from the operator is incorrect 1919097 - Close bracket ")" missing at the end of the sentence in the UI 1919231 - quick search modal cut off on smaller screens 1919259 - Make "Add x" singular in Pipeline Builder 1919260 - VM Template list actions should not wrap 1919271 - NM prepender script doesn't support systemd-resolved 1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry 1919379 - dotnet logo out of date 1919387 - Console login fails with no error when it can't write to localStorage 1919396 - A11y Violation: svg-img-alt on Pod Status ring 1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified 1919750 - Search InstallPlans got Minified React error 1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted 1919823 - OCP 4.7 Internationalization Chinese tranlate issue 1919851 - Visualization does not render when Pipeline & Task share same name 1919862 - The tip information foroc new-project --skip-config-writeis wrong 1919876 - VM created via customize wizard cannot inherit template's PVC attributes 1919877 - Click on KSVC breaks with white screen 1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment 1919945 - user entered name value overridden by default value when selecting a git repository 1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference 1919970 - NTO does not update when the tuned profile is updated. 1919999 - Bump Cluster Resource Operator Golang Versions 1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration 1920200 - user-settings network error results in infinite loop of requests 1920205 - operator-registry e2e tests not working properly 1920214 - Bump golang to 1.15 in cluster-resource-override-admission 1920248 - re-running the pipelinerun with pipelinespec crashes the UI 1920320 - VM template field is "Not available" if it's created from common template 1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode isDisk Mode1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs 1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off 1920426 - Egress Router CNI OWNERS file should have ovn-k team members 1920427 - Need to updateoc loginhelp page since we don't support prompt interactively for the username 1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time 1920438 - openshift-tuned panics on turning debugging on/off. 1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn 1920481 - kuryr-cni pods using unreasonable amount of CPU 1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof 1920524 - Topology graph crashes adding Open Data Hub operator 1920526 - catalog operator causing CPU spikes and bad etcd performance 1920551 - Boot Order is not editable for Templates in "openshift" namespace 1920555 - bump cluster-resource-override-admission api dependencies 1920571 - fcp multipath will not recover failed paths automatically 1920619 - Remove default scheduler profile value 1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present 1920674 - MissingKey errors in bindings namespace 1920684 - Text in language preferences modal is misleading 1920695 - CI is broken because of bad image registry reference in the Makefile 1920756 - update generic-admission-server library to get the system:masters authorization optimization 1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set 1920771 - i18n: Delete persistent volume claim drop down is not translated 1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI 1920912 - Unable to power off BMH from console 1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2" 1920984 - [e2e][automation] some menu items names are out dated 1921013 - Gather PersistentVolume definition (if any) used in image registry config 1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior) 1921087 - 'start next quick start' link doesn't work and is unintuitive 1921088 - test-cmd is failing on volumes.sh pretty consistently 1921248 - Clarify the kubelet configuration cr description 1921253 - Text filter default placeholder text not internationalized 1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window 1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo 1921277 - Fix Warning and Info log statements to handle arguments 1921281 - oc get -o yaml --export returns "error: unknown flag: --export" 1921458 - [SDK] Gracefully handle therun bundle-upgradeif the lower version operator doesn't exist 1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI 1921572 - For external source (i.e GitHub Source) form view as well shows yaml 1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass 1921610 - Pipeline metrics font size inconsistency 1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921655 - [OSP] Incorrect error handling during cloudinfo generation 1921713 - [e2e][automation] fix failing VM migration tests 1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view 1921774 - delete application modal errors when a resource cannot be found 1921806 - Explore page APIResourceLinks aren't i18ned 1921823 - CheckBoxControls not internationalized 1921836 - AccessTableRows don't internationalize "User" or "Group" 1921857 - Test flake when hitting router in e2e tests due to one router not being up to date 1921880 - Dynamic plugins are not initialized on console load in production mode 1921911 - Installer PR #4589 is causing leak of IAM role policy bindings 1921921 - "Global Configuration" breadcrumb does not use sentence case 1921949 - Console bug - source code URL broken for gitlab self-hosted repositories 1921954 - Subscription-related constraints in ResolutionFailed events are misleading 1922015 - buttons in modal header are invisible on Safari 1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated 1922050 - [e2e][automation] Improve vm clone tests 1922066 - Cannot create VM from custom template which has extra disk 1922098 - Namespace selection dialog is not closed after select a namespace 1922099 - Updated Readme documentation for QE code review and setup 1922146 - Egress Router CNI doesn't have logging support. 1922267 - Collect specific ADFS error 1922292 - Bump RHCOS boot images for 4.7 1922454 - CRI-O doesn't enable pprof by default 1922473 - reconcile LSO images for 4.8 1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace 1922782 - Source registry missing docker:// in yaml 1922907 - Interop UI Tests - step implementation for updating feature files 1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons 1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD 1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything 1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources 1923102 - [vsphere-problem-detector-operator] pod's version is not correct 1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot 1923674 - k8s 1.20 vendor dependencies 1923721 - PipelineRun running status icon is not rotating 1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios 1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator 1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator 1923874 - Unable to specify values with % in kubeletconfig 1923888 - Fixes error metadata gathering 1923892 - Update arch.md after refactor. 1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator 1923895 - Changelog generation. 1923911 - [e2e][automation] Improve tests for vm details page and list filter 1923945 - PVC Name and Namespace resets when user changes os/flavor/workload 1923951 - EventSources showsundefined` in project 1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins 1924046 - Localhost: Refreshing on a Project removes it from nav item urls 1924078 - Topology quick search View all results footer should be sticky. 1924081 - NTO should ship the latest Tuned daemon release 2.15 1924084 - backend tests incorrectly hard-code artifacts dir 1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build 1924135 - Under sufficient load, CRI-O may segfault 1924143 - Code Editor Decorator url is broken for Bitbucket repos 1924188 - Language selector dropdown doesn't always pre-select the language 1924365 - Add extra disk for VM which use boot source PXE 1924383 - Degraded network operator during upgrade to 4.7.z 1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. 1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on 1924583 - Deprectaed templates are listed in the Templates screen 1924870 - pick upstream pr#96901: plumb context with request deadline 1924955 - Images from Private external registry not working in deploy Image 1924961 - k8sutil.TrimDNS1123Label creates invalid values 1924985 - Build egress-router-cni for both RHEL 7 and 8 1925020 - Console demo plugin deployment image shoult not point to dockerhub 1925024 - Remove extra validations on kafka source form view net section 1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running 1925072 - NTO needs to ship the current latest stalld v1.7.0 1925163 - Missing info about dev catalog in boot source template column 1925200 - Monitoring Alert icon is missing on the workload in Topology view 1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1 1925319 - bash syntax error in configure-ovs.sh script 1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data 1925516 - Pipeline Metrics Tooltips are overlapping data 1925562 - Add new ArgoCD link from GitOps application environments page 1925596 - Gitops details page image and commit id text overflows past card boundary 1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test 1926588 - The tarball of operator-sdk is not ready for ocp4.7 1927456 - 4.7 still points to 4.6 catalog images 1927500 - API server exits non-zero on 2 SIGTERM signals 1929278 - Monitoring workloads using too high a priorityclass 1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 1929920 - Cluster monitoring documentation link is broken - 404 not found

    1. References:

    https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1660798 - NFSv4.2: security label of mount point shows as "unlabeled_t" for ~30 seconds after mounting 1718176 - CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service 1759052 - CVE-2019-15925 kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg 1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c 1760310 - CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c 1760420 - CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c 1774946 - CVE-2019-19072 kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS 1774963 - CVE-2019-19068 kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS 1774988 - CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c 1775015 - CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS 1775021 - CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS 1775097 - CVE-2019-19056 kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS 1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c 1777449 - CVE-2019-18809 kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c 1778762 - Please backport Jitter Entropy patches 1779594 - CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid 1781679 - CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c 1781810 - CVE-2019-19543 kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c 1783459 - CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free 1783534 - CVE-2019-19533 kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c 1783561 - CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer 1784130 - CVE-2019-19319 kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c 1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c 1786179 - CVE-2019-19770 kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c 1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c 1802555 - CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c 1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c 1802563 - CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c 1817718 - CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field 1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation 1819399 - CVE-2019-9455 kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure 1820402 - Sometimes hit "error: kvm run failed Bad address" when launching a guest on Power8 1822077 - CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process 1823764 - RFE: Enable genfs+xattr labeling for CephFS 1824059 - CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table 1824792 - CVE-2020-11668 kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c 1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c 1830280 - Please enable CONFIG_RANDOM_TRUST_CPU 1831399 - CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps 1831699 - CVE-2020-12465 kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c 1832543 - CVE-2020-12655 kernel: sync of excessive duration via an XFS v5 image with crafted metadata 1832876 - CVE-2020-12659 kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption 1834845 - CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case 1839634 - CVE-2020-10751 kernel: SELinux netlink permission check bypass 1844520 - Incorrect pinning of IRQ threads on isolated CPUs by drivers that use cpumask_local_spread() 1846380 - CVE-2020-10773 kernel: kernel stack information leak on s390/s390x 1846964 - CVE-2020-10774 kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features 1853447 - Guest IA32_SPEC_CTRL wrmsr failure on AMD processors that support STIBP but don't support for IBRS 1856588 - Guest crashed and hung when hot unplug vcpus 1860065 - CVE-2020-0305 kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c 1874311 - CVE-2020-14381 kernel: referencing inode of removed superblock in get_futex_key() causes UAF 1881424 - CVE-2020-25641 kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS

    6

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "brocade fabric operating system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h410c"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "linux",
            "version": "5.5.2"
          },
          {
            "_id": null,
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "_id": null,
            "model": "solidfire baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "linux",
            "version": "5.5.2"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8648"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:linux:linux_kernel",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ubuntu",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "157489"
          },
          {
            "db": "PACKETSTORM",
            "id": "157480"
          },
          {
            "db": "PACKETSTORM",
            "id": "157491"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-148"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2020-8648",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-8648",
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.1,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 3.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-001618",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-186773",
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-8648",
                "impactScore": 5.2,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-001618",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-8648",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-001618",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-148",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-186773",
                "trust": 0.1,
                "value": "LOW"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-8648",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186773"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-148"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8648"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Linux Kernel Is vulnerable to the use of freed memory.Information is obtained and service operation is interrupted (DoS) It may be put into a state. ==========================================================================\nUbuntu Security Notice USN-4345-1\nApril 28, 2020\n\nlinux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp,\nlinux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle,\nlinux-raspi2, linux-snapdragon vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system\ncrash) or execute arbitrary code. (CVE-2020-11884)\n\nIt was discovered that the Intel Wi-Fi driver in the Linux kernel did not\nproperly check for errors in some situations. A local attacker could\npossibly use this to cause a denial of service (system crash). \n(CVE-2019-16234)\n\nTristan Madani discovered that the block I/O tracing implementation in the\nLinux kernel contained a race condition. A local attacker could use this to\ncause a denial of service (system crash) or possibly expose sensitive\ninformation. (CVE-2019-19768)\n\nIt was discovered that the vhost net driver in the Linux kernel contained a\nstack buffer overflow. A local attacker with the ability to perform ioctl()\ncalls on /dev/vhost-net could use this to cause a denial of service (system\ncrash). (CVE-2020-10942)\n\nIt was discovered that the OV51x USB Camera device driver in the Linux\nkernel did not properly validate device metadata. A physically proximate\nattacker could use this to cause a denial of service (system crash). \n(CVE-2020-11608)\n\nIt was discovered that the STV06XX USB Camera device driver in the Linux\nkernel did not properly validate device metadata. A physically proximate\nattacker could use this to cause a denial of service (system crash). \n(CVE-2020-11609)\n\nIt was discovered that the Xirlink C-It USB Camera device driver in the\nLinux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2020-11668)\n\nIt was discovered that the virtual terminal implementation in the Linux\nkernel contained a race condition. A local attacker could possibly use this\nto cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2020-8648)\n\nJordy Zomer discovered that the floppy driver in the Linux kernel did not\nproperly check for errors in some situations. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexpose sensitive information. (CVE-2020-9383)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n  linux-image-4.15.0-1038-oracle  4.15.0-1038.42\n  linux-image-4.15.0-1058-gke     4.15.0-1058.61\n  linux-image-4.15.0-1059-kvm     4.15.0-1059.60\n  linux-image-4.15.0-1061-raspi2  4.15.0-1061.65\n  linux-image-4.15.0-1066-aws     4.15.0-1066.70\n  linux-image-4.15.0-1077-snapdragon  4.15.0-1077.84\n  linux-image-4.15.0-1080-oem     4.15.0-1080.90\n  linux-image-4.15.0-99-generic   4.15.0-99.100\n  linux-image-4.15.0-99-generic-lpae  4.15.0-99.100\n  linux-image-4.15.0-99-lowlatency  4.15.0-99.100\n  linux-image-aws-lts-18.04       4.15.0.1066.69\n  linux-image-generic             4.15.0.99.89\n  linux-image-generic-lpae        4.15.0.99.89\n  linux-image-gke                 4.15.0.1058.62\n  linux-image-gke-4.15            4.15.0.1058.62\n  linux-image-kvm                 4.15.0.1059.59\n  linux-image-lowlatency          4.15.0.99.89\n  linux-image-oem                 4.15.0.1080.84\n  linux-image-oracle-lts-18.04    4.15.0.1038.47\n  linux-image-powerpc-e500mc      4.15.0.99.89\n  linux-image-powerpc-smp         4.15.0.99.89\n  linux-image-powerpc64-emb       4.15.0.99.89\n  linux-image-powerpc64-smp       4.15.0.99.89\n  linux-image-raspi2              4.15.0.1061.59\n  linux-image-snapdragon          4.15.0.1077.80\n  linux-image-virtual             4.15.0.99.89\n\nUbuntu 16.04 LTS:\n  linux-image-4.15.0-1038-oracle  4.15.0-1038.42~16.04.1\n  linux-image-4.15.0-1061-gcp     4.15.0-1061.65\n  linux-image-4.15.0-1066-aws     4.15.0-1066.70~16.04.1\n  linux-image-4.15.0-1082-azure   4.15.0-1082.92~16.04.1\n  linux-image-4.15.0-99-generic   4.15.0-99.100~16.04.1\n  linux-image-4.15.0-99-generic-lpae  4.15.0-99.100~16.04.1\n  linux-image-4.15.0-99-lowlatency  4.15.0-99.100~16.04.1\n  linux-image-aws-hwe             4.15.0.1066.66\n  linux-image-azure               4.15.0.1082.81\n  linux-image-azure-edge          4.15.0.1082.81\n  linux-image-gcp                 4.15.0.1061.75\n  linux-image-generic-hwe-16.04   4.15.0.99.106\n  linux-image-generic-lpae-hwe-16.04  4.15.0.99.106\n  linux-image-gke                 4.15.0.1061.75\n  linux-image-lowlatency-hwe-16.04  4.15.0.99.106\n  linux-image-oem                 4.15.0.99.106\n  linux-image-oracle              4.15.0.1038.31\n  linux-image-virtual-hwe-16.04   4.15.0.99.106\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: Use after free via PI futex state (CVE-2021-3347)\n\n* kernel: use-after-free in n_tty_receive_buf_common function in\ndrivers/tty/n_tty.c (CVE-2020-8648)\n\n* kernel: Improper input validation in some Intel(R) Graphics Drivers\n(CVE-2020-12363)\n\n* kernel: Null pointer dereference in some Intel(R) Graphics Drivers\n(CVE-2020-12364)\n\n* kernel: Speculation on pointer arithmetic against bpf_context pointer\n(CVE-2020-27170)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* kernel crash when call the timer function\n(sctp_generate_proto_unreach_event) of sctp module (BZ#1707184)\n\n* SCSI error handling process on HP P440ar controller gets stuck\nindefinitely in device reset operation (BZ#1830268)\n\n* netfilter: reproducible deadlock on nft_log module autoload (BZ#1858329)\n\n* netfilter: NULL pointer dereference in nf_tables_set_lookup()\n(BZ#1873171)\n\n* [DELL EMC 7.9 Bug]: No acpi_pad threads on top command for \"power cap\npolicy equal to 0 watts\" (BZ#1883174)\n\n* A race between i40e_ndo_set_vf_mac() and i40e_vsi_clear() in the i40e\ndriver causes a use after free condition of the kmalloc-4096 slab cache. \n(BZ#1886003)\n\n* netxen driver performs poorly with RT kernel (BZ#1894274)\n\n* gendisk-\u003edisk_part_tbl-\u003elast_lookup retains pointer after partition\ndeletion (BZ#1898596)\n\n* Kernel experiences panic in update_group_power() due to division error\neven with Bug 1701115 fix (BZ#1910763)\n\n* RHEL7.9 - zfcp: fix handling of FCP_RESID_OVER bit in fcp ingress path\n(BZ#1917839)\n\n* RHEL7.9 - mm/THP: do not access vma-\u003evm_mm after calling handle_userfault\n(BZ#1917840)\n\n* raid: wrong raid io account (BZ#1927106)\n\n* qla2x00_status_cont_entry() missing upstream patch that prevents\nunnecessary ABRT/warnings (BZ#1933784)\n\n* RHEL 7.9.z - System hang caused by workqueue stall in qla2xxx driver\n(BZ#1937945)\n\n* selinux: setsebool can trigger a deadlock (BZ#1939091)\n\n* [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on\nHyper-V (BZ#1941841)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c\n1922249 - CVE-2021-3347 kernel: Use after free via PI futex state\n1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers\n1930249 - CVE-2020-12363 kernel: Improper input validation in some Intel(R) Graphics Drivers\n1930251 - CVE-2020-12364 kernel: Null pointer dereference in some Intel(R) Graphics Drivers\n1940627 - CVE-2020-27170 kernel: Speculation on pointer arithmetic against bpf_context pointer\n1941841 - [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on Hyper-V\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkernel-3.10.0-1160.31.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.31.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.31.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nkernel-3.10.0-1160.31.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.31.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.31.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkernel-3.10.0-1160.31.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.31.1.el7.noarch.rpm\n\nppc64:\nbpftool-3.10.0-1160.31.1.el7.ppc64.rpm\nbpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-debug-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-devel-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-headers-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-tools-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-1160.31.1.el7.ppc64.rpm\nperf-3.10.0-1160.31.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\npython-perf-3.10.0-1160.31.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-3.10.0-1160.31.1.el7.ppc64le.rpm\nbpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-debug-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-devel-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-headers-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-tools-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-1160.31.1.el7.ppc64le.rpm\nperf-3.10.0-1160.31.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\npython-perf-3.10.0-1160.31.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\n\ns390x:\nbpftool-3.10.0-1160.31.1.el7.s390x.rpm\nbpftool-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-debug-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-debug-devel-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-devel-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-headers-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-kdump-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-1160.31.1.el7.s390x.rpm\nperf-3.10.0-1160.31.1.el7.s390x.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm\npython-perf-3.10.0-1160.31.1.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm\n\nx86_64:\nbpftool-3.10.0-1160.31.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-1160.31.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-1160.31.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkernel-3.10.0-1160.31.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.31.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.31.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-3.10.0-1160.31.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.31.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. 7) - noarch, x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\n* lru-add-drain workqueue on RT is allocated without being used\n(BZ#1894587)\n\n* kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2020:5633-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:5633\nIssue date:        2021-02-24\nCVE Names:         CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 \n                   CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 \n                   CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 \n                   CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n                   CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 \n                   CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 \n                   CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n                   CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 \n                   CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 \n                   CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 \n                   CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n                   CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n                   CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n                   CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n                   CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n                   CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n                   CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n                   CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 \n                   CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 \n                   CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 \n                   CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 \n                   CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 \n                   CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 \n                   CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 \n                   CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 \n                   CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 \n                   CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 \n                   CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 \n                   CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 \n                   CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 \n                   CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 \n                   CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 \n                   CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 \n                   CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 \n                   CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 \n                   CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 \n                   CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 \n                   CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 \n                   CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 \n                   CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 \n                   CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 \n                   CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 \n                   CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n                   CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 \n                   CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 \n                   CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 \n                   CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 \n                   CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 \n                   CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 \n                   CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 \n                   CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 \n                   CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 \n                   CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 \n                   CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 \n                   CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 \n                   CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 \n                   CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 \n                   CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 \n                   CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 \n                   CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 \n                   CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 \n                   CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 \n                   CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 \n                   CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 \n                   CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 \n                   CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 \n                   CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 \n                   CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 \n                   CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 \n                   CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 \n                   CVE-2021-2007 CVE-2021-3121 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is\nsha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is\nsha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is\nsha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication\n(CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere\nProvider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM\nattacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs\n(CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7, see the following documentation,\nwhich\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1620608 - Restoring deployment config with history leads to weird state\n1752220 - [OVN] Network Policy fails to work when project label gets overwritten\n1756096 - Local storage operator should implement must-gather spec\n1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n1768255 - installer reports 100% complete but failing components\n1770017 - Init containers restart when the exited container is removed from node. \n1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating\n1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset\n1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale\n1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands\n1784298 - \"Displaying with reduced resolution due to large dataset.\" would show under some conditions\n1785399 - Under condition of heavy pod creation, creation fails with \u0027error reserving pod name ...: name is reserved\"\n1797766 - Resource Requirements\" specDescriptor fields - CPU and Memory injects empty string YAML editor\n1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. \n1805025 - [OSP] Machine status doesn\u0027t become \"Failed\" when creating a machine with invalid image\n1805639 - Machine status should be \"Failed\" when creating a machine with invalid machine configuration\n1806000 - CRI-O failing with: error reserving ctr name\n1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1810438 - Installation logs are not gathered from OCP nodes\n1812085 - kubernetes-networking-namespace-pods dashboard doesn\u0027t exist\n1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation\n1813012 - EtcdDiscoveryDomain no longer needed\n1813949 - openshift-install doesn\u0027t use env variables for OS_* for some of API endpoints\n1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use\n1819053 - loading OpenAPI spec for \"v1beta1.metrics.k8s.io\" failed with: OpenAPI spec does not exist\n1819457 - Package Server is in \u0027Cannot update\u0027 status despite properly working\n1820141 - [RFE] deploy qemu-quest-agent on the nodes\n1822744 - OCS Installation CI test flaking\n1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario\n1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool\n1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file\n1829723 - User workload monitoring alerts fire out of the box\n1832968 - oc adm catalog mirror does not mirror the index image itself\n1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN\n1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters\n1834995 - olmFull suite always fails once th suite is run on the same cluster\n1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz\n1837953 - Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1838751 - [oVirt][Tracker] Re-enable skipped network tests\n1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups\n1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed\n1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP\n1841119 - Get rid of config patches and pass flags directly to kcm\n1841175 - When an Install Plan gets deleted, OLM does not create a new one\n1841381 - Issue with memoryMB validation\n1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1844727 - Etcd container leaves grep and lsof zombie processes\n1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs\n1847074 - Filter bar layout issues at some screen widths on search page\n1848358 - CRDs with preserveUnknownFields:true don\u0027t reflect in status that they are non-structural\n1849543 - [4.5]kubeletconfig\u0027s description will show multiple lines for finalizers when upgrade from 4.4.8-\u003e4.5\n1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service\n1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard\n1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD\n1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service\n1853115 - the restriction of --cloud option should be shown in help text. \n1853116 - `--to` option does not work with `--credentials-requests` flag. \n1853352 - [v2v][UI] Storage Class fields Should  Not be empty  in VM  disks view\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854567 - \"Installed Operators\" list showing \"duplicated\" entries during installation\n1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present\n1855351 - Inconsistent Installer reactions to Ctrl-C during user input process\n1855408 - OVN cluster unstable after running minimal scale test\n1856351 - Build page should show metrics for when the build ran, not the last 30 minutes\n1856354 - New APIServices missing from OpenAPI definitions\n1857446 - ARO/Azure: excessive pod memory allocation causes node lockup\n1857877 - Operator upgrades can delete existing CSV before completion\n1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed\n1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created\n1860136 - default ingress does not propagate annotations to route object on update\n1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as \"Failed\"\n1860518 - unable to stop a crio pod\n1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller\n1862430 - LSO: PV creation lock should not be acquired in a loop\n1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. \n1862608 - Virtual media does not work on hosts using BIOS, only UEFI\n1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network\n1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff\n1865839 - rpm-ostree fails with \"System transaction in progress\" when moving to kernel-rt\n1866043 - Configurable table column headers can be illegible\n1866087 - Examining agones helm chart resources results in \"Oh no!\"\n1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info\n1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement\n1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity\n1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there\u2019s no indication on which labels offer tooltip/help\n1866340 - [RHOCS Usability Study][Dashboard] It was not clear why \u201cNo persistent storage alerts\u201d was prominently displayed\n1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations\n1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le \u0026 s390x\n1866482 - Few errors are seen when oc adm must-gather is run\n1866605 - No metadata.generation set for build and buildconfig objects\n1866873 - MCDDrainError \"Drain failed on  , updates may be blocked\" missing rendered node name\n1866901 - Deployment strategy for BMO allows multiple pods to run at the same time\n1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. \n1867165 - Cannot assign static address to baremetal install bootstrap vm\n1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig\n1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS\n1867477 - HPA monitoring cpu utilization fails for deployments which have init containers\n1867518 - [oc] oc should not print so many goroutines when ANY command fails\n1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on  250 node cluster\n1867965 - OpenShift Console Deployment Edit overwrites deployment yaml\n1868004 - opm index add appears to produce image with wrong registry server binary\n1868065 - oc -o jsonpath prints possible warning / bug \"Unable to decode server response into a Table\"\n1868104 - Baremetal actuator should not delete Machine objects\n1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead\n1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1868527 - OpenShift Storage using VMWare vSAN receives error \"Failed to add disk \u0027scsi0:2\u0027\" when mounted pod is created on separate node\n1868645 - After a disaster recovery pods a stuck in \"NodeAffinity\" state and not running\n1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation\n1868765 - [vsphere][ci] could not reserve an IP address: no available addresses\n1868770 - catalogSource named \"redhat-operators\" deleted in a disconnected cluster\n1868976 - Prometheus error opening query log file on EBS backed PVC\n1869293 - The configmap name looks confusing in aide-ds pod logs\n1869606 - crio\u0027s failing to delete a network namespace\n1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes\n1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run  [Conformance]\n1870373 - Ingress Operator reports available when DNS fails to provision\n1870467 - D/DC Part of Helm / Operator Backed should not have HPA\n1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json\n1870800 - [4.6] Managed Column not appearing on Pods Details page\n1871170 - e2e tests are needed to validate the functionality of the etcdctl container\n1872001 - EtcdDiscoveryDomain no longer needed\n1872095 - content are expanded to the whole line when only one column in table on Resource Details page\n1872124 - Could not choose device type as \"disk\" or \"part\" when create localvolumeset from web console\n1872128 - Can\u0027t run container with hostPort on ipv6 cluster\n1872166 - \u0027Silences\u0027 link redirects to unexpected \u0027Alerts\u0027 view after creating a silence in the Developer perspective\n1872251 - [aws-ebs-csi-driver] Verify job in CI doesn\u0027t check for vendor dir sanity\n1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them\n1872821 - [DOC] Typo in Ansible Operator Tutorial\n1872907 - Fail to create CR from generated Helm Base Operator\n1872923 - Click \"Cancel\" button on the \"initialization-resource\" creation form page should send users to the \"Operator details\" page instead of \"Install Operator\" page (previous page)\n1873007 - [downstream] failed to read config when running the operator-sdk in the home path\n1873030 - Subscriptions without any candidate operators should cause resolution to fail\n1873043 - Bump to latest available 1.19.x k8s\n1873114 - Nodes goes into NotReady state (VMware)\n1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem\n1873305 - Failed to power on /inspect node when using Redfish protocol\n1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information\n1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: \u201c?\u201d button/icon in Developer Console -\u003eNavigation\n1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working\n1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name \u003e 63 characters\n1874057 - Pod stuck in CreateContainerError - error msg=\"container_linux.go:348: starting container process caused \\\"chdir to cwd (\\\\\\\"/mount-point\\\\\\\") set in config.json failed: permission denied\\\"\"\n1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver\n1874192 - [RFE] \"Create Backing Store\" page doesn\u0027t allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider\n1874240 - [vsphere] unable to deprovision - Runtime error list attached objects\n1874248 - Include validation for vcenter host in the install-config\n1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6\n1874583 - apiserver tries and fails to log an event when shutting down\n1874584 - add retry for etcd errors in kube-apiserver\n1874638 - Missing logging for nbctl daemon\n1874736 - [downstream] no version info for the helm-operator\n1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution\n1874968 - Accessibility: The project selection drop down is a keyboard trap\n1875247 - Dependency resolution error \"found more than one head for channel\" is unhelpful for users\n1875516 - disabled scheduling is easy to miss in node page of OCP console\n1875598 - machine status is Running for a master node which has been terminated from the console\n1875806 - When creating a service of type \"LoadBalancer\" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. \n1876166 - need to be able to disable kube-apiserver connectivity checks\n1876469 - Invalid doc link on yaml template schema description\n1876701 - podCount specDescriptor change doesn\u0027t take effect on operand details page\n1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt\n1876935 - AWS volume snapshot is not deleted after the cluster is destroyed\n1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted\n1877105 - add redfish to enabled_bios_interfaces\n1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`\n1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown\n1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only \u0027rootDevices\u0027\n1877681 - Manually created PV can not be used\n1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53\n1877740 - RHCOS unable to get ip address during first boot\n1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5\n1877919 - panic in multus-admission-controller\n1877924 - Cannot set BIOS config using Redfish with Dell iDracs\n1878022 - Met imagestreamimport error when import the whole image repository\n1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default \"Filesystem Name\" instead of providing a textbox, \u0026 the name should be validated\n1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status\n1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM\n1878766 - CPU consumption on nodes is higher than the CPU count of the node. \n1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. \n1878823 - \"oc adm release mirror\" generating incomplete imageContentSources when using \"--to\" and \"--to-release-image\"\n1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode\n1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used\n1878953 - RBAC error shows when normal user access pvc upload page\n1878956 - `oc api-resources` does not include API version\n1878972 - oc adm release mirror removes the architecture information\n1879013 - [RFE]Improve CD-ROM interface selection\n1879056 - UI should allow to change or unset the evictionStrategy\n1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled\n1879094 - RHCOS dhcp kernel parameters not working as expected\n1879099 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1879244 - Error adding container to network \"ipvlan-host-local\": \"master\" field is required\n1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder\n1879282 - Update OLM references to point to the OLM\u0027s new doc site\n1879283 - panic after nil pointer dereference in pkg/daemon/update.go\n1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests\n1879419 - [RFE]Improve boot source description for \u0027Container\u0027 and \u2018URL\u2019\n1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. \n1879565 - IPv6 installation fails on node-valid-hostname\n1879777 - Overlapping, divergent openshift-machine-api namespace manifests\n1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with \u0027Basic\u0027, skipping basic authentication in Log message in thanos-querier pod the oauth-proxy\n1879930 - Annotations shouldn\u0027t be removed during object reconciliation\n1879976 - No other channel visible from console\n1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. \n1880148 - dns daemonset rolls out slowly in large clusters\n1880161 - Actuator Update calls should have fixed retry time\n1880259 - additional network + OVN network installation failed\n1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as \"Failed\"\n1880410 - Convert Pipeline Visualization node to SVG\n1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn\n1880443 - broken machine pool management on OpenStack\n1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. \n1880473 - IBM Cloudpak operators installation stuck \"UpgradePending\" with InstallPlan status updates failing due to size limitation\n1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)\n1880785 - CredentialsRequest missing description in `oc explain`\n1880787 - No description for Provisioning CRD for `oc explain`\n1880902 - need dnsPlocy set in crd ingresscontrollers\n1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster\n1881027 - Cluster installation fails at with error :  the container name \\\"assisted-installer\\\" is already in use\n1881046 - [OSP] openstack-cinder-csi-driver-operator doesn\u0027t contain required manifests and assets\n1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node\n1881268 - Image uploading failed but wizard claim the source is available\n1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration\n1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup\n1881881 - unable to specify target port manually resulting in application not reachable\n1881898 - misalignment of sub-title in quick start headers\n1882022 - [vsphere][ipi] directory path is incomplete, terraform can\u0027t find the cluster\n1882057 - Not able to select access modes for snapshot and clone\n1882140 - No description for spec.kubeletConfig\n1882176 - Master recovery instructions don\u0027t handle IP change well\n1882191 - Installation fails against external resources which lack DNS Subject Alternative Name\n1882209 - [ BateMetal IPI ] local coredns resolution not working\n1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from \"Too large resource version\"\n1882268 - [e2e][automation]Add Integration Test for Snapshots\n1882361 - Retrieve and expose the latest report for the cluster\n1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1882556 - git:// protocol in origin tests is not currently proxied\n1882569 - CNO: Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1882608 - Spot instance not getting created on AzureGovCloud\n1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance\n1882649 - IPI installer labels all images it uploads into glance as qcow2\n1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic\n1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page\n1882660 - Operators in a namespace should be installed together when approve one\n1882667 - [ovn] br-ex Link not found when scale up RHEL worker\n1882723 - [vsphere]Suggested mimimum value for providerspec not working\n1882730 - z systems not reporting correct core count in recording rule\n1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully\n1882781 - nameserver= option to dracut creates extra NM connection profile\n1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined\n1882844 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1883388 - Bare Metal Hosts Details page doesn\u0027t show Mainitenance and Power On/Off status\n1883422 - operator-sdk cleanup fail after installing operator with \"run bundle\" without installmode and og with ownnamespace\n1883425 - Gather top installplans and their count\n1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2\n1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]\n1883538 - must gather report \"cannot file manila/aws ebs/ovirt csi related namespaces and objects\" error\n1883560 - operator-registry image needs clean up in /tmp\n1883563 - Creating duplicate namespace from create namespace modal breaks the UI\n1883614 - [OCP 4.6] [UI] UI should not describe power cycle as \"graceful\"\n1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate\n1883660 - e2e-metal-ipi CI job consistently failing on 4.4\n1883765 - [user workload monitoring] improve latency of Thanos sidecar  when streaming read requests\n1883766 - [e2e][automation] Adjust tests for UI changes\n1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations\n1883773 - opm alpha bundle build fails on win10 home\n1883790 - revert \"force cert rotation every couple days for development\" in 4.7\n1883803 - node pull secret feature is not working as expected\n1883836 - Jenkins imagestream ubi8 and nodejs12 update\n1883847 - The UI does not show checkbox for enable encryption at rest for OCS\n1883853 - go list -m all does not work\n1883905 - race condition in opm index add --overwrite-latest\n1883946 - Understand why trident CSI pods are getting deleted by OCP\n1884035 - Pods are illegally transitioning back to pending\n1884041 - e2e should provide error info when minimum number of pods aren\u0027t ready in kube-system namespace\n1884131 - oauth-proxy repository should run tests\n1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied\n1884221 - IO becomes unhealthy due to a file change\n1884258 - Node network alerts should work on ratio rather than absolute values\n1884270 - Git clone does not support SCP-style ssh locations\n1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout\n1884435 - vsphere - loopback is randomly not being added to resolver\n1884565 - oauth-proxy crashes on invalid usage\n1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy\n1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users\n1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment\n1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. \n1884632 - Adding BYOK disk encryption through DES\n1884654 - Utilization of a VMI is not populated\n1884655 - KeyError on self._existing_vifs[port_id]\n1884664 - Operator install page shows \"installing...\" instead of going to install status page\n1884672 - Failed to inspect hardware. Reason: unable to start inspection: \u0027idrac\u0027\n1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure\n1884724 - Quick Start: Serverless quickstart doesn\u0027t match Operator install steps\n1884739 - Node process segfaulted\n1884824 - Update baremetal-operator libraries to k8s 1.19\n1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping\n1885138 - Wrong detection of pending state in VM details\n1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2\n1885165 - NoRunningOvnMaster alert falsely triggered\n1885170 - Nil pointer when verifying images\n1885173 - [e2e][automation] Add test for next run configuration feature\n1885179 - oc image append fails on push (uploading a new layer)\n1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig\n1885218 - [e2e][automation] Add virtctl to gating script\n1885223 - Sync with upstream (fix panicking cluster-capacity binary)\n1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI\n1885315 - unit tests fail on slow disks\n1885319 - Remove redundant use of group and kind of DataVolumeTemplate\n1885343 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885344 - 4.7 upgrade - dummy bug for 1880591\n1885358 - add p\u0026f configuration to protect openshift traffic\n1885365 - MCO does not respect the install section of systemd files when enabling\n1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating\n1885398 - CSV with only Webhook conversion can\u0027t be installed\n1885403 - Some OLM events hide the underlying errors\n1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case\n1885425 - opm index add cannot batch add multiple bundles that use skips\n1885543 - node tuning operator builds and installs an unsigned RPM\n1885644 - Panic output due to timeouts in openshift-apiserver\n1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU \u003c 30 || totalMemory \u003c 72 GiB for initial deployment\n1885702 - Cypress:  Fix \u0027aria-hidden-focus\u0027 accesibility violations\n1885706 - Cypress:  Fix \u0027link-name\u0027 accesibility violation\n1885761 - DNS fails to resolve in some pods\n1885856 - Missing registry v1 protocol usage metric on telemetry\n1885864 - Stalld service crashed under the worker node\n1885930 - [release 4.7] Collect ServiceAccount statistics\n1885940 - kuryr/demo image ping not working\n1886007 - upgrade test with service type load balancer will never work\n1886022 - Move range allocations to CRD\u0027s\n1886028 - [BM][IPI] Failed to delete node after scale down\n1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas\n1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd\n1886154 - System roles are not present while trying to create new role binding through web console\n1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5-\u003e4.6 causes broadcast storm\n1886168 - Remove Terminal Option for Windows Nodes\n1886200 - greenwave / CVP is failing on bundle validations, cannot stage push\n1886229 - Multipath support for RHCOS sysroot\n1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage\n1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status\n1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL\n1886397 - Move object-enum to console-shared\n1886423 - New Affinities don\u0027t contain ID until saving\n1886435 - Azure UPI uses deprecated command \u0027group deployment\u0027\n1886449 - p\u0026f: add configuration to protect oauth server traffic\n1886452 - layout options doesn\u0027t gets selected style on click i.e grey background\n1886462 - IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest\n1886524 - Change default terminal command for Windows Pods\n1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution\n1886600 - panic: assignment to entry in nil map\n1886620 - Application behind service load balancer with PDB is not disrupted\n1886627 - Kube-apiserver pods restarting/reinitializing periodically\n1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider\n1886636 - Panic in machine-config-operator\n1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. \n1886751 - Gather MachineConfigPools\n1886766 - PVC dropdown has \u0027Persistent Volume\u0027 Label\n1886834 - ovn-cert is mandatory in both master and node daemonsets\n1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState\n1886861 - ordered-values.yaml not honored if values.schema.json provided\n1886871 - Neutron ports created for hostNetworking pods\n1886890 - Overwrite jenkins-agent-base imagestream\n1886900 - Cluster-version operator fills logs with \"Manifest: ...\" spew\n1886922 - [sig-network] pods should successfully create sandboxes by getting pod\n1886973 - Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO\n1887010 - Imagepruner met error \"Job has reached the specified backoff limit\" which causes image registry degraded\n1887026 - FC volume attach fails with \u201cno fc disk found\u201d error on OCP 4.6 PowerVM cluster\n1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6\n1887046 - Event for LSO need update to avoid confusion\n1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image\n1887375 - User should be able to specify volumeMode when creating pvc from web-console\n1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1887392 - openshift-apiserver: delegated authn/z should have ttl \u003e metrics/healthz/readyz/openapi interval\n1887428 - oauth-apiserver service should be monitored by prometheus\n1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting \"degraded: False\"\n1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data\n1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes\n1887465 - Deleted project is still referenced\n1887472 - unable to edit application group for KSVC via gestures (shift+Drag)\n1887488 - OCP 4.6:  Topology Manager OpenShift E2E test fails:  gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface\n1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster\n1887525 - Failures to set master HardwareDetails cannot easily be debugged\n1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable\n1887585 - ovn-masters stuck in crashloop after scale test\n1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. \n1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator\n1887740 - cannot install descheduler operator after uninstalling it\n1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events\n1887750 - `oc explain localvolumediscovery` returns empty description\n1887751 - `oc explain localvolumediscoveryresult` returns empty description\n1887778 - Add ContainerRuntimeConfig gatherer\n1887783 - PVC upload cannot continue after approve the certificate\n1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard\n1887799 - User workload monitoring prometheus-config-reloader OOM\n1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky\n1887863 - Installer panics on invalid flavor\n1887864 - Clean up dependencies to avoid invalid scan flagging\n1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison\n1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig\n1888015 - workaround kubelet graceful termination of static pods bug\n1888028 - prevent extra cycle in aggregated apiservers\n1888036 - Operator details shows old CRD versions\n1888041 - non-terminating pods are going from running to pending\n1888072 - Setting Supermicro node to PXE boot via Redfish doesn\u0027t take affect\n1888073 - Operator controller continuously busy looping\n1888118 - Memory requests not specified for image registry operator\n1888150 - Install Operand Form on OperatorHub is displaying unformatted text\n1888172 - PR 209 didn\u0027t update the sample archive, but machineset and pdbs are now namespaced\n1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build\n1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888311 - p\u0026f: make SAR traffic from oauth and openshift apiserver exempt\n1888363 - namespaces crash in dev\n1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created\n1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected\n1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC\n1888494 - imagepruner pod is error when image registry storage is not configured\n1888565 - [OSP] machine-config-daemon-firstboot.service failed with \"error reading osImageURL from rpm-ostree\"\n1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error\n1888601 - The poddisruptionbudgets is using the operator service account, instead of gather\n1888657 - oc doesn\u0027t know its name\n1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable\n1888671 - Document the Cloud Provider\u0027s ignore-volume-az setting\n1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image\n1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s\", cr.GetName()\n1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set\n1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster\n1888866 - AggregatedAPIDown permanently firing after removing APIService\n1888870 - JS error when using autocomplete in YAML editor\n1888874 - hover message are not shown for some properties\n1888900 - align plugins versions\n1888985 - Cypress:  Fix \u0027Ensures buttons have discernible text\u0027 accesibility violation\n1889213 - The error message of uploading failure is not clear enough\n1889267 - Increase the time out for creating template and upload image in the terraform\n1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)\n1889374 - Kiali feature won\u0027t work on fresh 4.6 cluster\n1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode\n1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade\n1889515 - Accessibility - The symbols e.g checkmark in the Node \u003e overview page has no text description, label, or other accessible information\n1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance\n1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown\n1889577 - Resources are not shown on project workloads page\n1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment\n1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages\n1889692 - Selected Capacity is showing wrong size\n1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15\n1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1889710 - Prometheus metrics on disk take more space compared to OCP 4.5\n1889721 - opm index add semver-skippatch mode does not respect prerelease versions\n1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn\u0027t see the Disk tab\n1889767 - [vsphere] Remove certificate from upi-installer image\n1889779 - error when destroying a vSphere installation that failed early\n1889787 - OCP is flooding the oVirt engine with auth errors\n1889838 - race in Operator update after fix from bz1888073\n1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1\n1889863 - Router prints incorrect log message for namespace label selector\n1889891 - Backport timecache LRU fix\n1889912 - Drains can cause high CPU usage\n1889921 - Reported Degraded=False Available=False pair does not make sense\n1889928 - [e2e][automation] Add more tests for golden os\n1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings\n1890074 - MCO extension kernel-headers is invalid\n1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest\n1890130 - multitenant mode consistently fails CI\n1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e\n1890145 - The mismatched of font size for Status Ready and Health Check secondary text\n1890180 - FieldDependency x-descriptor doesn\u0027t support non-sibling fields\n1890182 - DaemonSet with existing owner garbage collected\n1890228 - AWS: destroy stuck on route53 hosted zone not found\n1890235 - e2e: update Protractor\u0027s checkErrors logging\n1890250 - workers may fail to join the cluster during an update from 4.5\n1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member\n1890270 - External IP doesn\u0027t work if the IP address is not assigned to a node\n1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability\n1890456 - [vsphere] mapi_instance_create_failed doesn\u0027t work on vsphere\n1890467 - unable to edit an application without a service\n1890472 - [Kuryr] Bulk port creation exception not completely formatted\n1890494 - Error assigning Egress IP on GCP\n1890530 - cluster-policy-controller doesn\u0027t gracefully terminate\n1890630 - [Kuryr] Available port count not correctly calculated for alerts\n1890671 - [SA] verify-image-signature using service account does not work\n1890677 - \u0027oc image info\u0027 claims \u0027does not exist\u0027 for application/vnd.oci.image.manifest.v1+json manifest\n1890808 - New etcd alerts need to be added to the monitoring stack\n1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn\u0027t sync the \"overall\" sha it syncs only the sub arch sha. \n1890984 - Rename operator-webhook-config to sriov-operator-webhook-config\n1890995 - wew-app should provide more insight into why image deployment failed\n1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call\n1891047 - Helm chart fails to install using developer console because of TLS certificate error\n1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler\n1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI\n1891108 - p\u0026f: Increase the concurrency share of workload-low priority level\n1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)\n1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown\n1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn\u0027t meet requirements of chart)\n1891362 - Wrong metrics count for openshift_build_result_total\n1891368 - fync should be fsync for etcdHighFsyncDurations alert\u0027s annotations.message\n1891374 - fync should be fsync for etcdHighFsyncDurations critical alert\u0027s annotations.message\n1891376 - Extra text in Cluster Utilization charts\n1891419 - Wrong detail head on network policy detail page. \n1891459 - Snapshot tests should report stderr of failed commands\n1891498 - Other machine config pools do not show during update\n1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage\n1891551 - Clusterautoscaler doesn\u0027t scale up as expected\n1891552 - Handle missing labels as empty. \n1891555 - The windows oc.exe binary does not have version metadata\n1891559 - kuryr-cni cannot start new thread\n1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11\n1891625 - [Release 4.7] Mutable LoadBalancer Scope\n1891702 - installer get pending when additionalTrustBundle is added into  install-config.yaml\n1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails\n1891740 - OperatorStatusChanged is noisy\n1891758 - the authentication operator may spam DeploymentUpdated event endlessly\n1891759 - Dockerfile builds cannot change /etc/pki/ca-trust\n1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1\n1891825 - Error message not very informative in case of mode mismatch\n1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. \n1891951 - UI should show warning while creating pools with compression on\n1891952 - [Release 4.7] Apps Domain Enhancement\n1891993 - 4.5 to 4.6 upgrade doesn\u0027t remove deployments created by marketplace\n1891995 - OperatorHub displaying old content\n1891999 - Storage efficiency card showing wrong compression ratio\n1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28\u0027 not found (required by ./opm)\n1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. \n1892198 - TypeError in \u0027Performance Profile\u0027 tab displayed for \u0027Performance Addon Operator\u0027\n1892288 - assisted install workflow creates excessive control-plane disruption\n1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config\n1892358 - [e2e][automation] update feature gate for kubevirt-gating job\n1892376 - Deleted netnamespace could not be re-created\n1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky\n1892393 - TestListPackages is flaky\n1892448 - MCDPivotError alert/metric missing\n1892457 - NTO-shipped stalld needs to use FIFO for boosting. \n1892467 - linuxptp-daemon crash\n1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env\n1892653 - User is unable to create KafkaSource with v1beta\n1892724 - VFS added to the list of devices of the nodeptpdevice CRD\n1892799 - Mounting additionalTrustBundle in the operator\n1893117 - Maintenance mode on vSphere blocks installation. \n1893351 - TLS secrets are not able to edit on console. \n1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots\n1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky \"worker\" assumption when guessing about ingress availability\n1893546 - Deploy using virtual media fails on node cleaning step\n1893601 - overview filesystem utilization of OCP is showing the wrong values\n1893645 - oc describe route SIGSEGV\n1893648 - Ironic image building process is not compatible with UEFI secure boot\n1893724 - OperatorHub generates incorrect RBAC\n1893739 - Force deletion doesn\u0027t work for snapshots if snapshotclass is already deleted\n1893776 - No useful metrics for image pull time available, making debugging issues there impossible\n1893798 - Lots of error messages starting with \"get namespace to enqueue Alertmanager instances failed\" in the logs of prometheus-operator\n1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD\n1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS\n1893926 - Some \"Dynamic PV (block volmode)\" pattern storage e2e tests are wrongly skipped\n1893944 - Wrong product name for Multicloud Object Gateway\n1893953 - (release-4.7) Gather default StatefulSet configs\n1893956 - Installation always fails at \"failed to initialize the cluster: Cluster operator image-registry is still updating\"\n1893963 - [Testday] Workloads-\u003e Virtualization is not loading for Firefox browser\n1893972 - Should skip e2e test cases as early as possible\n1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without \u0027https://\u0027\n1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective\n1894025 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. \n1894065 - tag new packages to enable TLS support\n1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0\n1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries\n1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted\n1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)\n1894216 - Improve OpenShift Web Console availability\n1894275 - Fix CRO owners file to reflect node owner\n1894278 - \"database is locked\" error when adding bundle to index image\n1894330 - upgrade channels needs to be updated for 4.7\n1894342 - oauth-apiserver logs many \"[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient\"\n1894374 - Dont prevent the user from uploading a file with incorrect extension\n1894432 - [oVirt] sometimes installer timeout on tmp_import_vm\n1894477 - bash syntax error in nodeip-configuration.service\n1894503 - add automated test for Polarion CNV-5045\n1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform\n1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets\n1894645 - Cinder volume provisioning crashes on nil cloud provider\n1894677 - image-pruner job is panicking: klog stack\n1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0\n1894860 - \u0027backend\u0027 CI job passing despite failing tests\n1894910 - Update the node to use the real-time kernel fails\n1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package\n1895065 - Schema / Samples / Snippets Tabs are all selected at the same time\n1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI\n1895141 - panic in service-ca injector\n1895147 - Remove memory limits on openshift-dns\n1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation\n1895268 - The bundleAPIs should NOT be empty\n1895309 - [OCP v47] The RHEL node scaleup fails due to \"No package matching \u0027cri-o-1.19.*\u0027 found available\" on OCP 4.7 cluster\n1895329 - The infra index filled with warnings \"WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release\"\n1895360 - Machine Config Daemon removes a file although its defined in the dropin\n1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1\n1895372 - Web console going blank after selecting any operator to install from OperatorHub\n1895385 - Revert KUBELET_LOG_LEVEL back to level 3\n1895423 - unable to edit an application with a custom builder image\n1895430 - unable to edit custom template application\n1895509 - Backup taken on one master cannot be restored on other masters\n1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image\n1895838 - oc explain description contains \u0027/\u0027\n1895908 - \"virtio\" option is not available when modifying a CD-ROM to disk type\n1895909 - e2e-metal-ipi-ovn-dualstack is failing\n1895919 - NTO fails to load kernel modules\n1895959 - configuring webhook token authentication should prevent cluster upgrades\n1895979 - Unable to get coreos-installer with --copy-network to work\n1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV\n1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)\n1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed\n1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest\n1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded\n1896244 - Found a panic in storage e2e test\n1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general\n1896302 - [e2e][automation] Fix 4.6 test failures\n1896365 - [Migration]The SDN migration cannot revert under some conditions\n1896384 - [ovirt IPI]: local coredns resolution not working\n1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6\n1896529 - Incorrect instructions in the Serverless operator and application quick starts\n1896645 - documentationBaseURL needs to be updated for 4.7\n1896697 - [Descheduler] policy.yaml param in cluster configmap is empty\n1896704 - Machine API components should honour cluster wide proxy settings\n1896732 - \"Attach to Virtual Machine OS\" button should not be visible on old clusters\n1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection  is incompatible with SR-IOV operator\n1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails\n1896918 - start creating new-style Secrets for AWS\n1896923 - DNS pod /metrics exposed on anonymous http port\n1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1897003 - VNC console cannot be connected after visit it in new window\n1897008 - Cypress: reenable check for \u0027aria-hidden-focus\u0027 rule \u0026 checkA11y test for modals\n1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO\n1897039 - router pod keeps printing log: template \"msg\"=\"router reloaded\"  \"output\"=\"[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option \u0027http-use-htx\u0027 is deprecated and ignored\n1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. \n1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces\n1897138 - oVirt provider uses depricated cluster-api project\n1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly\n1897252 - Firing alerts are not showing up in console UI after cluster is up for some time\n1897354 - Operator installation showing success, but Provided APIs are missing\n1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with \"connection refused\"\n1897412 - [sriov]disableDrain did not be updated in CRD of manifest\n1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page\n1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to \u0027localhost\u0027\n1897520 - After restarting nodes the image-registry co is in degraded true state. \n1897584 - Add casc plugins\n1897603 - Cinder volume attachment detection failure in Kubelet\n1897604 - Machine API deployment fails: Kube-Controller-Manager can\u0027t reach API: \"Unauthorized\"\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests\n1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition\n1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`\n1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing\n1897897 - ptp lose sync openshift 4.6\n1898036 - no network after reboot (IPI)\n1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically\n1898097 - mDNS floods the baremetal network\n1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem\n1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied\n1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster\n1898174 - [OVN] EgressIP does not guard against node IP assignment\n1898194 - GCP: can\u0027t install on custom machine types\n1898238 - Installer validations allow same floating IP for API and Ingress\n1898268 - [OVN]: `make check` broken on 4.6\n1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default\n1898320 - Incorrect Apostrophe  Translation of  \"it\u0027s\" in Scheduling Disabled Popover\n1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. \n1898407 - [Deployment timing regression] Deployment takes longer with 4.7\n1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service\n1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine\n1898500 - Failure to upgrade operator when a Service is included in a Bundle\n1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic\n1898532 - Display names defined in specDescriptors not respected\n1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted\n1898613 - Whereabouts should exclude IPv6 ranges\n1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase\n1898679 - Operand creation form - Required \"type: object\" properties (Accordion component) are missing red asterisk\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator\n1898839 - Wrong YAML in operator metadata\n1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job\n1898873 - Remove TechPreview Badge from Monitoring\n1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way\n1899111 - [RFE] Update jenkins-maven-agen to maven36\n1899128 - VMI details screen -\u003e show the warning that it is preferable to have a VM only if the VM actually does not exist\n1899175 - bump the RHCOS boot images for 4.7\n1899198 - Use new packages for ipa ramdisks\n1899200 - In Installed Operators page I cannot search for an Operator by it\u0027s name\n1899220 - Support AWS IMDSv2\n1899350 - configure-ovs.sh doesn\u0027t configure bonding options\n1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error \"An error occurred Not Found\"\n1899459 - Failed to start monitoring pods once the operator removed from override list of CVO\n1899515 - Passthrough credentials are not immediately re-distributed on update\n1899575 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899582 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899588 - Operator objects are re-created after all other associated resources have been deleted\n1899600 - Increased etcd fsync latency as of OCP 4.6\n1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup\n1899627 - Project dashboard Active status using small icon\n1899725 - Pods table does not wrap well with quick start sidebar open\n1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)\n1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality\n1899835 - catalog-operator repeatedly crashes with \"runtime error: index out of range [0] with length 0\"\n1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1899853 - additionalSecurityGroupIDs not working for master nodes\n1899922 - NP changes sometimes influence new pods. \n1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet\n1900008 - Fix internationalized sentence fragments in ImageSearch.tsx\n1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx\n1900020 - Remove \u0026apos; from internationalized keys\n1900022 - Search Page - Top labels field is not applied to selected Pipeline resources\n1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently\n1900126 - Creating a VM results in suggestion to create a default storage class when one already exists\n1900138 - [OCP on RHV] Remove insecure mode from the installer\n1900196 - stalld is not restarted after crash\n1900239 - Skip \"subPath should be able to unmount\" NFS test\n1900322 - metal3 pod\u0027s toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists\n1900377 - [e2e][automation] create new css selector for active users\n1900496 - (release-4.7) Collect spec config for clusteroperator resources\n1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks\n1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue\n1900759 - include qemu-guest-agent by default\n1900790 - Track all resource counts via telemetry\n1900835 - Multus errors when cachefile is not found\n1900935 - `oc adm release mirror` panic panic: runtime error\n1900989 - accessing the route cannot wake up the idled resources\n1901040 - When scaling down the status of the node is stuck on deleting\n1901057 - authentication operator health check failed when installing a cluster behind proxy\n1901107 - pod donut shows incorrect information\n1901111 - Installer dependencies are broken\n1901200 - linuxptp-daemon crash when enable debug log level\n1901301 - CBO should handle platform=BM without provisioning CR\n1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly\n1901363 - High Podready Latency due to timed out waiting for annotations\n1901373 - redundant bracket on snapshot restore button\n1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with \"timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true\"\n1901395 - \"Edit virtual machine template\" action link should be removed\n1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting\n1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP\n1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema\n1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod \"before all\" hook for \"creates the resource instance\"\n1901604 - CNO blocks editing Kuryr options\n1901675 - [sig-network] multicast when using one of the plugins \u0027redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy\u0027 should allow multicast traffic in namespaces where it is enabled\n1901909 - The device plugin pods / cni pod are restarted every 5 minutes\n1901982 - [sig-builds][Feature:Builds] build can reference a cluster service  with a build being created from new-build should be able to run a build that references a cluster service\n1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error\n1902059 - Wire a real signer for service accout issuer\n1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902157 - The DaemonSet machine-api-termination-handler couldn\u0027t allocate Pod\n1902253 - MHC status doesnt set RemediationsAllowed = 0\n1902299 - Failed to mirror operator catalog - error: destination registry required\n1902545 - Cinder csi driver node pod should add nodeSelector for Linux\n1902546 - Cinder csi driver node pod doesn\u0027t run on master node\n1902547 - Cinder csi driver controller pod doesn\u0027t run on master node\n1902552 - Cinder csi driver does not use the downstream images\n1902595 - Project workloads list view doesn\u0027t show alert icon and hover message\n1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent\n1902601 - Cinder csi driver pods run as BestEffort qosClass\n1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group\n1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails\n1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked\n1902824 - failed to generate semver informed package manifest: unable to determine default channel\n1902894 - hybrid-overlay-node crashing trying to get node object during initialization\n1902969 - Cannot load vmi detail page\n1902981 - It should default to current namespace when create vm from template\n1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file  via s3:// URI\n1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry\n1903034 - OLM continuously printing debug logs\n1903062 - [Cinder csi driver] Deployment mounted volume have no write access\n1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready\n1903107 - Enable vsphere-problem-detector e2e tests\n1903164 - OpenShift YAML editor jumps to top every few seconds\n1903165 - Improve Canary Status Condition handling for e2e tests\n1903172 - Column Management: Fix sticky footer on scroll\n1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled\n1903188 - [Descheduler] cluster log reports failed to validate server configuration\" err=\"unsupported log format:\n1903192 - Role name missing on create role binding form\n1903196 - Popover positioning is misaligned for Overview Dashboard status items\n1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. \n1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components\n1903248 - Backport Upstream Static Pod UID patch\n1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]\n1903290 - Kubelet repeatedly log the same log line from exited containers\n1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. \n1903382 - Panic when task-graph is canceled with a TaskNode with no tasks\n1903400 - Migrate a VM which is not running goes to pending state\n1903402 - Nic/Disk on VMI overview should link to VMI\u0027s nic/disk page\n1903414 - NodePort is not working when configuring an egress IP address\n1903424 - mapi_machine_phase_transition_seconds_sum doesn\u0027t work\n1903464 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1903639 - Hostsubnet gatherer produces wrong output\n1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started\n1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image\n1903717 - Handle different Pod selectors for metal3 Deployment\n1903733 - Scale up followed by scale down can delete all running workers\n1903917 - Failed to load \"Developer Catalog\" page\n1903999 - Httplog response code is always zero\n1904026 - The quota controllers should resync on new resources and make progress\n1904064 - Automated cleaning is disabled by default\n1904124 - DHCP to static lease script doesn\u0027t work correctly if starting with infinite leases\n1904125 - Boostrap VM .ign image gets added into \u0027default\u0027 pool instead of \u003ccluster-name\u003e-\u003cid\u003e-bootstrap\n1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1904133 - KubeletConfig flooded with failure conditions\n1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart\n1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !\n1904244 - MissingKey errors for two plugins using i18next.t\n1904262 - clusterresourceoverride-operator has version: 1.0.0 every build\n1904296 - VPA-operator has version: 1.0.0 every build\n1904297 - The index image generated by \"opm index prune\" leaves unrelated images\n1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards\n1904385 - [oVirt] registry cannot mount volume on 4.6.4 -\u003e 4.6.6 upgrade\n1904497 - vsphere-problem-detector: Run on vSphere cloud only\n1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set\n1904502 - vsphere-problem-detector: allow longer timeouts for some operations\n1904503 - vsphere-problem-detector: emit alerts\n1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)\n1904578 - metric scraping for vsphere problem detector is not configured\n1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -\u003e 4.6.6 upgrade\n1904663 - IPI pointer customization MachineConfig always generated\n1904679 - [Feature:ImageInfo] Image info should display information about images\n1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image\n1904684 - [sig-cli] oc debug ensure it works with image streams\n1904713 - Helm charts with kubeVersion restriction are filtered incorrectly\n1904776 - Snapshot modal alert is not pluralized\n1904824 - Set vSphere hostname from guestinfo before NM starts\n1904941 - Insights status is always showing a loading icon\n1904973 - KeyError: \u0027nodeName\u0027 on NP deletion\n1904985 - Prometheus and thanos sidecar targets are down\n1904993 - Many ampersand special characters are found in strings\n1905066 - QE - Monitoring test cases - smoke test suite automation\n1905074 - QE -Gherkin linter to maintain standards\n1905100 - Too many haproxy processes in default-router pod causing high load average\n1905104 - Snapshot modal disk items missing keys\n1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm\n1905119 - Race in AWS EBS determining whether custom CA bundle is used\n1905128 - [e2e][automation] e2e tests succeed without actually execute\n1905133 - operator conditions special-resource-operator\n1905141 - vsphere-problem-detector: report metrics through telemetry\n1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures\n1905194 - Detecting broken connections to the Kube API takes up to 15 minutes\n1905221 - CVO transitions from \"Initializing\" to \"Updating\" despite not attempting many manifests\n1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP\n1905253 - Inaccurate text at bottom of Events page\n1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905299 - OLM fails to update operator\n1905307 - Provisioning CR is missing from must-gather\n1905319 - cluster-samples-operator containers are not requesting required memory resource\n1905320 - csi-snapshot-webhook is not requesting required memory resource\n1905323 - dns-operator is not requesting required memory resource\n1905324 - ingress-operator is not requesting required memory resource\n1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory\n1905328 - Changing the bound token service account issuer invalids previously issued bound tokens\n1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory\n1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails\n1905347 - QE - Design Gherkin Scenarios\n1905348 - QE - Design Gherkin Scenarios\n1905362 - [sriov] Error message \u0027Fail to update DaemonSet\u0027 always shown in sriov operator pod\n1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted\n1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input\n1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation\n1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1\n1905404 - The example of \"Remove the entrypoint on the mysql:latest image\" for `oc image append` does not work\n1905416 - Hyperlink not working from Operator Description\n1905430 - usbguard extension fails to install because of missing correct protobuf dependency version\n1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads\n1905502 - Test flake - unable to get https transport for ephemeral-registry\n1905542 - [GSS] The \"External\" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. \n1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs\n1905610 - Fix typo in export script\n1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster\n1905640 - Subscription manual approval test is flaky\n1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry\n1905696 - ClusterMoreUpdatesModal component did not get internationalized\n1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project\n1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster\n1905792 - [OVN]Cannot create egressfirewalll with dnsName\n1905889 - Should create SA for each namespace that the operator scoped\n1905920 - Quickstart exit and restart\n1905941 - Page goes to error after create catalogsource\n1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711\n1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters\n1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected\n1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it\n1906118 - OCS feature detection constantly polls storageclusters and storageclasses\n1906120 - \u0027Create Role Binding\u0027 form not setting user or group value when created from a user or group resource\n1906121 - [oc] After new-project creation, the kubeconfig file does not set the project\n1906134 - OLM should not create OperatorConditions for copied CSVs\n1906143 - CBO supports log levels\n1906186 - i18n: Translators are not able to translate `this` without context for alert manager config\n1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots\n1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. \n1906276 - `oc image append` can\u0027t work with multi-arch image with  --filter-by-os=\u0027.*\u0027\n1906318 - use proper term for Authorized SSH Keys\n1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional\n1906356 - Unify Clone PVC boot source flow with URL/Container boot source\n1906397 - IPA has incorrect kernel command line arguments\n1906441 - HorizontalNav and NavBar have invalid keys\n1906448 - Deploy using virtualmedia with provisioning network disabled fails - \u0027Failed to connect to the agent\u0027 in ironic-conductor log\n1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project\n1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures\n1906511 - Root reprovisioning tests flaking often in CI\n1906517 - Validation is not robust enough and may prevent to generate install-confing. \n1906518 - Update snapshot API CRDs to v1\n1906519 - Update LSO CRDs to use v1\n1906570 - Number of disruptions caused by reboots on a cluster cannot be measured\n1906588 - [ci][sig-builds] nodes is forbidden: User \"e2e-test-jenkins-pipeline-xfghs-user\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs\n1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs\n1906679 - quick start panel styles are not loaded\n1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form\n1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created\n1906689 - user can pin to nav configmaps and secrets multiple times\n1906691 - Add doc which describes disabling helm chart repository\n1906713 - Quick starts not accesible for a developer user\n1906718 - helm chart \"provided by Redhat\" is misspelled\n1906732 - Machine API proxy support should be tested\n1906745 - Update Helm endpoints to use Helm 3.4.x\n1906760 - performance issues with topology constantly re-rendering\n1906766 - localized `Autoscaled` \u0026 `Autoscaling` pod texts overlap with the pod ring\n1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section\n1906769 - topology fails to load with non-kubeadmin user\n1906770 - shortcuts on mobiles view occupies a lot of space\n1906798 - Dev catalog customization doesn\u0027t update console-config ConfigMap\n1906806 - Allow installing extra packages in ironic container images\n1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer\n1906835 - Topology view shows add page before then showing full project workloads\n1906840 - ClusterOperator should not have status \"Updating\" if operator version is the same as the release version\n1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy\n1906860 - Bump kube dependencies to v1.20 for Net Edge components\n1906864 - Quick Starts Tour: Need to adjust vertical spacing\n1906866 - Translations of Sample-Utils\n1906871 - White screen when sort by name in monitoring alerts page\n1906872 - Pipeline Tech Preview Badge Alignment\n1906875 - Provide an option to force backup even when API is not available. \n1906877 - Placeholder\u0027 value in search filter do not match column heading in Vulnerabilities\n1906879 - Add missing i18n keys\n1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install\n1906896 - No Alerts causes odd empty Table (Need no content message)\n1906898 - Missing User RoleBindings in the Project Access Web UI\n1906899 - Quick Start - Highlight Bounding Box Issue\n1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1\n1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers\n1906935 - Delete resources when Provisioning CR is deleted\n1906968 - Must-gather should support collecting kubernetes-nmstate resources\n1906986 - Ensure failed pod adds are retried even if the pod object doesn\u0027t change\n1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt\n1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1907211 - beta promotion of p\u0026f switched storage version to v1beta1, making downgrades impossible. \n1907269 - Tooltips data are different when checking stack or not checking stack for the same time\n1907280 - Install tour of OCS not available. \n1907282 - Topology page breaks with white screen\n1907286 - The default mhc machine-api-termination-handler couldn\u0027t watch spot instance\n1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent\n1907293 - Increase timeouts in e2e tests\n1907295 - Gherkin script for improve management for helm\n1907299 - Advanced Subscription Badge for KMS and Arbiter not present\n1907303 - Align VM template list items by baseline\n1907304 - Use PF styles for selected template card in VM Wizard\n1907305 - Drop \u0027ISO\u0027 from CDROM boot source message\n1907307 - Support and provider labels should be passed on between templates and sources\n1907310 - Pin action should be renamed to favorite\n1907312 - VM Template source popover is missing info about added date\n1907313 - ClusterOperator objects cannot be overriden with cvo-overrides\n1907328 - iproute-tc package is missing in ovn-kube image\n1907329 - CLUSTER_PROFILE env. variable is not used by the CVO\n1907333 - Node stuck in degraded state, mcp reports \"Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached\"\n1907373 - Rebase to kube 1.20.0\n1907375 - Bump to latest available 1.20.x k8s - workloads team\n1907378 - Gather netnamespaces networking info\n1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity\n1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn\u0027t match the CSV one\n1907390 - prometheus-adapter: panic after k8s 1.20 bump\n1907399 - build log icon link on topology nodes cause app to reload\n1907407 - Buildah version not accessible\n1907421 - [4.6.1]oc-image-mirror command failed on \"error: unable to copy layer\"\n1907453 - Dev Perspective -\u003e running vm details -\u003e resources -\u003e no data\n1907454 - Install PodConnectivityCheck CRD with CNO\n1907459 - \"The Boot source is also maintained by Red Hat.\" is always shown for all boot sources\n1907475 - Unable to estimate the error rate of ingress across the connected fleet\n1907480 - `Active alerts` section throwing forbidden error for users. \n1907518 - Kamelets/Eventsource should be shown to user if they have create access\n1907543 - Korean timestamps are shown when users\u0027 language preferences are set to German-en-en-US\n1907610 - Update kubernetes deps to 1.20\n1907612 - Update kubernetes deps to 1.20\n1907621 - openshift/installer: bump cluster-api-provider-kubevirt version\n1907628 - Installer does not set primary subnet consistently\n1907632 - Operator Registry should update its kubernetes dependencies to 1.20\n1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters\n1907644 - fix up handling of non-critical annotations on daemonsets/deployments\n1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)\n1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication\n1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail\n1907767 - [e2e][automation]update test suite for kubevirt plugin\n1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don\u0027t allow master and worker nodes to boot\n1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade\n1907793 - Surface support info in VM template details\n1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage\n1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set\n1907863 - Quickstarts status not updating when starting the tour\n1907872 - dual stack with an ipv6 network fails on bootstrap phase\n1907874 - QE - Design Gherkin Scenarios for epic ODC-5057\n1907875 - No response when try to expand pvc with an invalid size\n1907876 - Refactoring record package to make gatherer configurable\n1907877 - QE - Automation- pipelines builder scripts\n1907883 - Fix Pipleine creation without namespace issue\n1907888 - Fix pipeline list page loader\n1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form\n1907892 - Unable to edit application deployed using \"From Devfile\" option\n1907893 - navSortUtils.spec.ts unit test failure\n1907896 - When a workload is added, Topology does not place the new items well\n1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template\n1907924 - Enable madvdontneed in OpenShift Images\n1907929 - Enable madvdontneed in OpenShift System Components Part 2\n1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot\n1907947 - The kubeconfig saved in tenantcluster shouldn\u0027t include anything that is not related to the current context\n1907948 - OCM-O bump to k8s 1.20\n1907952 - bump to k8s 1.20\n1907972 - Update OCM link to open Insights tab\n1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI\n1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916\n1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni\n1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk\n1908035 - dynamic-demo-plugin build does not generate dist directory\n1908135 - quick search modal is not centered over topology\n1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled\n1908159 - [AWS C2S] MCO fails to sync cloud config\n1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)\n1908180 - Add source for template is stucking in preparing pvc\n1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens\n1908231 - [Migration] The pods ovnkube-node are in  CrashLoopBackOff after SDN to OVN\n1908277 - QE - Automation- pipelines actions scripts\n1908280 - Documentation describing `ignore-volume-az` is incorrect\n1908296 - Fix pipeline builder form yaml switcher validation issue\n1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI\n1908323 - Create button missing for PLR in the search page\n1908342 - The new pv_collector_total_pv_count is not reported via telemetry\n1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name\n1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots\n1908349 - Volume snapshot tests are failing after 1.20 rebase\n1908353 - QE - Automation- pipelines runs scripts\n1908361 - bump to k8s 1.20\n1908367 - QE - Automation- pipelines triggers scripts\n1908370 - QE - Automation- pipelines secrets scripts\n1908375 - QE - Automation- pipelines workspaces scripts\n1908381 - Go Dependency Fixes for Devfile Lib\n1908389 - Loadbalancer Sync failing on Azure\n1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived\n1908407 - Backport Upstream 95269 to fix potential crash in kubelet\n1908410 - Exclude Yarn from VSCode search\n1908425 - Create Role Binding form subject type and name are undefined when All Project is selected\n1908431 - When the marketplace-operator pod get\u0027s restarted, the custom catalogsources are gone, as well as the pods\n1908434 - Remove \u0026apos from metal3-plugin internationalized strings\n1908437 - Operator backed with no icon has no badge associated with the CSV tag\n1908459 - bump to k8s 1.20\n1908461 - Add bugzilla component to OWNERS file\n1908462 - RHCOS 4.6 ostree removed dhclient\n1908466 - CAPO AZ Screening/Validating\n1908467 - Zoom in and zoom out in topology package should be sentence case\n1908468 - [Azure][4.7] Installer can\u0027t properly parse instance type with non integer memory size\n1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster\n1908471 - OLM should bump k8s dependencies to 1.20\n1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests\n1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM\n1908545 - VM clone dialog does not open\n1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard\n1908562 - Pod readiness is not being observed in real world cases\n1908565 - [4.6] Cannot filter the platform/arch of the index image\n1908573 - Align the style of flavor\n1908583 - bootstrap does not run on additional networks if configured for master in install-config\n1908596 - Race condition on operator installation\n1908598 - Persistent Dashboard shows events for all provisioners\n1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state\n1908648 - Skip TestKernelType test on OKD, adjust TestExtensions\n1908650 - The title of customize wizard is inconsistent\n1908654 - cluster-api-provider: volumes and disks names shouldn\u0027t change by machine-api-operator\n1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]\n1908687 - Option to save user settings separate when using local bridge (affects console developers only)\n1908697 - Show `kubectl diff ` command in the oc diff help page\n1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom\n1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds\n1908717 - \"missing unit character in duration\" error in some network dashboards\n1908746 - [Safari] Drop Shadow doesn\u0027t works as expected on hover on workload\n1908747 - stale S3 CredentialsRequest in CCO manifest\n1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase\n1908830 - RHCOS 4.6 - Missing Initiatorname\n1908868 - Update empty state message for EventSources and Channels tab\n1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1908888 - Dualstack does not work with multiple gateways\n1908889 - Bump CNO to k8s 1.20\n1908891 - TestDNSForwarding DNS operator e2e test is failing frequently\n1908914 - CNO: upgrade nodes before masters\n1908918 - Pipeline builder yaml view sidebar is not responsive\n1908960 - QE - Design Gherkin Scenarios\n1908971 - Gherkin Script for pipeline debt 4.7\n1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated\n1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console\n1908998 - [cinder-csi-driver] doesn\u0027t detect the credentials change\n1909004 - \"No datapoints found\" for RHEL node\u0027s filesystem graph\n1909005 - i18n: workloads list view heading is not translated\n1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects\n1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type\n1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware\n1909067 - Web terminal should keep latest output when connection closes\n1909070 - PLR and TR Logs component is not streaming as fast as tkn\n1909092 - Error Message should not confuse user on Channel form\n1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page\n1909108 - Machine API components should use 1.20 dependencies\n1909116 - Catalog Sort Items dropdown is not aligned on Firefox\n1909198 - Move Sink action option is not working\n1909207 - Accessibility Issue on monitoring page\n1909236 - Remove pinned icon overlap on resource name\n1909249 - Intermittent packet drop from pod to pod\n1909276 - Accessibility Issue on create project modal\n1909289 - oc debug of an init container no longer works\n1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2\n1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle\n1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it\n1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O\n1909464 - Build operator-registry with golang-1.15\n1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found\n1909521 - Add kubevirt cluster type for e2e-test workflow\n1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created\n1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node\n1909610 - Fix available capacity when no storage class selected\n1909678 - scale up / down buttons available on pod details side panel\n1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined\n1909739 - Arbiter request data changes\n1909744 - cluster-api-provider-openstack: Bump gophercloud\n1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline\n1909791 - Update standalone kube-proxy config for EndpointSlice\n1909792 - Empty states for some details page subcomponents are not i18ned\n1909815 - Perspective switcher is only half-i18ned\n1909821 - OCS 4.7 LSO installation blocked because of Error \"Invalid value: \"integer\": spec.flexibleScaling in body\n1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn\u0027t installed in CI\n1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing\n1909911 - [OVN]EgressFirewall caused a segfault\n1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument\n1909958 - Support Quick Start Highlights Properly\n1909978 - ignore-volume-az = yes not working on standard storageClass\n1909981 - Improve statement in template select step\n1909992 - Fail to pull the bundle image when using the private index image\n1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev\n1910036 - QE - Design Gherkin Scenarios ODC-4504\n1910049 - UPI: ansible-galaxy is not supported\n1910127 - [UPI on oVirt]:  Improve UPI Documentation\n1910140 - fix the api dashboard with changes in upstream kube 1.20\n1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment\u0027s containers with the OPERATOR_CONDITION_NAME Environment Variable\n1910165 - DHCP to static lease script doesn\u0027t handle multiple addresses\n1910305 - [Descheduler] - The minKubeVersion should be 1.20.0\n1910409 - Notification drawer is not localized for i18n\n1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials\n1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation\n1910501 - Installed Operators-\u003eOperand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page\n1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work\n1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready\n1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability\n1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded\n1910739 - Redfish-virtualmedia (idrac) deploy fails on \"The Virtual Media image server is already connected\"\n1910753 - Support Directory Path to Devfile\n1910805 - Missing translation for Pipeline status and breadcrumb text\n1910829 - Cannot delete a PVC if the dv\u0027s phase is WaitForFirstConsumer\n1910840 - Show Nonexistent  command info in the `oc rollback -h` help page\n1910859 - breadcrumbs doesn\u0027t use last namespace\n1910866 - Unify templates string\n1910870 - Unify template dropdown action\n1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6\n1911129 - Monitoring charts renders nothing when switching from a Deployment to \"All workloads\"\n1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard\n1911212 - [MSTR-998] API Performance Dashboard \"Period\" drop-down has a choice \"$__auto_interval_period\" which can bring \"1:154: parse error: missing unit character in duration\"\n1911213 - Wrong and misleading warning for VMs that were created manually (not from template)\n1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created\n1911269 - waiting for the build message present when build exists\n1911280 - Builder images are not detected for Dotnet, Httpd, NGINX\n1911307 - Pod Scale-up requires extra privileges in OpenShift web-console\n1911381 - \"Select Persistent Volume Claim project\" shows in customize wizard when select a source available template\n1911382 - \"source volumeMode (Block) and target volumeMode (Filesystem) do not match\" shows in VM Error\n1911387 - Hit error - \"Cannot read property \u0027value\u0027 of undefined\" while creating VM from template\n1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation\n1911418 - [v2v] The target storage class name is not displayed if default storage class is used\n1911434 - git ops empty state page displays icon with watermark\n1911443 - SSH Cretifiaction field should be validated\n1911465 - IOPS display wrong unit\n1911474 - Devfile Application Group Does Not Delete Cleanly (errors)\n1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController\n1911574 - Expose volume mode  on Upload Data form\n1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined\n1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel\n1911656 - using \u0027operator-sdk run bundle\u0027 to install operator successfully, but the command output said \u0027Failed to run bundle\u0027\u0027\n1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1911782 - Descheduler should not evict pod used local storage by the PVC\n1911796 - uploading flow being displayed before submitting the form\n1912066 - The ansible type operator\u0027s manager container is not stable when managing the CR\n1912077 - helm operator\u0027s default rbac forbidden\n1912115 - [automation] Analyze job keep failing because of \u0027JavaScript heap out of memory\u0027\n1912237 - Rebase CSI sidecars for 4.7\n1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page\n1912409 - Fix flow schema deployment\n1912434 - Update guided tour modal title\n1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken\n1912523 - Standalone pod status not updating in topology graph\n1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion\n1912558 - TaskRun list and detail screen doesn\u0027t show Pending status\n1912563 - p\u0026f: carry 97206: clean up executing request on panic\n1912565 - OLM macOS local build broken by moby/term dependency\n1912567 - [OCP on RHV] Node becomes to \u0027NotReady\u0027 status when shutdown vm from RHV UI only on the second deletion\n1912577 - 4.1/4.2-\u003e4.3-\u003e...-\u003e 4.7 upgrade is stuck during 4.6-\u003e4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff\n1912590 - publicImageRepository not being populated\n1912640 - Go operator\u0027s controller pods is forbidden\n1912701 - Handle dual-stack configuration for NIC IP\n1912703 - multiple queries can\u0027t be plotted in the same graph under some conditons\n1912730 - Operator backed: In-context should support visual connector if SBO is not installed\n1912828 - Align High Performance VMs with High Performance in RHV-UI\n1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates\n1912852 - VM from wizard - available VM templates - \"storage\" field is \"0 B\"\n1912888 - recycler template should be moved to KCM operator\n1912907 - Helm chart repository index can contain unresolvable relative URL\u0027s\n1912916 - Set external traffic policy to cluster for IBM platform\n1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller\n1912938 - Update confirmation modal for quick starts\n1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment\n1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment\n1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver\n1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912977 - rebase upstream static-provisioner\n1913006 - Remove etcd v2 specific alerts with etcd_http* metrics\n1913011 - [OVN] Pod\u0027s external traffic not use egressrouter macvlan ip as a source ip\n1913037 - update static-provisioner base image\n1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state\n1913085 - Regression OLM uses scoped client for CRD installation\n1913096 - backport: cadvisor machine metrics are missing in k8s 1.19\n1913132 - The installation of Openshift Virtualization reports success early before it \u0027s succeeded eventually\n1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root\n1913196 - Guided Tour doesn\u0027t handle resizing of browser\n1913209 - Support modal should be shown for community supported templates\n1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort\n1913249 - update info alert this template is not aditable\n1913285 - VM list empty state should link to virtualization quick starts\n1913289 - Rebase AWS EBS CSI driver for 4.7\n1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled\n1913297 - Remove restriction of taints for arbiter node\n1913306 - unnecessary scroll bar is present on quick starts panel\n1913325 - 1.20 rebase for openshift-apiserver\n1913331 - Import from git: Fails to detect Java builder\n1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used\n1913343 - (release-4.7) Added changelog file for insights-operator\n1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator\n1913371 - Missing i18n key \"Administrator\" in namespace \"console-app\" and language \"en.\"\n1913386 - users can see metrics of namespaces for which they don\u0027t have rights when monitoring own services with prometheus user workloads\n1913420 - Time duration setting of resources is not being displayed\n1913536 - 4.6.9 -\u003e 4.7 upgrade hangs.  RHEL 7.9 worker stuck on \"error enabling unit: Failed to execute operation: File exists\\\\n\\\"\n1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase\n1913560 - Normal user cannot load template on the new wizard\n1913563 - \"Virtual Machine\" is not on the same line in create button when logged with normal user\n1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table\n1913568 - Normal user cannot create template\n1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker\n1913585 - Topology descriptive text fixes\n1913608 - Table data contains data value None after change time range in graph and change back\n1913651 - Improved Red Hat image and crashlooping OpenShift pod collection\n1913660 - Change location and text of Pipeline edit flow alert\n1913685 - OS field not disabled when creating a VM from a template\n1913716 - Include additional use of existing libraries\n1913725 - Refactor Insights Operator Plugin states\n1913736 - Regression: fails to deploy computes when using root volumes\n1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes\n1913751 - add third-party network plugin test suite to openshift-tests\n1913783 - QE-To fix the merging pr issue, commenting the afterEach() block\n1913807 - Template support badge should not be shown for community supported templates\n1913821 - Need definitive steps about uninstalling descheduler operator\n1913851 - Cluster Tasks are not sorted in pipeline builder\n1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists\n1913951 - Update the Devfile Sample Repo to an Official Repo Host\n1913960 - Cluster Autoscaler should use 1.20 dependencies\n1913969 - Field dependency descriptor can sometimes cause an exception\n1914060 - Disk created from \u0027Import via Registry\u0027 cannot be used as boot disk\n1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy\n1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances\n1914125 - Still using /dev/vde as default device path when create localvolume\n1914183 - Empty NAD page is missing link to quickstarts\n1914196 - target port in `from dockerfile` flow does nothing\n1914204 - Creating VM from dev perspective may fail with template not found error\n1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets\n1914212 - [e2e][automation] Add test to validate bootable disk souce\n1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes\n1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows\n1914287 - Bring back selfLink\n1914301 - User VM Template source should show the same provider as template itself\n1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs\n1914309 - /terminal page when WTO not installed shows nonsensical error\n1914334 - order of getting started samples is arbitrary\n1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel]  timeout on s390x\n1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI\n1914405 - Quick search modal should be opened when coming back from a selection\n1914407 - Its not clear that node-ca is running as non-root\n1914427 - Count of pods on the dashboard is incorrect\n1914439 - Typo in SRIOV port create command example\n1914451 - cluster-storage-operator pod running as root\n1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true\n1914642 - Customize Wizard Storage tab does not pass validation\n1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling\n1914793 - device names should not be translated\n1914894 - Warn about using non-groupified api version\n1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug\n1914932 - Put correct resource name in relatedObjects\n1914938 - PVC disk is not shown on customization wizard general tab\n1914941 - VM Template rootdisk is not deleted after fetching default disk bus\n1914975 - Collect logs from openshift-sdn namespace\n1915003 - No estimate of average node readiness during lifetime of a cluster\n1915027 - fix MCS blocking iptables rules\n1915041 - s3:ListMultipartUploadParts is relied on implicitly\n1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons\n1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours\n1915085 - Pods created and rapidly terminated get stuck\n1915114 - [aws-c2s] worker machines are not create during install\n1915133 - Missing default pinned nav items in dev perspective\n1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource\n1915187 - Remove the \"Tech preview\" tag in web-console for volumesnapshot\n1915188 - Remove HostSubnet anonymization\n1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment\n1915217 - OKD payloads expect to be signed with production keys\n1915220 - Remove dropdown workaround for user settings\n1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure\n1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod\n1915277 - [e2e][automation]fix cdi upload form test\n1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout\n1915304 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node\n1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection\n1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod\n1915357 - Dev Catalog doesn\u0027t load anything if virtualization operator is installed\n1915379 - New template wizard should require provider and make support input a dropdown type\n1915408 - Failure in operator-registry kind e2e test\n1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation\n1915460 - Cluster name size might affect installations\n1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance\n1915540 - Silent 4.7 RHCOS install failure on ppc64le\n1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)\n1915582 - p\u0026f: carry upstream pr 97860\n1915594 - [e2e][automation] Improve test for disk validation\n1915617 - Bump bootimage for various fixes\n1915624 - \"Please fill in the following field: Template provider\" blocks customize wizard\n1915627 - Translate Guided Tour text. \n1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error\n1915647 - Intermittent White screen when the connector dragged to revision\n1915649 - \"Template support\" pop up is not a warning; checkbox text should be rephrased\n1915654 - [e2e][automation] Add a verification for Afinity modal should hint \"Matching node found\"\n1915661 - Can\u0027t run the \u0027oc adm prune\u0027 command in a pod\n1915672 - Kuryr doesn\u0027t work with selfLink disabled. \n1915674 - Golden image PVC creation - storage size should be taken from the template\n1915685 - Message for not supported template is not clear enough\n1915760 - Need to increase timeout to wait rhel worker get ready\n1915793 - quick starts panel syncs incorrectly across browser windows\n1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster\n1915818 - vsphere-problem-detector: use \"_totals\" in metrics\n1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol\n1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version\n1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0\n1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics\n1915885 - Kuryr doesn\u0027t support workers running on multiple subnets\n1915898 - TaskRun log output shows \"undefined\" in streaming\n1915907 - test/cmd/builds.sh uses docker.io\n1915912 - sig-storage-csi-snapshotter image not available\n1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard\n1915939 - Resizing the browser window removes Web Terminal Icon\n1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]\n1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7\n1915962 - ROKS: manifest with machine health check fails to apply in 4.7\n1915972 - Global configuration breadcrumbs do not work as expected\n1915981 - Install ethtool and conntrack in container for debugging\n1915995 - \"Edit RoleBinding Subject\" action under RoleBinding list page kebab actions causes unhandled exception\n1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups\n1916021 - OLM enters infinite loop if Pending CSV replaces itself\n1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry\n1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert\u0027s annotations\n1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk\n1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration\n1916145 - Explicitly set minimum versions of python libraries\n1916164 - Update csi-driver-nfs builder \u0026 base images to be consistent with ART\n1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7\n1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third\n1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2\n1916379 - error metrics from vsphere-problem-detector should be gauge\n1916382 - Can\u0027t create ext4 filesystems with Ignition\n1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving \u0027verified: false\u0027 even for verified updates\n1916401 - Deleting an ingress controller with a bad DNS Record hangs\n1916417 - [Kuryr] Must-gather does not have all Custom Resources information\n1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n1916454 - teach CCO about upgradeability from 4.6 to 4.7\n1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation\n1916502 - Boot disk mirroring fails with mdadm error\n1916524 - Two rootdisk shows on storage step\n1916580 - Default yaml is broken for VM and VM template\n1916621 - oc adm node-logs examples are wrong\n1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. \n1916692 - Possibly fails to destroy LB and thus cluster\n1916711 - Update Kube dependencies in MCO to 1.20.0\n1916747 - remove links to quick starts if virtualization operator isn\u0027t updated to 2.6\n1916764 - editing a workload with no application applied, will auto fill the app\n1916834 - Pipeline Metrics - Text Updates\n1916843 - collect logs from openshift-sdn-controller pod\n1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed\n1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually\n1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited\n1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error \"Forbidden: cannot specify lbFloatingIP and apiFloatingIP together\"\n1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace\n1917101 - [UPI on oVirt] - \u0027RHCOS image\u0027 topic isn\u0027t located in the right place in UPI document\n1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to \u0027\"ProxyConfigController\" controller failed to sync \"key\"\u0027 error\n1917117 - Common templates - disks screen: invalid disk name\n1917124 - Custom template - clone existing PVC - the name of the target VM\u0027s data volume is hard-coded; only one VM can be created\n1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator\n1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1917148 - [oVirt] Consume 23-10 ovirt sdk\n1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened\n1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console\n1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory\n1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7\n1917327 - annotations.message maybe wrong for NTOPodsNotReady alert\n1917367 - Refactor periodic.go\n1917371 - Add docs on how to use the built-in profiler\n1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console\n1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui\n1917484 - [BM][IPI] Failed to scale down machineset\n1917522 - Deprecate --filter-by-os in oc adm catalog mirror\n1917537 - controllers continuously busy reconciling operator\n1917551 - use min_over_time for vsphere prometheus alerts\n1917585 - OLM Operator install page missing i18n\n1917587 - Manila CSI operator becomes degraded if user doesn\u0027t have permissions to list share types\n1917605 - Deleting an exgw causes pods to no longer route to other exgws\n1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API\n1917656 - Add to Project/application for eventSources from topology shows 404\n1917658 - Show TP badge for sources powered by camel connectors in create flow\n1917660 - Editing parallelism of job get error info\n1917678 - Could not provision pv when no symlink and target found on rhel worker\n1917679 - Hide double CTA in admin pipelineruns tab\n1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. \n1917759 - Console operator panics after setting plugin that does not exists to the console-operator config\n1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0\n1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0\n1917799 - Gather s list of names and versions of installed OLM operators\n1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error\n1917814 - Show Broker create option in eventing under admin perspective\n1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types\n1917872 - [oVirt] rebase on latest SDK 2021-01-12\n1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image\n1917938 - upgrade version of dnsmasq package\n1917942 - Canary controller causes panic in ingress-operator\n1918019 - Undesired scrollbars in markdown area of QuickStart\n1918068 - Flaky olm integration tests\n1918085 - reversed name of job and namespace in cvo log\n1918112 - Flavor is not editable if a customize VM is created from cli\n1918129 - Update IO sample archive with missing resources \u0026 remove IP anonymization from clusteroperator resources\n1918132 - i18n: Volume Snapshot Contents menu is not translated\n1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2\n1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn\u0027t be installed on OSP\n1918153 - When `\u0026` character is set as an environment variable in a build config it is getting converted as `\\u0026`\n1918185 - Capitalization on PLR details page\n1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections\n1918318 - Kamelet connector\u0027s are not shown in eventing section under Admin perspective\n1918351 - Gather SAP configuration (SCC \u0026 ClusterRoleBinding)\n1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews\n1918395 - [ovirt] increase livenessProbe period\n1918415 - MCD nil pointer on dropins\n1918438 - [ja_JP, zh_CN] Serverless i18n misses\n1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig\n1918471 - CustomNoUpgrade Feature gates are not working correctly\n1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk\n1918622 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1918623 - Updating ose-jenkins-agent-nodejs-12 builder \u0026 base images to be consistent with ART\n1918625 - Updating ose-jenkins-agent-nodejs-10 builder \u0026 base images to be consistent with ART\n1918635 - Updating openshift-jenkins-2 builder \u0026 base images to be consistent with ART #1197\n1918639 - Event listener with triggerRef crashes the console\n1918648 - Subscription page doesn\u0027t show InstallPlan correctly\n1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack\n1918748 - helmchartrepo is not http(s)_proxy-aware\n1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI\n1918803 - Need dedicated details page w/ global config breadcrumbs for \u0027KnativeServing\u0027 plugin\n1918826 - Insights popover icons are not horizontally aligned\n1918879 - need better debug for bad pull secrets\n1918958 - The default NMstate instance from the operator is incorrect\n1919097 - Close bracket \")\" missing at the end of the sentence in the UI\n1919231 - quick search modal cut off on smaller screens\n1919259 - Make \"Add x\" singular in Pipeline Builder\n1919260 - VM Template list actions should not wrap\n1919271 - NM prepender script doesn\u0027t support systemd-resolved\n1919341 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry\n1919379 - dotnet logo out of date\n1919387 - Console login fails with no error when it can\u0027t write to localStorage\n1919396 - A11y Violation: svg-img-alt on Pod Status ring\n1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren\u0027t verified\n1919750 - Search InstallPlans got Minified React error\n1919778 - Upgrade is stuck in insights operator Degraded with \"Source clusterconfig could not be retrieved\" until insights operator pod is manually deleted\n1919823 - OCP 4.7 Internationalization Chinese tranlate issue\n1919851 - Visualization does not render when Pipeline \u0026 Task share same name\n1919862 - The tip information for `oc new-project  --skip-config-write` is wrong\n1919876 - VM created via customize wizard cannot inherit template\u0027s PVC attributes\n1919877 - Click on KSVC breaks with white screen\n1919879 - The toolbox container name is changed from \u0027toolbox-root\u0027  to \u0027toolbox-\u0027 in a chroot environment\n1919945 - user entered name value overridden by default value when selecting a git repository\n1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference\n1919970 - NTO does not update when the tuned profile is updated. \n1919999 - Bump Cluster Resource Operator Golang Versions\n1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration\n1920200 - user-settings network error results in infinite loop of requests\n1920205 - operator-registry e2e tests not working properly\n1920214 - Bump golang to 1.15 in cluster-resource-override-admission\n1920248 - re-running the pipelinerun with pipelinespec crashes the UI\n1920320 - VM template field is \"Not available\" if it\u0027s created from common template\n1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`\n1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs\n1920390 - Monitoring \u003e Metrics graph shifts to the left when clicking the \"Stacked\" option and when toggling data series lines on / off\n1920426 - Egress Router CNI OWNERS file should have ovn-k team members\n1920427 - Need to update `oc login` help page since we don\u0027t support prompt interactively for the username\n1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time\n1920438 - openshift-tuned panics on turning debugging on/off. \n1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn\n1920481 - kuryr-cni pods using unreasonable amount of CPU\n1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof\n1920524 - Topology graph crashes adding Open Data Hub operator\n1920526 - catalog operator causing CPU spikes and bad etcd performance\n1920551 - Boot Order is not editable for Templates in \"openshift\" namespace\n1920555 - bump cluster-resource-override-admission api dependencies\n1920571 - fcp multipath will not recover failed paths automatically\n1920619 - Remove default scheduler profile value\n1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present\n1920674 - MissingKey errors in bindings namespace\n1920684 - Text in language preferences modal is misleading\n1920695 - CI is broken because of bad image registry reference in the Makefile\n1920756 - update generic-admission-server library to get the system:masters authorization optimization\n1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for \"network-check-target\" failed when \"defaultNodeSelector\" is set\n1920771 - i18n: Delete persistent volume claim drop down is not translated\n1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI\n1920912 - Unable to power off BMH from console\n1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by \"2\"\n1920984 - [e2e][automation] some menu items names are out dated\n1921013 - Gather PersistentVolume definition (if any) used in image registry config\n1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)\n1921087 - \u0027start next quick start\u0027 link doesn\u0027t work and is unintuitive\n1921088 - test-cmd is failing on volumes.sh pretty consistently\n1921248 - Clarify the kubelet configuration cr description\n1921253 - Text filter default placeholder text not internationalized\n1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window\n1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo\n1921277 - Fix Warning and Info log statements to handle arguments\n1921281 - oc get -o yaml --export returns \"error: unknown flag: --export\"\n1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn\u0027t exist\n1921556 - [OCS with Vault]: OCS pods didn\u0027t comeup after deploying with Vault details from UI\n1921572 - For external source (i.e GitHub Source) form view as well shows yaml\n1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass\n1921610 - Pipeline metrics font size inconsistency\n1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1921655 - [OSP] Incorrect error handling during cloudinfo generation\n1921713 - [e2e][automation]  fix failing VM migration tests\n1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view\n1921774 - delete application modal errors when a resource cannot be found\n1921806 - Explore page APIResourceLinks aren\u0027t i18ned\n1921823 - CheckBoxControls not internationalized\n1921836 - AccessTableRows don\u0027t internationalize \"User\" or \"Group\"\n1921857 - Test flake when hitting router in e2e tests due to one router not being up to date\n1921880 - Dynamic plugins are not initialized on console load in production mode\n1921911 - Installer PR #4589 is causing leak of IAM role policy bindings\n1921921 - \"Global Configuration\" breadcrumb does not use sentence case\n1921949 - Console bug - source code URL broken for gitlab self-hosted repositories\n1921954 - Subscription-related constraints in ResolutionFailed events are misleading\n1922015 - buttons in modal header are invisible on Safari\n1922021 - Nodes terminal page \u0027Expand\u0027 \u0027Collapse\u0027 button not translated\n1922050 - [e2e][automation] Improve vm clone tests\n1922066 - Cannot create VM from custom template which has extra disk\n1922098 - Namespace selection dialog is not closed after select a namespace\n1922099 - Updated Readme documentation for QE code review and setup\n1922146 - Egress Router CNI doesn\u0027t have logging support. \n1922267 - Collect specific ADFS error\n1922292 - Bump RHCOS boot images for 4.7\n1922454 - CRI-O doesn\u0027t enable pprof by default\n1922473 - reconcile LSO images for 4.8\n1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace\n1922782 - Source registry missing docker:// in yaml\n1922907 - Interop UI Tests - step implementation for updating feature files\n1922911 - Page crash when click the \"Stacked\" checkbox after clicking the data series toggle buttons\n1922991 - \"verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\" test fails on OKD\n1923003 - WebConsole Insights widget showing \"Issues pending\" when the cluster doesn\u0027t report anything\n1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources\n1923102 - [vsphere-problem-detector-operator] pod\u0027s version is not correct\n1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot\n1923674 - k8s 1.20 vendor dependencies\n1923721 - PipelineRun running status icon is not rotating\n1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios\n1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator\n1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator\n1923874 - Unable to specify values with % in kubeletconfig\n1923888 - Fixes error metadata gathering\n1923892 - Update arch.md after refactor. \n1923894 - \"installed\" operator status in operatorhub page does not reflect the real status of operator\n1923895 - Changelog generation. \n1923911 - [e2e][automation] Improve tests for vm details page and list filter\n1923945 - PVC Name and Namespace resets when user changes os/flavor/workload\n1923951 - EventSources shows `undefined` in project\n1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins\n1924046 - Localhost: Refreshing on a Project removes it from nav item urls\n1924078 - Topology quick search View all results footer should be sticky. \n1924081 - NTO should ship the latest Tuned daemon release 2.15\n1924084 - backend tests incorrectly hard-code artifacts dir\n1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents  do not have unexpected content using a simple Docker Strategy Build\n1924135 - Under sufficient load, CRI-O may segfault\n1924143 - Code Editor Decorator url is broken for Bitbucket repos\n1924188 - Language selector dropdown doesn\u0027t always pre-select the language\n1924365 - Add extra disk for VM which use boot source PXE\n1924383 - Degraded network operator during upgrade to 4.7.z\n1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. \n1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can\u0027t set finalizers on\n1924583 - Deprectaed templates are listed in the Templates screen\n1924870 - pick upstream pr#96901: plumb context with request deadline\n1924955 - Images from Private external registry not working in deploy Image\n1924961 - k8sutil.TrimDNS1123Label creates invalid values\n1924985 - Build egress-router-cni for both RHEL 7 and 8\n1925020 - Console demo plugin deployment image shoult not point to dockerhub\n1925024 - Remove extra validations on kafka source form view net section\n1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running\n1925072 - NTO needs to ship the current latest stalld v1.7.0\n1925163 - Missing info about dev catalog in boot source template column\n1925200 - Monitoring Alert icon is missing on the workload in Topology view\n1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1\n1925319 - bash syntax error in configure-ovs.sh script\n1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data\n1925516 - Pipeline Metrics Tooltips are overlapping data\n1925562 - Add new ArgoCD link from GitOps application environments page\n1925596 - Gitops details page image and commit id text overflows past card boundary\n1926556 - \u0027excessive etcd leader changes\u0027 test case failing in serial job because prometheus data is wiped by machine set test\n1926588 - The tarball of operator-sdk is not ready for ocp4.7\n1927456 - 4.7 still points to 4.6 catalog images\n1927500 - API server exits non-zero on 2 SIGTERM signals\n1929278 - Monitoring workloads using too high a priorityclass\n1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n1929920 - Cluster monitoring documentation link is broken - 404 not found\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10103\nhttps://access.redhat.com/security/cve/CVE-2018-10105\nhttps://access.redhat.com/security/cve/CVE-2018-14461\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://access.redhat.com/security/cve/CVE-2018-14463\nhttps://access.redhat.com/security/cve/CVE-2018-14464\nhttps://access.redhat.com/security/cve/CVE-2018-14465\nhttps://access.redhat.com/security/cve/CVE-2018-14466\nhttps://access.redhat.com/security/cve/CVE-2018-14467\nhttps://access.redhat.com/security/cve/CVE-2018-14468\nhttps://access.redhat.com/security/cve/CVE-2018-14469\nhttps://access.redhat.com/security/cve/CVE-2018-14470\nhttps://access.redhat.com/security/cve/CVE-2018-14553\nhttps://access.redhat.com/security/cve/CVE-2018-14879\nhttps://access.redhat.com/security/cve/CVE-2018-14880\nhttps://access.redhat.com/security/cve/CVE-2018-14881\nhttps://access.redhat.com/security/cve/CVE-2018-14882\nhttps://access.redhat.com/security/cve/CVE-2018-16227\nhttps://access.redhat.com/security/cve/CVE-2018-16228\nhttps://access.redhat.com/security/cve/CVE-2018-16229\nhttps://access.redhat.com/security/cve/CVE-2018-16230\nhttps://access.redhat.com/security/cve/CVE-2018-16300\nhttps://access.redhat.com/security/cve/CVE-2018-16451\nhttps://access.redhat.com/security/cve/CVE-2018-16452\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-6978\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9455\nhttps://access.redhat.com/security/cve/CVE-2019-9458\nhttps://access.redhat.com/security/cve/CVE-2019-11068\nhttps://access.redhat.com/security/cve/CVE-2019-12614\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15166\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-15917\nhttps://access.redhat.com/security/cve/CVE-2019-15925\nhttps://access.redhat.com/security/cve/CVE-2019-16167\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16231\nhttps://access.redhat.com/security/cve/CVE-2019-16233\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-18197\nhttps://access.redhat.com/security/cve/CVE-2019-18808\nhttps://access.redhat.com/security/cve/CVE-2019-18809\nhttps://access.redhat.com/security/cve/CVE-2019-19046\nhttps://access.redhat.com/security/cve/CVE-2019-19056\nhttps://access.redhat.com/security/cve/CVE-2019-19062\nhttps://access.redhat.com/security/cve/CVE-2019-19063\nhttps://access.redhat.com/security/cve/CVE-2019-19068\nhttps://access.redhat.com/security/cve/CVE-2019-19072\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19319\nhttps://access.redhat.com/security/cve/CVE-2019-19332\nhttps://access.redhat.com/security/cve/CVE-2019-19447\nhttps://access.redhat.com/security/cve/CVE-2019-19524\nhttps://access.redhat.com/security/cve/CVE-2019-19533\nhttps://access.redhat.com/security/cve/CVE-2019-19537\nhttps://access.redhat.com/security/cve/CVE-2019-19543\nhttps://access.redhat.com/security/cve/CVE-2019-19602\nhttps://access.redhat.com/security/cve/CVE-2019-19767\nhttps://access.redhat.com/security/cve/CVE-2019-19770\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20054\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20386\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20636\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20812\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-0305\nhttps://access.redhat.com/security/cve/CVE-2020-0444\nhttps://access.redhat.com/security/cve/CVE-2020-1716\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-2574\nhttps://access.redhat.com/security/cve/CVE-2020-2752\nhttps://access.redhat.com/security/cve/CVE-2020-2922\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-7774\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8563\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-8647\nhttps://access.redhat.com/security/cve/CVE-2020-8648\nhttps://access.redhat.com/security/cve/CVE-2020-8649\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-10732\nhttps://access.redhat.com/security/cve/CVE-2020-10749\nhttps://access.redhat.com/security/cve/CVE-2020-10751\nhttps://access.redhat.com/security/cve/CVE-2020-10763\nhttps://access.redhat.com/security/cve/CVE-2020-10773\nhttps://access.redhat.com/security/cve/CVE-2020-10774\nhttps://access.redhat.com/security/cve/CVE-2020-10942\nhttps://access.redhat.com/security/cve/CVE-2020-11565\nhttps://access.redhat.com/security/cve/CVE-2020-11668\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-12465\nhttps://access.redhat.com/security/cve/CVE-2020-12655\nhttps://access.redhat.com/security/cve/CVE-2020-12659\nhttps://access.redhat.com/security/cve/CVE-2020-12770\nhttps://access.redhat.com/security/cve/CVE-2020-12826\nhttps://access.redhat.com/security/cve/CVE-2020-13249\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14019\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14381\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15862\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-16166\nhttps://access.redhat.com/security/cve/CVE-2020-24490\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25641\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2020-25661\nhttps://access.redhat.com/security/cve/CVE-2020-25662\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2020-26160\nhttps://access.redhat.com/security/cve/CVE-2020-27813\nhttps://access.redhat.com/security/cve/CVE-2020-27846\nhttps://access.redhat.com/security/cve/CVE-2020-28362\nhttps://access.redhat.com/security/cve/CVE-2020-29652\nhttps://access.redhat.com/security/cve/CVE-2021-2007\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T\nlmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H\nEmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8\n4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4\nmWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL\nISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy\nAe5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk\n4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM\nuR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG\nkrzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv\nRjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6\nMcvuEaxco7U=\n=sw8i\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1660798 - NFSv4.2: security label of mount point shows as \"unlabeled_t\" for ~30 seconds after mounting\n1718176 - CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service\n1759052 - CVE-2019-15925 kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg\n1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c\n1760310 - CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c\n1760420 - CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c\n1774946 - CVE-2019-19072 kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS\n1774963 - CVE-2019-19068 kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS\n1774988 - CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n1775015 - CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS\n1775021 - CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS\n1775097 - CVE-2019-19056 kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS\n1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c\n1777449 - CVE-2019-18809 kernel: memory leak in  af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c\n1778762 - Please backport Jitter Entropy patches\n1779594 - CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid\n1781679 - CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c\n1781810 - CVE-2019-19543 kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c\n1783459 - CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free\n1783534 - CVE-2019-19533 kernel: information leak bug caused  by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c\n1783561 - CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer\n1784130 - CVE-2019-19319 kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c\n1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c\n1786179 - CVE-2019-19770 kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c\n1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c\n1802555 - CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c\n1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c\n1802563 - CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c\n1817718 - CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field\n1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation\n1819399 - CVE-2019-9455 kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure\n1820402 - Sometimes hit \"error: kvm run failed Bad address\" when launching a guest on Power8\n1822077 - CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process\n1823764 - RFE: Enable genfs+xattr labeling for CephFS\n1824059 - CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table\n1824792 - CVE-2020-11668 kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c\n1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c\n1830280 - Please enable CONFIG_RANDOM_TRUST_CPU\n1831399 - CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps\n1831699 - CVE-2020-12465 kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c\n1832543 - CVE-2020-12655 kernel: sync of excessive duration via an XFS v5 image with crafted metadata\n1832876 - CVE-2020-12659 kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption\n1834845 - CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case\n1839634 - CVE-2020-10751 kernel: SELinux netlink permission check bypass\n1844520 - Incorrect pinning of IRQ threads on isolated CPUs by drivers that use cpumask_local_spread()\n1846380 - CVE-2020-10773 kernel: kernel stack information leak on s390/s390x\n1846964 - CVE-2020-10774 kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features\n1853447 - Guest IA32_SPEC_CTRL wrmsr failure on AMD processors that support STIBP but don\u0027t support for IBRS\n1856588 - Guest crashed and hung when hot unplug vcpus\n1860065 - CVE-2020-0305 kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c\n1874311 - CVE-2020-14381 kernel: referencing inode of removed superblock in get_futex_key() causes UAF\n1881424 - CVE-2020-25641 kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS\n\n6",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186773"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8648"
          },
          {
            "db": "PACKETSTORM",
            "id": "157489"
          },
          {
            "db": "PACKETSTORM",
            "id": "163020"
          },
          {
            "db": "PACKETSTORM",
            "id": "163026"
          },
          {
            "db": "PACKETSTORM",
            "id": "157480"
          },
          {
            "db": "PACKETSTORM",
            "id": "161546"
          },
          {
            "db": "PACKETSTORM",
            "id": "157491"
          },
          {
            "db": "PACKETSTORM",
            "id": "159814"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-8648",
            "trust": 3.4
          },
          {
            "db": "PACKETSTORM",
            "id": "163020",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-148",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164140",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "157491",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0796",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2039",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1745.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0719",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1476",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0692",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2008",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0772",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1164",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2032",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1910",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0908",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6112",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3443",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3075",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0797",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1745",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1812",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0925",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3888",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2957",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1584",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4047",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2180",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "163968",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021062117",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "45778",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "163026",
            "trust": 0.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04530",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-186773",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8648",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "157489",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "157480",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161546",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "159814",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186773"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8648"
          },
          {
            "db": "PACKETSTORM",
            "id": "157489"
          },
          {
            "db": "PACKETSTORM",
            "id": "163020"
          },
          {
            "db": "PACKETSTORM",
            "id": "163026"
          },
          {
            "db": "PACKETSTORM",
            "id": "157480"
          },
          {
            "db": "PACKETSTORM",
            "id": "161546"
          },
          {
            "db": "PACKETSTORM",
            "id": "164140"
          },
          {
            "db": "PACKETSTORM",
            "id": "157491"
          },
          {
            "db": "PACKETSTORM",
            "id": "159814"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-148"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8648"
          }
        ]
      },
      "id": "VAR-202002-1243",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186773"
          }
        ],
        "trust": 0.725
      },
      "last_update_date": "2026-04-10T23:20:44.991000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Bug 206361",
            "trust": 0.8,
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206361"
          },
          {
            "title": "Linux Kernel Archives",
            "trust": 0.8,
            "url": "http://www.kernel.org"
          },
          {
            "title": "Amazon Linux 2: ALAS2LIVEPATCH-2020-005",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2020-005"
          },
          {
            "title": "Amazon Linux 2: ALAS2LIVEPATCH-2020-004",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2020-004"
          },
          {
            "title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4346-1"
          },
          {
            "title": "Amazon Linux 2: ALAS2LIVEPATCH-2020-006",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2020-006"
          },
          {
            "title": "Ubuntu Security Notice: linux-gke-5.0, linux-oem-osp11 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4344-1"
          },
          {
            "title": "Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe, linux-kvm, linux-raspi2, linux-raspi2-5.3 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4342-1"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2020-1360",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1360"
          },
          {
            "title": "Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4345-1"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2020-1405",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1405"
          },
          {
            "title": "Brocade Security Advisories: Access Denied",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=0653676430b6017016f55e261b78af9c"
          },
          {
            "title": "Red Hat: Moderate: kernel-rt security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204609 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: kernel security, bug fix, and enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204431 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-4698-1 linux -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=88a848047667226a68bbe6de9bb29095"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/two-critical-android-bugs-rce/156216/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-8648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186773"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8648"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8648"
          },
          {
            "trust": 1.9,
            "url": "https://usn.ubuntu.com/4346-1/"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20200924-0004/"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2020/dsa-4698"
          },
          {
            "trust": 1.8,
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206361"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          },
          {
            "trust": 1.8,
            "url": "https://usn.ubuntu.com/4342-1/"
          },
          {
            "trust": 1.8,
            "url": "https://usn.ubuntu.com/4344-1/"
          },
          {
            "trust": 1.8,
            "url": "https://usn.ubuntu.com/4345-1/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8648"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3888/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/linux-kernel-use-after-free-via-n-tty-receive-buf-common-31537"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0908/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1584/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/45778"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157491/ubuntu-security-notice-usn-4346-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0796/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6520482"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2957"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163968/red-hat-security-advisory-2021-3320-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0772/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2039/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6112"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4047"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1164/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1910/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3075"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0719/"
          },
          {
            "trust": 0.6,
            "url": "https://source.android.com/security/bulletin/2020-06-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0925/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1745.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0797/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163020/red-hat-security-advisory-2021-2314-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0692"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2032"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021062117"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2008/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3443"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164140/red-hat-security-advisory-2021-3522-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1745/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1812/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1476/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-8648"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.4,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19768"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16234"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9383"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3347"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10942"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11884"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12362"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12364"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27170"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-27170"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12363"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19770"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-11668"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19072"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8649"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12655"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9458"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19068"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20636"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-15925"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-18808"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-18809"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20054"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12826"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10773"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25641"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8647"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-15917"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10774"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-0305"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12659"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-16233"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19543"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10751"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10942"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19062"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19046"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12465"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19447"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-16231"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-14381"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19056"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19524"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12770"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19767"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19533"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19537"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9455"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-11565"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19332"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-12614"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19063"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19319"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10732"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16233"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/416.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://alas.aws.amazon.com/al2/alaslivepatch-2020-005.html"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1066.70"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1059.60"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1082.92~16.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1061.65"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1061.65"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-99.100"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42~16.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11609"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1080.90"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4345-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1066.70~16.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-99.100~16.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1058.61"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1077.84"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2316"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1016.17"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1018.19~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-51.44~18.04.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8992"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4342-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1023.25"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1018.19"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.3.0-1020.21"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1023.25~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/5.3.0-51.44"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1017.18"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25662"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20907"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8624"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-16300"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-10105"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25684"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13050"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24490"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-2007"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-15166"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9802"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26160"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-16230"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9895"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8625"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13225"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13249"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27846"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-15165"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20388"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14382"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8812"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3899"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8819"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3867"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1971"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-16229"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9893"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14553"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3902"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14882"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8623"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-16227"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3900"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15862"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25683"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25211"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14461"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19602"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9805"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14464"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8820"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9807"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8769"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25661"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9850"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-6977"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29652"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16168"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9803"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9862"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24659"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16166"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14469"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7774"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9327"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14880"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3885"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15503"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16935"
          },
          {
            "trust": 0.1,
            "url": "https://\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20916"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5018"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19956"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10018"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20812"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:5633"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14468"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14422"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15157"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-6978"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25658"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0444"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8764"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14466"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8844"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3865"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1730"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3864"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25694"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19906"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14553"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2752"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20386"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20387"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14391"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15999"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14467"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14462"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3862"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25682"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14881"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2574"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3901"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17546"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3884"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10763"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8823"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1752"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8622"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-15903"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3895"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11793"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20454"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25696"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9894"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25685"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13627"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-6405"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-16451"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3897"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-10103"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-16228"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14463"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8814"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14889"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8743"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25686"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8815"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2922"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13632"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25687"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16167"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10029"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8783"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20807"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13630"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14040"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14879"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14019"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25681"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14470"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8619"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14465"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-11068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8766"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8563"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13631"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-16452"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8846"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3868"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3894"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:5634"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22555"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32399"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-178.208"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1106.117"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1132.141"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4346-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1136.144"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1070.77"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9458"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:4431"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15925"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19068"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19767"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19062"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19447"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9455"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19319"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19063"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15917"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19533"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19524"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19046"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19770"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20054"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20636"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19072"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18809"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19056"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19537"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19332"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186773"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8648"
          },
          {
            "db": "PACKETSTORM",
            "id": "157489"
          },
          {
            "db": "PACKETSTORM",
            "id": "163020"
          },
          {
            "db": "PACKETSTORM",
            "id": "163026"
          },
          {
            "db": "PACKETSTORM",
            "id": "157480"
          },
          {
            "db": "PACKETSTORM",
            "id": "161546"
          },
          {
            "db": "PACKETSTORM",
            "id": "164140"
          },
          {
            "db": "PACKETSTORM",
            "id": "157491"
          },
          {
            "db": "PACKETSTORM",
            "id": "159814"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-148"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8648"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-186773",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8648",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "157489",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163020",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163026",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "157480",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161546",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164140",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "157491",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "159814",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-148",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8648",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-02-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186773",
            "ident": null
          },
          {
            "date": "2020-02-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8648",
            "ident": null
          },
          {
            "date": "2020-04-29T15:56:59",
            "db": "PACKETSTORM",
            "id": "157489",
            "ident": null
          },
          {
            "date": "2021-06-09T13:15:48",
            "db": "PACKETSTORM",
            "id": "163020",
            "ident": null
          },
          {
            "date": "2021-06-09T13:19:21",
            "db": "PACKETSTORM",
            "id": "163026",
            "ident": null
          },
          {
            "date": "2020-04-29T15:46:39",
            "db": "PACKETSTORM",
            "id": "157480",
            "ident": null
          },
          {
            "date": "2021-02-25T15:29:25",
            "db": "PACKETSTORM",
            "id": "161546",
            "ident": null
          },
          {
            "date": "2021-09-14T15:55:54",
            "db": "PACKETSTORM",
            "id": "164140",
            "ident": null
          },
          {
            "date": "2020-04-29T15:58:35",
            "db": "PACKETSTORM",
            "id": "157491",
            "ident": null
          },
          {
            "date": "2020-11-04T15:23:46",
            "db": "PACKETSTORM",
            "id": "159814",
            "ident": null
          },
          {
            "date": "2020-02-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-148",
            "ident": null
          },
          {
            "date": "2020-02-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-001618",
            "ident": null
          },
          {
            "date": "2020-02-06T01:15:10.890000",
            "db": "NVD",
            "id": "CVE-2020-8648",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-07-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186773",
            "ident": null
          },
          {
            "date": "2022-07-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8648",
            "ident": null
          },
          {
            "date": "2022-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-148",
            "ident": null
          },
          {
            "date": "2020-02-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-001618",
            "ident": null
          },
          {
            "date": "2024-11-21T05:39:11.030000",
            "db": "NVD",
            "id": "CVE-2020-8648",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "157489"
          },
          {
            "db": "PACKETSTORM",
            "id": "157480"
          },
          {
            "db": "PACKETSTORM",
            "id": "157491"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-148"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "_id": null,
        "data": "Linux Kernel Vulnerability in using free memory in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001618"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-148"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-1571

    Vulnerability from variot - Updated: 2026-04-10 23:03

    A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. 8) - x86_64

    1. Description:

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

    Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2021:4356-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4356 Issue date: 2021-11-09 CVE Names: CVE-2020-0427 CVE-2020-24502 CVE-2020-24503 CVE-2020-24504 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 CVE-2020-26141 CVE-2020-26143 CVE-2020-26144 CVE-2020-26145 CVE-2020-26146 CVE-2020-26147 CVE-2020-27777 CVE-2020-29368 CVE-2020-29660 CVE-2020-36158 CVE-2020-36386 CVE-2021-0129 CVE-2021-3348 CVE-2021-3489 CVE-2021-3564 CVE-2021-3573 CVE-2021-3600 CVE-2021-3635 CVE-2021-3659 CVE-2021-3679 CVE-2021-3732 CVE-2021-20194 CVE-2021-20239 CVE-2021-23133 CVE-2021-28950 CVE-2021-28971 CVE-2021-29155 CVE-2021-29646 CVE-2021-29650 CVE-2021-31440 CVE-2021-31829 CVE-2021-31916 CVE-2021-33200 ==================================================================== 1.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64

    Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503) * kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504) * kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586) * kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587) * kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588) * kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139) * kernel: accepting plaintext data frames in protected networks (CVE-2020-26140) * kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141) * kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143) * kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144) * kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145) * kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777) * kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660) * kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158) * kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386) * kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129) * kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348) * kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489) * kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564) * kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573) * kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600) * kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679) * kernel: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732) * kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194) * kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133) * kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950) * kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971) * kernel: protection can be bypassed to leak content of kernel memory (CVE-2021-29155) * kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646) * kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650) * kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440) * kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829) * kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200) * kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146) * kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147) * kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368) * kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635) * kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659) * kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239) * kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)

    1. Solution:

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    The system must be rebooted for this update to take effect.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1509204 - dlm: Add ability to set SO_MARK on DLM sockets 1793880 - Unreliable RTC synchronization (11-minute mode) 1816493 - [RHEL 8.3] Discard request from mkfs.xfs takes too much time on raid10 1900844 - CVE-2020-27777 kernel: powerpc: RTAS calls can be used to compromise kernel integrity 1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check 1906522 - CVE-2020-29660 kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free 1912683 - CVE-2021-20194 kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() 1913348 - CVE-2020-36158 kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value 1915825 - Allow falling back to genfscon labeling when the FS doesn't support xattrs and there is a fs_use_xattr rule for it 1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem. 1921958 - CVE-2021-3348 kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c 1923636 - CVE-2021-20239 kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure 1930376 - CVE-2020-24504 kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers 1930379 - CVE-2020-24502 kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers 1930381 - CVE-2020-24503 kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers 1933527 - Files on cifs mount can get mixed contents when underlying file is removed but inode number is reused, when mounted with 'serverino' and 'cache=strict ' 1939341 - CNB: net: add inline function skb_csum_is_sctp 1941762 - CVE-2021-28950 kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode 1941784 - CVE-2021-28971 kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c 1945345 - CVE-2021-29646 kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c 1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS 1946965 - CVE-2021-31916 kernel: out of bounds array access in drivers/md/dm-ioctl.c 1948772 - CVE-2021-23133 kernel: Race condition in sctp_destroy_sock list_del 1951595 - CVE-2021-29155 kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory 1953847 - [ethtool] The NLM_F_MULTI should be used for NLM_F_DUMP 1954588 - RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. 1957788 - CVE-2021-31829 kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory 1959559 - CVE-2021-3489 kernel: Linux kernel eBPF RINGBUF map oversized allocation 1959642 - CVE-2020-24586 kernel: Fragmentation cache not cleared on reconnection 1959654 - CVE-2020-24587 kernel: Reassembling fragments encrypted under different keys 1959657 - CVE-2020-24588 kernel: wifi frame payload being parsed incorrectly as an L2 frame 1959663 - CVE-2020-26139 kernel: Forwarding EAPOL from unauthenticated wifi client 1960490 - CVE-2020-26140 kernel: accepting plaintext data frames in protected networks 1960492 - CVE-2020-26141 kernel: not verifying TKIP MIC of fragmented frames 1960496 - CVE-2020-26143 kernel: accepting fragmented plaintext frames in protected networks 1960498 - CVE-2020-26144 kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header 1960500 - CVE-2020-26145 kernel: accepting plaintext broadcast fragments as full frames 1960502 - CVE-2020-26146 kernel: reassembling encrypted fragments with non-consecutive packet numbers 1960504 - CVE-2020-26147 kernel: reassembling mixed encrypted/plaintext fragments 1960708 - please add CAP_CHECKPOINT_RESTORE to capability.h 1964028 - CVE-2021-31440 kernel: local escalation of privileges in handling of eBPF programs 1964139 - CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device initialization fails 1965038 - CVE-2021-0129 kernel: Improper access control in BlueZ may allow information disclosure vulnerability. 1965360 - kernel: get_timespec64 does not ignore padding in compat syscalls 1965458 - CVE-2021-33200 kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier 1966578 - CVE-2021-3573 kernel: use-after-free in function hci_sock_bound_ioctl() 1969489 - CVE-2020-36386 kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c 1971101 - ceph: potential data corruption in cephfs write_begin codepath 1972278 - libceph: allow addrvecs with a single NONE/blank address 1974627 - [TIPC] kernel BUG at lib/list_debug.c:31! 1975182 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer [rhel-8.5.0] 1975949 - CVE-2021-3659 kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c 1976679 - blk-mq: fix/improve io scheduler batching dispatch 1976699 - [SCTP]WARNING: CPU: 29 PID: 3165 at mm/page_alloc.c:4579 __alloc_pages_slowpath+0xb74/0xd00 1976946 - CVE-2021-3635 kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 1976969 - XFS: followup to XFS sync to upstream v5.10 (re BZ1937116) 1977162 - [XDP] test program warning: libbpf: elf: skipping unrecognized data section(16) .eh_frame 1977422 - Missing backport of IMA boot aggregate calculation in rhel 8.4 kernel 1977537 - RHEL8.5: Update the kernel workqueue code to v5.12 level 1977850 - geneve virtual devices lack the NETIF_F_FRAGLIST feature 1978369 - dm writecache: sync with upstream 5.14 1979070 - Inaccessible NFS server overloads clients (native_queued_spin_lock_slowpath connotation?) 1979680 - Backport openvswitch tracepoints 1981954 - CVE-2021-3600 kernel: eBPF 32-bit source register truncation on div/mod 1986138 - Lockd invalid cast to nlm_lockowner 1989165 - CVE-2021-3679 kernel: DoS in rb_per_cpu_empty() 1989999 - ceph omnibus backport for RHEL-8.5.0 1991976 - block: fix New warning in nvme_setup_discard 1992700 - blk-mq: fix kernel panic when iterating over flush request 1995249 - CVE-2021-3732 kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files 1996854 - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()

    1. Package List:

    Red Hat Enterprise Linux BaseOS (v. 8):

    Source: kernel-4.18.0-348.el8.src.rpm

    aarch64: bpftool-4.18.0-348.el8.aarch64.rpm bpftool-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-4.18.0-348.el8.aarch64.rpm kernel-core-4.18.0-348.el8.aarch64.rpm kernel-cross-headers-4.18.0-348.el8.aarch64.rpm kernel-debug-4.18.0-348.el8.aarch64.rpm kernel-debug-core-4.18.0-348.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debug-devel-4.18.0-348.el8.aarch64.rpm kernel-debug-modules-4.18.0-348.el8.aarch64.rpm kernel-debug-modules-extra-4.18.0-348.el8.aarch64.rpm kernel-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-348.el8.aarch64.rpm kernel-devel-4.18.0-348.el8.aarch64.rpm kernel-headers-4.18.0-348.el8.aarch64.rpm kernel-modules-4.18.0-348.el8.aarch64.rpm kernel-modules-extra-4.18.0-348.el8.aarch64.rpm kernel-tools-4.18.0-348.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-tools-libs-4.18.0-348.el8.aarch64.rpm perf-4.18.0-348.el8.aarch64.rpm perf-debuginfo-4.18.0-348.el8.aarch64.rpm python3-perf-4.18.0-348.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-348.el8.aarch64.rpm

    noarch: kernel-abi-stablelists-4.18.0-348.el8.noarch.rpm kernel-doc-4.18.0-348.el8.noarch.rpm

    ppc64le: bpftool-4.18.0-348.el8.ppc64le.rpm bpftool-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-4.18.0-348.el8.ppc64le.rpm kernel-core-4.18.0-348.el8.ppc64le.rpm kernel-cross-headers-4.18.0-348.el8.ppc64le.rpm kernel-debug-4.18.0-348.el8.ppc64le.rpm kernel-debug-core-4.18.0-348.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debug-devel-4.18.0-348.el8.ppc64le.rpm kernel-debug-modules-4.18.0-348.el8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-348.el8.ppc64le.rpm kernel-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-348.el8.ppc64le.rpm kernel-devel-4.18.0-348.el8.ppc64le.rpm kernel-headers-4.18.0-348.el8.ppc64le.rpm kernel-modules-4.18.0-348.el8.ppc64le.rpm kernel-modules-extra-4.18.0-348.el8.ppc64le.rpm kernel-tools-4.18.0-348.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-tools-libs-4.18.0-348.el8.ppc64le.rpm perf-4.18.0-348.el8.ppc64le.rpm perf-debuginfo-4.18.0-348.el8.ppc64le.rpm python3-perf-4.18.0-348.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-348.el8.ppc64le.rpm

    s390x: bpftool-4.18.0-348.el8.s390x.rpm bpftool-debuginfo-4.18.0-348.el8.s390x.rpm kernel-4.18.0-348.el8.s390x.rpm kernel-core-4.18.0-348.el8.s390x.rpm kernel-cross-headers-4.18.0-348.el8.s390x.rpm kernel-debug-4.18.0-348.el8.s390x.rpm kernel-debug-core-4.18.0-348.el8.s390x.rpm kernel-debug-debuginfo-4.18.0-348.el8.s390x.rpm kernel-debug-devel-4.18.0-348.el8.s390x.rpm kernel-debug-modules-4.18.0-348.el8.s390x.rpm kernel-debug-modules-extra-4.18.0-348.el8.s390x.rpm kernel-debuginfo-4.18.0-348.el8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-348.el8.s390x.rpm kernel-devel-4.18.0-348.el8.s390x.rpm kernel-headers-4.18.0-348.el8.s390x.rpm kernel-modules-4.18.0-348.el8.s390x.rpm kernel-modules-extra-4.18.0-348.el8.s390x.rpm kernel-tools-4.18.0-348.el8.s390x.rpm kernel-tools-debuginfo-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-core-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-devel-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-modules-4.18.0-348.el8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-348.el8.s390x.rpm perf-4.18.0-348.el8.s390x.rpm perf-debuginfo-4.18.0-348.el8.s390x.rpm python3-perf-4.18.0-348.el8.s390x.rpm python3-perf-debuginfo-4.18.0-348.el8.s390x.rpm

    x86_64: bpftool-4.18.0-348.el8.x86_64.rpm bpftool-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-4.18.0-348.el8.x86_64.rpm kernel-core-4.18.0-348.el8.x86_64.rpm kernel-cross-headers-4.18.0-348.el8.x86_64.rpm kernel-debug-4.18.0-348.el8.x86_64.rpm kernel-debug-core-4.18.0-348.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debug-devel-4.18.0-348.el8.x86_64.rpm kernel-debug-modules-4.18.0-348.el8.x86_64.rpm kernel-debug-modules-extra-4.18.0-348.el8.x86_64.rpm kernel-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm kernel-devel-4.18.0-348.el8.x86_64.rpm kernel-headers-4.18.0-348.el8.x86_64.rpm kernel-modules-4.18.0-348.el8.x86_64.rpm kernel-modules-extra-4.18.0-348.el8.x86_64.rpm kernel-tools-4.18.0-348.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-tools-libs-4.18.0-348.el8.x86_64.rpm perf-4.18.0-348.el8.x86_64.rpm perf-debuginfo-4.18.0-348.el8.x86_64.rpm python3-perf-4.18.0-348.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-348.el8.x86_64.rpm

    Red Hat Enterprise Linux CRB (v. 8):

    aarch64: bpftool-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-348.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-348.el8.aarch64.rpm kernel-tools-libs-devel-4.18.0-348.el8.aarch64.rpm perf-debuginfo-4.18.0-348.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-348.el8.aarch64.rpm

    ppc64le: bpftool-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-348.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-348.el8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-348.el8.ppc64le.rpm perf-debuginfo-4.18.0-348.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-348.el8.ppc64le.rpm

    x86_64: bpftool-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-348.el8.x86_64.rpm kernel-tools-libs-devel-4.18.0-348.el8.x86_64.rpm perf-debuginfo-4.18.0-348.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-348.el8.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYYrdRdzjgjWX9erEAQhs0w//as9X4T+FCf3TAbcNIStxlOK6fbJoAlST FrgNJnRH3RmT+VxRSLWZcsJQf78kudeJWtMezbGSVREfhCMBCGhKZ7mvVp5P7J8l bobmdaap3hqkPqq66VuKxGuS+6j0rXXgGQH034yzoX+L/lx6KV9qdAnZZO+7kWcy SfX0GkLg0ARDMfsoUKwVmeUeNLhPlJ4ZH2rBdZ4FhjyEAG/5yL9JwU/VNReWHjhW HgarTuSnFR3vLQDKyjMIEEiBPOI162hS2j3Ba/A/1hJ70HOjloJnd0eWYGxSuIfC DRrzlacFNAzBPZsbRFi1plXrHh5LtNoBBWjl+xyb6jRsB8eXgS+WhzUhOXGUv01E lJTwFy5Kz71d+cAhRXgmz5gVgWuoNJw8AEImefWcy4n0EEK55vdFe0Sl7BfZiwpD Jhx97He6OurNnLrYyJJ0+TsU1L33794Ag2AJZnN1PLFUyrKKNlD1ZWtdsJg99klK dQteUTnnUhgDG5Tqulf0wX19BEkLd/O6CRyGueJcV4h4PFpSoWOh5Yy/BlokFzc8 zf14PjuVueIodaIUXtK+70Zmw7tg09Dx5Asyfuk5hWFPYv856nHlDn7PT724CU8v 1cp96h1IjLR6cF17NO2JCcbU0XZEW+aCkGkPcsY8DhBmaZqxUxXObvTD80Mm7EvN +PuV5cms0sE=2UUA -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4997-2 June 25, 2021

    linux-kvm vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 21.04

    Summary:

    Several security issues were fixed in the Linux kernel.

    Software Description: - linux-kvm: Linux kernel for cloud environments

    Details:

    USN-4997-1 fixed vulnerabilities in the Linux kernel for Ubuntu 21.04. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 21.04. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609)

    Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled certain malformed frames. If a user were tricked into connecting to a malicious server, a physically proximate attacker could use this issue to inject packets. (CVE-2020-24588)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets. (CVE-2020-26141)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation accepted plaintext fragments in certain situations. A physically proximate attacker could use this issue to inject packets. (CVE-2020-26145)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23133)

    Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134)

    Manfred Paul discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel contained an out-of-bounds vulnerability. A local attacker could use this issue to execute arbitrary code. (CVE-2021-31440)

    Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399)

    It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

    It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506)

    Mathias Krause discovered that a null pointer dereference existed in the Nitro Enclaves kernel driver of the Linux kernel. A local attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3543)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 21.04: linux-image-5.11.0-1009-kvm 5.11.0-1009.9 linux-image-kvm 5.11.0.1009.9

    After a standard system update you need to reboot your computer to make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

    References: https://ubuntu.com/security/notices/USN-4997-2 https://ubuntu.com/security/notices/USN-4997-1 CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3543, CVE-2021-3609

    Package Information: https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1009.9

    . Solution:

    For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

    https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

    For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:

    https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment

    1. JIRA issues fixed (https://issues.jboss.org/):

    LOG-1168 - Disable hostname verification in syslog TLS settings LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd LOG-1375 - ssl_ca_cert should be optional LOG-1378 - CLO should support sasl_plaintext(Password over http) LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate LOG-1494 - Syslog output is serializing json incorrectly LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing LOG-1735 - Regression introducing flush_at_shutdown LOG-1774 - The collector logs should be excluded in fluent.conf LOG-1776 - fluentd total_limit_size sets value beyond available space LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL LOG-1903 - Fix the Display of ClusterLogging type in OLM LOG-1911 - CLF API changes to Opt-in to multiline error detection LOG-1918 - Alert FluentdNodeDown always firing LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding

    6

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "kernel",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "linux",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "linux",
            "version": "4.15"
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "linux",
            "version": "5.4.114"
          },
          {
            "_id": null,
            "model": "solidfire \\\u0026 hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "linux",
            "version": "4.14.232"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h300e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "linux",
            "version": "4.10"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "linux",
            "version": "5.10.32"
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "linux",
            "version": "4.19.189"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "h410c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "linux",
            "version": "5.11.16"
          },
          {
            "_id": null,
            "model": "brocade fabric operating system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "linux",
            "version": "5.11"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "32"
          },
          {
            "_id": null,
            "model": "h500e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "kernel",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "linux",
            "version": "4.20"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-23133"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ubuntu",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "163249"
          },
          {
            "db": "PACKETSTORM",
            "id": "163251"
          },
          {
            "db": "PACKETSTORM",
            "id": "163253"
          },
          {
            "db": "PACKETSTORM",
            "id": "163255"
          },
          {
            "db": "PACKETSTORM",
            "id": "163262"
          },
          {
            "db": "PACKETSTORM",
            "id": "163291"
          },
          {
            "db": "PACKETSTORM",
            "id": "163301"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-23133",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "CVE-2021-23133",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.0,
                "id": "CVE-2021-23133",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "psirt@paloaltonetworks.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2021-23133",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-23133",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@paloaltonetworks.com",
                "id": "CVE-2021-23133",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-1348",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-23133",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-23133"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1348"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23133"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23133"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)-\u003esctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: kernel security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2021:4356-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:4356\nIssue date:        2021-11-09\nCVE Names:         CVE-2020-0427 CVE-2020-24502 CVE-2020-24503\n                   CVE-2020-24504 CVE-2020-24586 CVE-2020-24587\n                   CVE-2020-24588 CVE-2020-26139 CVE-2020-26140\n                   CVE-2020-26141 CVE-2020-26143 CVE-2020-26144\n                   CVE-2020-26145 CVE-2020-26146 CVE-2020-26147\n                   CVE-2020-27777 CVE-2020-29368 CVE-2020-29660\n                   CVE-2020-36158 CVE-2020-36386 CVE-2021-0129\n                   CVE-2021-3348 CVE-2021-3489 CVE-2021-3564\n                   CVE-2021-3573 CVE-2021-3600 CVE-2021-3635\n                   CVE-2021-3659 CVE-2021-3679 CVE-2021-3732\n                   CVE-2021-20194 CVE-2021-20239 CVE-2021-23133\n                   CVE-2021-28950 CVE-2021-28971 CVE-2021-29155\n                   CVE-2021-29646 CVE-2021-29650 CVE-2021-31440\n                   CVE-2021-31829 CVE-2021-31916 CVE-2021-33200\n====================================================================\n1. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64\n\n3. \n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427)\n* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter\ndrivers (CVE-2020-24502)\n* kernel: Insufficient access control in some Intel(R) Ethernet E810\nAdapter drivers (CVE-2020-24503)\n* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810\nAdapter drivers (CVE-2020-24504)\n* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n* kernel: Reassembling fragments encrypted under different keys\n(CVE-2020-24587)\n* kernel: wifi frame payload being parsed incorrectly as an L2 frame\n(CVE-2020-24588)\n* kernel: Forwarding EAPOL from unauthenticated wifi client\n(CVE-2020-26139)\n* kernel: accepting plaintext data frames in protected networks\n(CVE-2020-26140)\n* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n* kernel: accepting fragmented plaintext frames in protected networks\n(CVE-2020-26143)\n* kernel: accepting unencrypted A-MSDU frames that start with RFC1042\nheader (CVE-2020-26144)\n* kernel: accepting plaintext broadcast fragments as full frames\n(CVE-2020-26145)\n* kernel: powerpc: RTAS calls can be used to compromise kernel integrity\n(CVE-2020-27777)\n* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a\nread-after-free (CVE-2020-29660)\n* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a\nlong SSID value (CVE-2020-36158)\n* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt()\n(CVE-2020-36386)\n* kernel: Improper access control in BlueZ may allow information disclosure\nvulnerability. (CVE-2021-0129)\n* kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c\n(CVE-2021-3348)\n* kernel: Linux kernel eBPF RINGBUF map oversized allocation\n(CVE-2021-3489)\n* kernel: double free in bluetooth subsystem when the HCI device\ninitialization fails (CVE-2021-3564)\n* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n* kernel: Mounting overlayfs inside an unprivileged user namespace can\nreveal files (CVE-2021-3732)\n* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()\n(CVE-2021-20194)\n* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n* kernel: fuse: stall on CPU can occur because a retry loop continually\nfinds the same bad inode (CVE-2021-28950)\n* kernel: System crash in intel_pmu_drain_pebs_nhm in\narch/x86/events/intel/ds.c (CVE-2021-28971)\n* kernel: protection can be bypassed to leak content of kernel memory\n(CVE-2021-29155)\n* kernel: improper input validation in tipc_nl_retrieve_key function in\nnet/tipc/node.c (CVE-2021-29646)\n* kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650)\n* kernel: local escalation of privileges in handling of eBPF programs\n(CVE-2021-31440)\n* kernel: protection of stack pointer against speculative pointer\narithmetic can be bypassed to leak content of kernel memory\n(CVE-2021-31829)\n* kernel: out-of-bounds reads and writes due to enforcing incorrect limits\nfor pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n* kernel: reassembling encrypted fragments with non-consecutive packet\nnumbers (CVE-2020-26146)\n* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n* kernel: the copy-on-write implementation can grant unintended write\naccess because of a race condition in a THP mapcount check (CVE-2020-29368)\n* kernel: flowtable list del corruption with kernel BUG at\nlib/list_debug.c:50 (CVE-2021-3635)\n* kernel: NULL pointer dereference in llsec_key_alloc() in\nnet/mac802154/llsec.c (CVE-2021-3659)\n* kernel: setsockopt System Call Untrusted Pointer Dereference Information\nDisclosure (CVE-2021-20239)\n* kernel: out of bounds array access in drivers/md/dm-ioctl.c\n(CVE-2021-31916)\n\n4. Solution:\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1509204 - dlm: Add ability to set SO_MARK on DLM sockets\n1793880 - Unreliable RTC synchronization (11-minute mode)\n1816493 - [RHEL 8.3] Discard request from mkfs.xfs takes too much time on raid10\n1900844 - CVE-2020-27777 kernel: powerpc: RTAS calls can be used to compromise kernel integrity\n1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check\n1906522 - CVE-2020-29660 kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free\n1912683 - CVE-2021-20194 kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()\n1913348 - CVE-2020-36158 kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value\n1915825 - Allow falling back to genfscon labeling when the FS doesn\u0027t support xattrs and there is a fs_use_xattr rule for it\n1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem. \n1921958 - CVE-2021-3348 kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c\n1923636 - CVE-2021-20239 kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure\n1930376 - CVE-2020-24504 kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers\n1930379 - CVE-2020-24502 kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers\n1930381 - CVE-2020-24503 kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers\n1933527 - Files on cifs mount can get mixed contents when underlying file is removed but inode number is reused, when mounted with \u0027serverino\u0027 and \u0027cache=strict \u0027\n1939341 - CNB: net: add inline function skb_csum_is_sctp\n1941762 - CVE-2021-28950 kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n1941784 - CVE-2021-28971 kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c\n1945345 - CVE-2021-29646 kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c\n1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS\n1946965 - CVE-2021-31916 kernel: out of bounds array access in drivers/md/dm-ioctl.c\n1948772 - CVE-2021-23133 kernel: Race condition in sctp_destroy_sock list_del\n1951595 - CVE-2021-29155 kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory\n1953847 - [ethtool] The `NLM_F_MULTI` should be used for `NLM_F_DUMP`\n1954588 - RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. \n1957788 - CVE-2021-31829 kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory\n1959559 - CVE-2021-3489 kernel: Linux kernel eBPF RINGBUF map oversized allocation\n1959642 - CVE-2020-24586 kernel: Fragmentation cache not cleared on reconnection\n1959654 - CVE-2020-24587 kernel: Reassembling fragments encrypted under different keys\n1959657 - CVE-2020-24588 kernel: wifi frame payload being parsed incorrectly as an L2 frame\n1959663 - CVE-2020-26139 kernel: Forwarding EAPOL from unauthenticated wifi client\n1960490 - CVE-2020-26140 kernel: accepting plaintext data frames in protected networks\n1960492 - CVE-2020-26141 kernel: not verifying TKIP MIC of fragmented frames\n1960496 - CVE-2020-26143 kernel: accepting fragmented plaintext frames in protected networks\n1960498 - CVE-2020-26144 kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header\n1960500 - CVE-2020-26145 kernel: accepting plaintext broadcast fragments as full frames\n1960502 - CVE-2020-26146 kernel: reassembling encrypted fragments with non-consecutive packet numbers\n1960504 - CVE-2020-26147 kernel: reassembling mixed encrypted/plaintext fragments\n1960708 - please add CAP_CHECKPOINT_RESTORE to capability.h\n1964028 - CVE-2021-31440 kernel: local escalation of privileges in handling of eBPF programs\n1964139 - CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device initialization fails\n1965038 - CVE-2021-0129 kernel: Improper access control in BlueZ may allow information disclosure vulnerability. \n1965360 - kernel: get_timespec64 does not ignore padding in compat syscalls\n1965458 - CVE-2021-33200 kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier\n1966578 - CVE-2021-3573 kernel: use-after-free in function hci_sock_bound_ioctl()\n1969489 - CVE-2020-36386 kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n1971101 - ceph: potential data corruption in cephfs write_begin codepath\n1972278 - libceph: allow addrvecs with a single NONE/blank address\n1974627 - [TIPC] kernel BUG at lib/list_debug.c:31!\n1975182 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer [rhel-8.5.0]\n1975949 - CVE-2021-3659 kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c\n1976679 - blk-mq: fix/improve io scheduler batching dispatch\n1976699 - [SCTP]WARNING: CPU: 29 PID: 3165 at mm/page_alloc.c:4579 __alloc_pages_slowpath+0xb74/0xd00\n1976946 - CVE-2021-3635 kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50\n1976969 - XFS: followup to XFS sync to upstream v5.10 (re BZ1937116)\n1977162 - [XDP] test program warning: libbpf: elf: skipping unrecognized data section(16) .eh_frame\n1977422 - Missing backport of IMA boot aggregate calculation in rhel 8.4 kernel\n1977537 - RHEL8.5: Update the kernel workqueue code to v5.12 level\n1977850 - geneve virtual devices lack  the NETIF_F_FRAGLIST feature\n1978369 - dm writecache: sync with upstream 5.14\n1979070 - Inaccessible NFS server overloads clients (native_queued_spin_lock_slowpath connotation?)\n1979680 - Backport openvswitch tracepoints\n1981954 - CVE-2021-3600 kernel: eBPF 32-bit source register truncation on div/mod\n1986138 - Lockd invalid cast to nlm_lockowner\n1989165 - CVE-2021-3679 kernel: DoS in rb_per_cpu_empty()\n1989999 - ceph omnibus backport for RHEL-8.5.0\n1991976 - block: fix New warning in nvme_setup_discard\n1992700 - blk-mq: fix kernel panic when iterating over flush request\n1995249 - CVE-2021-3732 kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n1996854 - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nkernel-4.18.0-348.el8.src.rpm\n\naarch64:\nbpftool-4.18.0-348.el8.aarch64.rpm\nbpftool-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-4.18.0-348.el8.aarch64.rpm\nkernel-core-4.18.0-348.el8.aarch64.rpm\nkernel-cross-headers-4.18.0-348.el8.aarch64.rpm\nkernel-debug-4.18.0-348.el8.aarch64.rpm\nkernel-debug-core-4.18.0-348.el8.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debug-devel-4.18.0-348.el8.aarch64.rpm\nkernel-debug-modules-4.18.0-348.el8.aarch64.rpm\nkernel-debug-modules-extra-4.18.0-348.el8.aarch64.rpm\nkernel-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-348.el8.aarch64.rpm\nkernel-devel-4.18.0-348.el8.aarch64.rpm\nkernel-headers-4.18.0-348.el8.aarch64.rpm\nkernel-modules-4.18.0-348.el8.aarch64.rpm\nkernel-modules-extra-4.18.0-348.el8.aarch64.rpm\nkernel-tools-4.18.0-348.el8.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-tools-libs-4.18.0-348.el8.aarch64.rpm\nperf-4.18.0-348.el8.aarch64.rpm\nperf-debuginfo-4.18.0-348.el8.aarch64.rpm\npython3-perf-4.18.0-348.el8.aarch64.rpm\npython3-perf-debuginfo-4.18.0-348.el8.aarch64.rpm\n\nnoarch:\nkernel-abi-stablelists-4.18.0-348.el8.noarch.rpm\nkernel-doc-4.18.0-348.el8.noarch.rpm\n\nppc64le:\nbpftool-4.18.0-348.el8.ppc64le.rpm\nbpftool-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-4.18.0-348.el8.ppc64le.rpm\nkernel-core-4.18.0-348.el8.ppc64le.rpm\nkernel-cross-headers-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-core-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-devel-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-modules-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-modules-extra-4.18.0-348.el8.ppc64le.rpm\nkernel-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-348.el8.ppc64le.rpm\nkernel-devel-4.18.0-348.el8.ppc64le.rpm\nkernel-headers-4.18.0-348.el8.ppc64le.rpm\nkernel-modules-4.18.0-348.el8.ppc64le.rpm\nkernel-modules-extra-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-libs-4.18.0-348.el8.ppc64le.rpm\nperf-4.18.0-348.el8.ppc64le.rpm\nperf-debuginfo-4.18.0-348.el8.ppc64le.rpm\npython3-perf-4.18.0-348.el8.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-348.el8.ppc64le.rpm\n\ns390x:\nbpftool-4.18.0-348.el8.s390x.rpm\nbpftool-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-4.18.0-348.el8.s390x.rpm\nkernel-core-4.18.0-348.el8.s390x.rpm\nkernel-cross-headers-4.18.0-348.el8.s390x.rpm\nkernel-debug-4.18.0-348.el8.s390x.rpm\nkernel-debug-core-4.18.0-348.el8.s390x.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-debug-devel-4.18.0-348.el8.s390x.rpm\nkernel-debug-modules-4.18.0-348.el8.s390x.rpm\nkernel-debug-modules-extra-4.18.0-348.el8.s390x.rpm\nkernel-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-debuginfo-common-s390x-4.18.0-348.el8.s390x.rpm\nkernel-devel-4.18.0-348.el8.s390x.rpm\nkernel-headers-4.18.0-348.el8.s390x.rpm\nkernel-modules-4.18.0-348.el8.s390x.rpm\nkernel-modules-extra-4.18.0-348.el8.s390x.rpm\nkernel-tools-4.18.0-348.el8.s390x.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-core-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-debuginfo-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-devel-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-modules-4.18.0-348.el8.s390x.rpm\nkernel-zfcpdump-modules-extra-4.18.0-348.el8.s390x.rpm\nperf-4.18.0-348.el8.s390x.rpm\nperf-debuginfo-4.18.0-348.el8.s390x.rpm\npython3-perf-4.18.0-348.el8.s390x.rpm\npython3-perf-debuginfo-4.18.0-348.el8.s390x.rpm\n\nx86_64:\nbpftool-4.18.0-348.el8.x86_64.rpm\nbpftool-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-4.18.0-348.el8.x86_64.rpm\nkernel-core-4.18.0-348.el8.x86_64.rpm\nkernel-cross-headers-4.18.0-348.el8.x86_64.rpm\nkernel-debug-4.18.0-348.el8.x86_64.rpm\nkernel-debug-core-4.18.0-348.el8.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debug-devel-4.18.0-348.el8.x86_64.rpm\nkernel-debug-modules-4.18.0-348.el8.x86_64.rpm\nkernel-debug-modules-extra-4.18.0-348.el8.x86_64.rpm\nkernel-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm\nkernel-devel-4.18.0-348.el8.x86_64.rpm\nkernel-headers-4.18.0-348.el8.x86_64.rpm\nkernel-modules-4.18.0-348.el8.x86_64.rpm\nkernel-modules-extra-4.18.0-348.el8.x86_64.rpm\nkernel-tools-4.18.0-348.el8.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-tools-libs-4.18.0-348.el8.x86_64.rpm\nperf-4.18.0-348.el8.x86_64.rpm\nperf-debuginfo-4.18.0-348.el8.x86_64.rpm\npython3-perf-4.18.0-348.el8.x86_64.rpm\npython3-perf-debuginfo-4.18.0-348.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\nbpftool-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-348.el8.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.aarch64.rpm\nkernel-tools-libs-devel-4.18.0-348.el8.aarch64.rpm\nperf-debuginfo-4.18.0-348.el8.aarch64.rpm\npython3-perf-debuginfo-4.18.0-348.el8.aarch64.rpm\n\nppc64le:\nbpftool-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.ppc64le.rpm\nkernel-tools-libs-devel-4.18.0-348.el8.ppc64le.rpm\nperf-debuginfo-4.18.0-348.el8.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-348.el8.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-348.el8.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-348.el8.x86_64.rpm\nkernel-tools-libs-devel-4.18.0-348.el8.x86_64.rpm\nperf-debuginfo-4.18.0-348.el8.x86_64.rpm\npython3-perf-debuginfo-4.18.0-348.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdRdzjgjWX9erEAQhs0w//as9X4T+FCf3TAbcNIStxlOK6fbJoAlST\nFrgNJnRH3RmT+VxRSLWZcsJQf78kudeJWtMezbGSVREfhCMBCGhKZ7mvVp5P7J8l\nbobmdaap3hqkPqq66VuKxGuS+6j0rXXgGQH034yzoX+L/lx6KV9qdAnZZO+7kWcy\nSfX0GkLg0ARDMfsoUKwVmeUeNLhPlJ4ZH2rBdZ4FhjyEAG/5yL9JwU/VNReWHjhW\nHgarTuSnFR3vLQDKyjMIEEiBPOI162hS2j3Ba/A/1hJ70HOjloJnd0eWYGxSuIfC\nDRrzlacFNAzBPZsbRFi1plXrHh5LtNoBBWjl+xyb6jRsB8eXgS+WhzUhOXGUv01E\nlJTwFy5Kz71d+cAhRXgmz5gVgWuoNJw8AEImefWcy4n0EEK55vdFe0Sl7BfZiwpD\nJhx97He6OurNnLrYyJJ0+TsU1L33794Ag2AJZnN1PLFUyrKKNlD1ZWtdsJg99klK\ndQteUTnnUhgDG5Tqulf0wX19BEkLd/O6CRyGueJcV4h4PFpSoWOh5Yy/BlokFzc8\nzf14PjuVueIodaIUXtK+70Zmw7tg09Dx5Asyfuk5hWFPYv856nHlDn7PT724CU8v\n1cp96h1IjLR6cF17NO2JCcbU0XZEW+aCkGkPcsY8DhBmaZqxUxXObvTD80Mm7EvN\n+PuV5cms0sE=2UUA\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4997-2\nJune 25, 2021\n\nlinux-kvm vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-kvm: Linux kernel for cloud environments\n\nDetails:\n\nUSN-4997-1 fixed vulnerabilities in the Linux kernel for Ubuntu 21.04. \nThis update provides the corresponding updates for the Linux KVM\nkernel for Ubuntu 21.04. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2021-3609)\n\nPiotr Krysiuk discovered that the eBPF implementation in the Linux kernel\ndid not properly enforce limits for pointer operations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-33200)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation did\nnot properly clear received fragments from memory in some situations. A\nphysically proximate attacker could possibly use this issue to inject\npackets or expose sensitive information. (CVE-2020-24586)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled encrypted fragments. A physically proximate attacker\ncould possibly use this issue to decrypt fragments. (CVE-2020-24587)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled certain malformed frames. If a user were tricked into\nconnecting to a malicious server, a physically proximate attacker could use\nthis issue to inject packets. (CVE-2020-24588)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled EAPOL frames from unauthenticated senders. A physically\nproximate attacker could inject malicious packets to cause a denial of\nservice (system crash). (CVE-2020-26139)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation did\nnot properly verify certain fragmented frames. A physically proximate\nattacker could possibly use this issue to inject or decrypt packets. \n(CVE-2020-26141)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\naccepted plaintext fragments in certain situations. A physically proximate\nattacker could use this issue to inject packets. (CVE-2020-26145)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation could\nreassemble mixed encrypted and plaintext fragments. A physically proximate\nattacker could possibly use this issue to inject packets or exfiltrate\nselected fragments. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2021-23133)\n\nOr Cohen and Nadav Markus discovered a use-after-free vulnerability in the\nnfc implementation in the Linux kernel. A privileged local attacker could\nuse this issue to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-23134)\n\nManfred Paul discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel contained an out-of-bounds\nvulnerability. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2021-31440)\n\nPiotr Krysiuk discovered that the eBPF implementation in the Linux kernel\ndid not properly prevent speculative loads in certain situations. A local\nattacker could use this to expose sensitive information (kernel memory). An attacker could use this\nissue to possibly execute arbitrary code. (CVE-2021-32399)\n\nIt was discovered that a use-after-free existed in the Bluetooth HCI driver\nof the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-33034)\n\nIt was discovered that an out-of-bounds (OOB) memory access flaw existed in\nthe f2fs module of the Linux kernel. A local attacker could use this issue\nto cause a denial of service (system crash). (CVE-2021-3506)\n\nMathias Krause discovered that a null pointer dereference existed in the\nNitro Enclaves kernel driver of the Linux kernel. A local attacker could\nuse this issue to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2021-3543)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  linux-image-5.11.0-1009-kvm     5.11.0-1009.9\n  linux-image-kvm                 5.11.0.1009.9\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n  https://ubuntu.com/security/notices/USN-4997-2\n  https://ubuntu.com/security/notices/USN-4997-1\n  CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139,\n  CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133,\n  CVE-2021-23134, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399,\n  CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3543,\n  CVE-2021-3609\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1009.9\n\n. Solution:\n\nFor OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1168 - Disable hostname verification in syslog TLS settings\nLOG-1235 - Using HTTPS without a secret does not translate into the correct \u0027scheme\u0027 value in Fluentd\nLOG-1375 - ssl_ca_cert should be optional\nLOG-1378 - CLO should support sasl_plaintext(Password over http)\nLOG-1392 - In fluentd config, flush_interval can\u0027t be set with flush_mode=immediate\nLOG-1494 - Syslog output is serializing json incorrectly\nLOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\nLOG-1575 - Rejected by Elasticsearch and unexpected json-parsing\nLOG-1735 - Regression introducing flush_at_shutdown \nLOG-1774 - The collector logs should  be excluded in fluent.conf\nLOG-1776 - fluentd total_limit_size sets value beyond available space\nLOG-1822 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled\nLOG-1862 - Unsupported kafka parameters when enabled Kafka SASL\nLOG-1903 - Fix the Display of ClusterLogging type in OLM\nLOG-1911 - CLF API changes to Opt-in to multiline error detection\nLOG-1918 - Alert `FluentdNodeDown` always firing \nLOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding\n\n6",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-23133"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23133"
          },
          {
            "db": "PACKETSTORM",
            "id": "164875"
          },
          {
            "db": "PACKETSTORM",
            "id": "164837"
          },
          {
            "db": "PACKETSTORM",
            "id": "163249"
          },
          {
            "db": "PACKETSTORM",
            "id": "163251"
          },
          {
            "db": "PACKETSTORM",
            "id": "163253"
          },
          {
            "db": "PACKETSTORM",
            "id": "163255"
          },
          {
            "db": "PACKETSTORM",
            "id": "163262"
          },
          {
            "db": "PACKETSTORM",
            "id": "163291"
          },
          {
            "db": "PACKETSTORM",
            "id": "163301"
          },
          {
            "db": "PACKETSTORM",
            "id": "164967"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-23133",
            "trust": 2.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/05/10/1",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/05/10/2",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/04/18/2",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/05/10/3",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/05/10/4",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164875",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "163249",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "163291",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2589",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2249",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2511",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3905",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2528",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2423",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2409",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2216",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2079",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3825",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4254",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021051015",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1348",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23133",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164837",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163251",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163253",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163255",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163262",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163301",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164967",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-23133"
          },
          {
            "db": "PACKETSTORM",
            "id": "164875"
          },
          {
            "db": "PACKETSTORM",
            "id": "164837"
          },
          {
            "db": "PACKETSTORM",
            "id": "163249"
          },
          {
            "db": "PACKETSTORM",
            "id": "163251"
          },
          {
            "db": "PACKETSTORM",
            "id": "163253"
          },
          {
            "db": "PACKETSTORM",
            "id": "163255"
          },
          {
            "db": "PACKETSTORM",
            "id": "163262"
          },
          {
            "db": "PACKETSTORM",
            "id": "163291"
          },
          {
            "db": "PACKETSTORM",
            "id": "163301"
          },
          {
            "db": "PACKETSTORM",
            "id": "164967"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1348"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23133"
          }
        ]
      },
      "id": "VAR-202104-1571",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.625
      },
      "last_update_date": "2026-04-10T23:03:20.449000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Linux kernel Repair measures for the competition condition problem loophole",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148726"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-23133 log"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-23133"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1348"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-362",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-23133"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b"
          },
          {
            "trust": 1.7,
            "url": "https://www.openwall.com/lists/oss-security/2021/04/18/2"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2021/05/10/1"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2021/05/10/2"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2021/05/10/3"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2021/05/10/4"
          },
          {
            "trust": 1.6,
            "url": "https://security.netapp.com/advisory/ntap-20210611-0008/"
          },
          {
            "trust": 1.6,
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          },
          {
            "trust": 1.6,
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23133"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/paeq3h6hkno6kucgrzvysfsageux23jl/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cux2ca63453g34c6kyvbljxjxearzi2x/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xzashzvcofj4vu2i3bn5w5ephwjq7qwx/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26147"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24588"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24586"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26145"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24587"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26141"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26139"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/paeq3h6hkno6kucgrzvysfsageux23jl/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cux2ca63453g34c6kyvbljxjxearzi2x/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xzashzvcofj4vu2i3bn5w5ephwjq7qwx/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3609"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021051015"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163291/ubuntu-security-notice-usn-5000-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164875/red-hat-security-advisory-2021-4140-02.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2216"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2249"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2589"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3905"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2409"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2528"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3825"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163249/ubuntu-security-notice-usn-4997-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2423"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2511"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4254"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2079"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/linux-kernel-memory-corruption-via-sctp-destroy-sock-35106"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33200"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3506"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23134"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33034"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31829"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31440"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-26143"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-24504"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3600"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-20239"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-26144"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3679"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-36158"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3635"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-31829"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-26145"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-36386"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-33200"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-29650"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3573"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-29368"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-20194"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-24586"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-26147"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-31916"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-26141"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3348"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-28950"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-24588"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-26140"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-31440"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-26146"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-29646"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-29155"
          },
          {
            "trust": 0.3,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3732"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-0129"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3489"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-29660"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-24587"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-26139"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-28971"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-24502"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-24503"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3659"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3564"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-0427"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23133"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3543"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26144"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24504"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20239"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20194"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0129"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28950"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26143"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29368"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29155"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26140"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36386"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29660"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28971"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36158"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26146"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-27777"
          },
          {
            "trust": 0.2,
            "url": "https://ubuntu.com/security/notices/usn-4997-1"
          },
          {
            "trust": 0.2,
            "url": "https://ubuntu.com/security/notices/usn-5000-1"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/362.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://seclists.org/oss-sec/2021/q2/110"
          },
          {
            "trust": 0.1,
            "url": "https://security.archlinux.org/cve-2021-23133"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4140"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4356"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.11.0-1010.10"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.11.0-1011.11"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.11.0-1012.13"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.11.0-1011.12"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.11.0-1009.9"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/5.11.0-22.23"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.8/5.8.0-1033.34~20.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure-5.8/5.8.0-1036.38~20.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25670"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1029.32"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1035.37"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/5.8.0-59.66"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25671"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1038.40"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1036.38"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25673"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-59.66~20.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1030.32"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.8/5.8.0-1035.37~20.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws-5.8/5.8.0-1038.40~20.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-4999-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1033.34"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1046.49"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1048.52"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1051.53~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1051.53"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1018.19"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1038.41"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1046.48~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1018.19~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-77.86~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1038.41~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-77.86"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1051.53"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1046.49~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1051.53~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1048.52~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1046.48"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5001-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1033.34"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3600"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1075.83"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5003-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1103.116"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1022.26"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1106.113"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1118.131"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1089.94"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-147.151"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1106.115"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5000-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1041.42"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1009.9"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-4997-2"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25014"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35522"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14615"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23841"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33574"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36332"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36331"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33033"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3487"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36312"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25009"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35448"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-17541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25013"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35524"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20266"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27645"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33194"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36330"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20284"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31535"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-35942"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3481"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14145"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3796"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25010"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4627"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-23133"
          },
          {
            "db": "PACKETSTORM",
            "id": "164875"
          },
          {
            "db": "PACKETSTORM",
            "id": "164837"
          },
          {
            "db": "PACKETSTORM",
            "id": "163249"
          },
          {
            "db": "PACKETSTORM",
            "id": "163251"
          },
          {
            "db": "PACKETSTORM",
            "id": "163253"
          },
          {
            "db": "PACKETSTORM",
            "id": "163255"
          },
          {
            "db": "PACKETSTORM",
            "id": "163262"
          },
          {
            "db": "PACKETSTORM",
            "id": "163291"
          },
          {
            "db": "PACKETSTORM",
            "id": "163301"
          },
          {
            "db": "PACKETSTORM",
            "id": "164967"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1348"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23133"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2021-23133",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164875",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164837",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163249",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163251",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163253",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163255",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163262",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163291",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163301",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164967",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1348",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23133",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-04-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23133",
            "ident": null
          },
          {
            "date": "2021-11-10T17:10:23",
            "db": "PACKETSTORM",
            "id": "164875",
            "ident": null
          },
          {
            "date": "2021-11-10T17:04:39",
            "db": "PACKETSTORM",
            "id": "164837",
            "ident": null
          },
          {
            "date": "2021-06-23T15:33:13",
            "db": "PACKETSTORM",
            "id": "163249",
            "ident": null
          },
          {
            "date": "2021-06-23T15:35:21",
            "db": "PACKETSTORM",
            "id": "163251",
            "ident": null
          },
          {
            "date": "2021-06-23T15:38:23",
            "db": "PACKETSTORM",
            "id": "163253",
            "ident": null
          },
          {
            "date": "2021-06-23T15:41:26",
            "db": "PACKETSTORM",
            "id": "163255",
            "ident": null
          },
          {
            "date": "2021-06-23T15:48:14",
            "db": "PACKETSTORM",
            "id": "163262",
            "ident": null
          },
          {
            "date": "2021-06-27T12:22:22",
            "db": "PACKETSTORM",
            "id": "163291",
            "ident": null
          },
          {
            "date": "2021-06-28T16:22:26",
            "db": "PACKETSTORM",
            "id": "163301",
            "ident": null
          },
          {
            "date": "2021-11-15T17:25:56",
            "db": "PACKETSTORM",
            "id": "164967",
            "ident": null
          },
          {
            "date": "2021-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1348",
            "ident": null
          },
          {
            "date": "2021-04-22T18:15:08.123000",
            "db": "NVD",
            "id": "CVE-2021-23133",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23133",
            "ident": null
          },
          {
            "date": "2021-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1348",
            "ident": null
          },
          {
            "date": "2024-11-21T05:51:16.080000",
            "db": "NVD",
            "id": "CVE-2021-23133",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "163249"
          },
          {
            "db": "PACKETSTORM",
            "id": "163251"
          },
          {
            "db": "PACKETSTORM",
            "id": "163253"
          },
          {
            "db": "PACKETSTORM",
            "id": "163255"
          },
          {
            "db": "PACKETSTORM",
            "id": "163262"
          },
          {
            "db": "PACKETSTORM",
            "id": "163291"
          },
          {
            "db": "PACKETSTORM",
            "id": "163301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1348"
          }
        ],
        "trust": 1.3
      },
      "title": {
        "_id": null,
        "data": "Linux kernel Competitive conditional vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1348"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "arbitrary",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "163249"
          },
          {
            "db": "PACKETSTORM",
            "id": "163251"
          },
          {
            "db": "PACKETSTORM",
            "id": "163253"
          },
          {
            "db": "PACKETSTORM",
            "id": "163255"
          },
          {
            "db": "PACKETSTORM",
            "id": "163262"
          },
          {
            "db": "PACKETSTORM",
            "id": "163291"
          },
          {
            "db": "PACKETSTORM",
            "id": "163301"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-202004-0530

    Vulnerability from variot - Updated: 2026-04-10 22:49

    In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). OpenLDAP Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. The filter.c file of slapd in versions earlier than OpenLDAP 2.4.50 has a security vulnerability.

    For the oldstable distribution (stretch), this problem has been fixed in version 2.4.44+dfsg-5+deb9u4.

    For the stable distribution (buster), this problem has been fixed in version 2.4.47+dfsg-3+deb10u2.

    We recommend that you upgrade your openldap packages.

    For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6ofsxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qx4Q//dOnPiP6bKHrFUFtyv59tV5Zpa1jJ6BmIr3/5ueODnBu8MHLJw8503zLJ I43LDTzvGkXrxy0Y28YC5Qpv1oHW3gvPzFsTrn2DObeUnHlKOOUsyzz3saHXyyzQ ki+2UGsUXydSazDMeJzcoMfRdVpCtjc+GNTb/y7nxgwoKrz/WJplGstp2ibd8ftv Ju4uT8VJZcC3IEGhkYXJ7TENlegOK2FCewYMZARrNT/tjIDyAqfKi2muCg7oadx/ 5WZGLW7Pdw25jFknVy/Y7fEyJDWQdPH7NchK5tZy6D1lWQh67GcvJFSo5HICwb+n FilP29mIBbS96JQq6u5jWWMpAD6RPCtIltak4QdYptjdrQnTDFy3RJSTdZeis8ty HKwYJgNzVG6SCy04t3D+zeMbgEZOvj6GWrURQUqZJQmc4V9l89E0/D7zV3AX9Q9v 0hKEtpc//bZrS71QVqJvkWvrgfutB72Vnqfull+DBxvt33ma5W2il6kxGMwJK3S9 0lk60dzEDCdYp8TE61y8N4z+2IB/Otg9Ni2I8pmaE5s1/ZUva+8GhSjbmGyIhbpk p55kTiZUgpmu6EK2Kvjkh9rMlaa1IHXL8tdrbo8pRVtQHlA8/HUgoGiUHuX1h+Kw LZVjIV/L4qOFQ54uMbSscZgMEvhfW00fe3o2zI8WQZ9IPCQ3oRg= =K3JD -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4352-2 May 06, 2020

    openldap vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 14.04 ESM
    • Ubuntu 12.04 ESM

    Summary:

    OpenLDAP could be made to crash if it received specially crafted network traffic.

    Software Description: - openldap: Lightweight Directory Access Protocol

    Details:

    USN-4352-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

    Original advisory details:

    It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service.

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 14.04 ESM: slapd 2.4.31-1+nmu2ubuntu8.5+esm2

    Ubuntu 12.04 ESM: slapd 2.4.28-1.1ubuntu4.10

    In general, a standard system update will make all the necessary changes.

    Bug Fix(es):

    • Gather image registry config (backport to 4.3) (BZ#1836815)

    • Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176)

    • Login with OpenShift not working after cluster upgrade (BZ#1852429)

    • Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018)

    • [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110)

    • [release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293)

    You may download the oc tool and use it to inspect release image metadata as follows:

    (For x86_64 architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64

    The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc

    (For s390x architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64

    (For ppc64le architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le

    The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc

    1. Solution:

    For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):

    1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: Red Hat Ansible Automation Platform Operator 1.2 security update Advisory ID: RHSA-2021:1079-01 Product: Red Hat Ansible Automation Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:1079 Issue date: 2021-04-06 Keywords: Security Update CVE Names: CVE-2017-12652 CVE-2018-20843 CVE-2019-5094 CVE-2019-5188 CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-12749 CVE-2019-14866 CVE-2019-14973 CVE-2019-15903 CVE-2019-17006 CVE-2019-17023 CVE-2019-17498 CVE-2019-17546 CVE-2019-19956 CVE-2019-20388 CVE-2019-20907 CVE-2020-1971 CVE-2020-5313 CVE-2020-6829 CVE-2020-7595 CVE-2020-8177 CVE-2020-8625 CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-14422 CVE-2020-15999 CVE-2021-3156 CVE-2021-3447 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 ==================================================================== 1. Summary:

    Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat Ansible Automation Platform Resource Operator container images with security fixes.

    Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster.

    Security fixes:

    CVE-2021-20191 ansible: multiple modules expose secured values [ansible_automation_platform-1.2] (BZ#1916813)

    CVE-2021-20178 ansible: user data leak in snmp_facts module [ansible_automation_platform-1.2] (BZ#1914774)

    CVE-2021-20180 ansible: ansible module: bitbucket_pipeline_variable exposes secured values [ansible_automation_platform-1.2] (BZ#1915808)

    CVE-2021-20228 ansible: basic.py no_log with fallback option [ansible_automation_platform-1.2] (BZ#1925002)

    CVE-2021-3447 ansible: multiple modules expose secured values [ansible_automation_platform-1.2] (BZ#1939349)

    For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values

    1. References:

    https://access.redhat.com/security/cve/CVE-2017-12652 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-14973 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-5313 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8625 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/cve/CVE-2021-3447 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/cve/CVE-2021-3447

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYHBeatzjgjWX9erEAQhLuw//QLV4QWc4E9o8cG3IJr3xIt6b/OHs6b9s hp04e5kT7IWFpmR3VXK+BEK2dd+NiGdvXPOpwe4BaOUWEDmq+dx4Vac5Z0GcZJUK AJz8dXFPYBgIafuIkWyY9UIvSO/VsQ2Dr4+KUnB1obALAz3ndSoQJFS1hysFBXHS +MulKiYVwFw7UbfvGuFLjmLrNTAflVa9MHmdh3P53bU+U2mCgzuHTFIpodkZhuIt aIR0H/dgHXXG8co20Zb5Nciqr0CxqejQ+xz84Yu0I+y1LWdBAhi34c3zJY4rlEQS 6/nfcsSPEadNCTXQu/TX6yvo6sE8A7/xGh1PDf0PLVv+Xh7TE53MtmTnYcl8uiRO 9m3CfJ7PLO2hpl6QuJzuUe7nXx65/qIoKQjZfNpZVXj/LQtL1F4RE7szmswIGNZL IG51pYEUE98aR3gIlLpoMjW4vtC+rdcwSBaLW5gH1Q5hNRlTLmFBTKmYNkCpd4Ho NP3AKEwx9R8ZdGYcCuZwYPvSQSqX+B9qURw5G4E/vbso8Vh9RYQ3kusnf93Q/1LG ImHCbsVWJDMMt/NRj5OvqgZc18ROqHhSpuJ+A44VCI+UihkZb2ai4DjGef0WHZhq XTMyLECTJIwM4aY+BC1ohYm0Whvs/w/hd03tGFBJhlIoBYakY6o8lRD7hCc8E/YI dEQ0aSabgEY=D/Lt -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

    • Updated python-psutil version to 5.6.6 inside ansible-runner container (CVE-2019-18874)

    • Solution:

    For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "steelstore cloud integrated storage",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.6"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h300e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "_id": null,
            "model": "h700e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.6"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.13.6"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "h410c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "11"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.6"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "20.04"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.13.0"
          },
          {
            "_id": null,
            "model": "brocade fabric operating system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.10"
          },
          {
            "_id": null,
            "model": "h500e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.13.6"
          },
          {
            "_id": null,
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "openldap",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "openldap",
            "version": "2.4.50"
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "openldap",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "openldap",
            "version": "2.4.50"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12243"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:debian:debian_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openldap:openldap",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "159661"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "159553"
          },
          {
            "db": "PACKETSTORM",
            "id": "159552"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2326"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2020-12243",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12243",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005084",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-164902",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12243",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005084",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12243",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-005084",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2326",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-164902",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12243",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-164902"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12243"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12243"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). OpenLDAP Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. The filter.c file of slapd in versions earlier than OpenLDAP 2.4.50 has a security vulnerability. \n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 2.4.44+dfsg-5+deb9u4. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.4.47+dfsg-3+deb10u2. \n\nWe recommend that you upgrade your openldap packages. \n\nFor the detailed security status of openldap please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openldap\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6ofsxfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Qx4Q//dOnPiP6bKHrFUFtyv59tV5Zpa1jJ6BmIr3/5ueODnBu8MHLJw8503zLJ\nI43LDTzvGkXrxy0Y28YC5Qpv1oHW3gvPzFsTrn2DObeUnHlKOOUsyzz3saHXyyzQ\nki+2UGsUXydSazDMeJzcoMfRdVpCtjc+GNTb/y7nxgwoKrz/WJplGstp2ibd8ftv\nJu4uT8VJZcC3IEGhkYXJ7TENlegOK2FCewYMZARrNT/tjIDyAqfKi2muCg7oadx/\n5WZGLW7Pdw25jFknVy/Y7fEyJDWQdPH7NchK5tZy6D1lWQh67GcvJFSo5HICwb+n\nFilP29mIBbS96JQq6u5jWWMpAD6RPCtIltak4QdYptjdrQnTDFy3RJSTdZeis8ty\nHKwYJgNzVG6SCy04t3D+zeMbgEZOvj6GWrURQUqZJQmc4V9l89E0/D7zV3AX9Q9v\n0hKEtpc//bZrS71QVqJvkWvrgfutB72Vnqfull+DBxvt33ma5W2il6kxGMwJK3S9\n0lk60dzEDCdYp8TE61y8N4z+2IB/Otg9Ni2I8pmaE5s1/ZUva+8GhSjbmGyIhbpk\np55kTiZUgpmu6EK2Kvjkh9rMlaa1IHXL8tdrbo8pRVtQHlA8/HUgoGiUHuX1h+Kw\nLZVjIV/L4qOFQ54uMbSscZgMEvhfW00fe3o2zI8WQZ9IPCQ3oRg=\n=K3JD\n-----END PGP SIGNATURE-----\n. =========================================================================\nUbuntu Security Notice USN-4352-2\nMay 06, 2020\n\nopenldap vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nOpenLDAP could be made to crash if it received specially crafted\nnetwork traffic. \n\nSoftware Description:\n- openldap: Lightweight Directory Access Protocol\n\nDetails:\n\nUSN-4352-1 fixed a vulnerability in OpenLDAP. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that OpenLDAP incorrectly handled certain queries. A\n remote attacker could possibly use this issue to cause OpenLDAP to consume\n resources, resulting in a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  slapd                           2.4.31-1+nmu2ubuntu8.5+esm2\n\nUbuntu 12.04 ESM:\n  slapd                           2.4.28-1.1ubuntu4.10\n\nIn general, a standard system update will make all the necessary changes. \n\nBug Fix(es):\n\n* Gather image registry config (backport to 4.3) (BZ#1836815)\n\n* Builds fail after running postCommit script if OCP cluster is configured\nwith a container registry whitelist (BZ#1849176)\n\n* Login with OpenShift not working after cluster upgrade (BZ#1852429)\n\n* Limit the size of gathered federated metrics from alerts in Insights\nOperator (BZ#1874018)\n\n* [4.3] Storage operator stops reconciling when going Upgradeable=False on\nv1alpha1 CRDs (BZ#1879110)\n\n* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes\nafter one of master nodes went down(OAuth) (BZ#1880293)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-x86_64\n\nThe image digest is\nsha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-s390x\nThe image digest is\nsha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le\n\nThe image digest is\nsha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc\n\n3. Solution:\n\nFor OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1836815 - Gather image registry config (backport to 4.3)\n1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist\n1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator\n1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized\n1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat Ansible Automation Platform Operator 1.2 security update\nAdvisory ID:       RHSA-2021:1079-01\nProduct:           Red Hat Ansible Automation Platform\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:1079\nIssue date:        2021-04-06\nKeywords:          Security Update\nCVE Names:         CVE-2017-12652 CVE-2018-20843 CVE-2019-5094\n                   CVE-2019-5188 CVE-2019-11719 CVE-2019-11727\n                   CVE-2019-11756 CVE-2019-12749 CVE-2019-14866\n                   CVE-2019-14973 CVE-2019-15903 CVE-2019-17006\n                   CVE-2019-17023 CVE-2019-17498 CVE-2019-17546\n                   CVE-2019-19956 CVE-2019-20388 CVE-2019-20907\n                   CVE-2020-1971 CVE-2020-5313 CVE-2020-6829\n                   CVE-2020-7595 CVE-2020-8177 CVE-2020-8625\n                   CVE-2020-12243 CVE-2020-12400 CVE-2020-12401\n                   CVE-2020-12402 CVE-2020-12403 CVE-2020-14422\n                   CVE-2020-15999 CVE-2021-3156 CVE-2021-3447\n                   CVE-2021-20178 CVE-2021-20180 CVE-2021-20191\n                   CVE-2021-20228\n====================================================================\n1. Summary:\n\nRed Hat Ansible Automation Platform Resource Operator 1.2 (technical\npreview) images that fix several security issues. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Ansible Automation Platform Resource Operator container images\nwith security fixes. \n\nAnsible Automation Platform manages Ansible Platform jobs and workflows\nthat can interface with any infrastructure on a Red Hat OpenShift Container\nPlatform cluster, or on a traditional infrastructure that is running\noff-cluster. \n\nSecurity fixes:\n\nCVE-2021-20191 ansible: multiple modules expose secured values\n[ansible_automation_platform-1.2] (BZ#1916813)\n\nCVE-2021-20178 ansible: user data leak in snmp_facts module\n[ansible_automation_platform-1.2] (BZ#1914774)\n\nCVE-2021-20180 ansible: ansible module: bitbucket_pipeline_variable exposes\nsecured values [ansible_automation_platform-1.2] (BZ#1915808)\n\nCVE-2021-20228 ansible: basic.py no_log with fallback option\n[ansible_automation_platform-1.2] (BZ#1925002)\n\nCVE-2021-3447 ansible: multiple modules expose secured values\n[ansible_automation_platform-1.2] (BZ#1939349)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-12652\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-5094\nhttps://access.redhat.com/security/cve/CVE-2019-5188\nhttps://access.redhat.com/security/cve/CVE-2019-11719\nhttps://access.redhat.com/security/cve/CVE-2019-11727\nhttps://access.redhat.com/security/cve/CVE-2019-11756\nhttps://access.redhat.com/security/cve/CVE-2019-12749\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-14973\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-17006\nhttps://access.redhat.com/security/cve/CVE-2019-17023\nhttps://access.redhat.com/security/cve/CVE-2019-17498\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-5313\nhttps://access.redhat.com/security/cve/CVE-2020-6829\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8625\nhttps://access.redhat.com/security/cve/CVE-2020-12243\nhttps://access.redhat.com/security/cve/CVE-2020-12400\nhttps://access.redhat.com/security/cve/CVE-2020-12401\nhttps://access.redhat.com/security/cve/CVE-2020-12402\nhttps://access.redhat.com/security/cve/CVE-2020-12403\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2021-3156\nhttps://access.redhat.com/security/cve/CVE-2021-3447\nhttps://access.redhat.com/security/cve/CVE-2021-20178\nhttps://access.redhat.com/security/cve/CVE-2021-20180\nhttps://access.redhat.com/security/cve/CVE-2021-20191\nhttps://access.redhat.com/security/cve/CVE-2021-20228\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/security/cve/CVE-2021-20191\nhttps://access.redhat.com/security/cve/CVE-2021-20178\nhttps://access.redhat.com/security/cve/CVE-2021-20180\nhttps://access.redhat.com/security/cve/CVE-2021-20228\nhttps://access.redhat.com/security/cve/CVE-2021-3447\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHBeatzjgjWX9erEAQhLuw//QLV4QWc4E9o8cG3IJr3xIt6b/OHs6b9s\nhp04e5kT7IWFpmR3VXK+BEK2dd+NiGdvXPOpwe4BaOUWEDmq+dx4Vac5Z0GcZJUK\nAJz8dXFPYBgIafuIkWyY9UIvSO/VsQ2Dr4+KUnB1obALAz3ndSoQJFS1hysFBXHS\n+MulKiYVwFw7UbfvGuFLjmLrNTAflVa9MHmdh3P53bU+U2mCgzuHTFIpodkZhuIt\naIR0H/dgHXXG8co20Zb5Nciqr0CxqejQ+xz84Yu0I+y1LWdBAhi34c3zJY4rlEQS\n6/nfcsSPEadNCTXQu/TX6yvo6sE8A7/xGh1PDf0PLVv+Xh7TE53MtmTnYcl8uiRO\n9m3CfJ7PLO2hpl6QuJzuUe7nXx65/qIoKQjZfNpZVXj/LQtL1F4RE7szmswIGNZL\nIG51pYEUE98aR3gIlLpoMjW4vtC+rdcwSBaLW5gH1Q5hNRlTLmFBTKmYNkCpd4Ho\nNP3AKEwx9R8ZdGYcCuZwYPvSQSqX+B9qURw5G4E/vbso8Vh9RYQ3kusnf93Q/1LG\nImHCbsVWJDMMt/NRj5OvqgZc18ROqHhSpuJ+A44VCI+UihkZb2ai4DjGef0WHZhq\nXTMyLECTJIwM4aY+BC1ohYm0Whvs/w/hd03tGFBJhlIoBYakY6o8lRD7hCc8E/YI\ndEQ0aSabgEY=D/Lt\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\n* Updated python-psutil version to 5.6.6 inside ansible-runner container\n(CVE-2019-18874)\n\n3. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084"
          },
          {
            "db": "VULHUB",
            "id": "VHN-164902"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12243"
          },
          {
            "db": "PACKETSTORM",
            "id": "168811"
          },
          {
            "db": "PACKETSTORM",
            "id": "157602"
          },
          {
            "db": "PACKETSTORM",
            "id": "159661"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "159553"
          },
          {
            "db": "PACKETSTORM",
            "id": "157601"
          },
          {
            "db": "PACKETSTORM",
            "id": "159552"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12243",
            "trust": 3.3
          },
          {
            "db": "PACKETSTORM",
            "id": "157602",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "159553",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "162142",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2326",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161727",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "159347",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161916",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162130",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-116-01",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1207",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1637",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2604",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0845",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1742.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3631",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1742",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1458",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0986",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3535",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1193",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1569",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1613",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "159552",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "157601",
            "trust": 0.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27485",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-164902",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12243",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168811",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "159661",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-164902"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12243"
          },
          {
            "db": "PACKETSTORM",
            "id": "168811"
          },
          {
            "db": "PACKETSTORM",
            "id": "157602"
          },
          {
            "db": "PACKETSTORM",
            "id": "159661"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "159553"
          },
          {
            "db": "PACKETSTORM",
            "id": "157601"
          },
          {
            "db": "PACKETSTORM",
            "id": "159552"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12243"
          }
        ]
      },
      "id": "VAR-202004-0530",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-164902"
          }
        ],
        "trust": 0.725
      },
      "last_update_date": "2026-04-10T22:49:42.856000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "[SECURITY] [DLA 2199-1] openldap security update",
            "trust": 0.8,
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html"
          },
          {
            "title": "DSA-4666",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2020/dsa-4666"
          },
          {
            "title": "Issue#9248",
            "trust": 0.8,
            "url": "https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES"
          },
          {
            "title": "ITS#9202 limit depth of nested filters",
            "trust": 0.8,
            "url": "https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440"
          },
          {
            "title": "Issue 9202",
            "trust": 0.8,
            "url": "https://bugs.openldap.org/show_bug.cgi?id=9202"
          },
          {
            "title": "OpenLDAP Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118093"
          },
          {
            "title": "Red Hat: Moderate: openldap security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204041 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: openldap vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4352-1"
          },
          {
            "title": "Ubuntu Security Notice: openldap vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4352-2"
          },
          {
            "title": "Debian Security Advisories: DSA-4666-1 openldap -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=fb4df889a45e12b120ab07487d89cbed"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2020-1539",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1539"
          },
          {
            "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204254 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204255 - Security Advisory"
          },
          {
            "title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ca8040b949152189bea3a3126afcd39"
          },
          {
            "title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204264 - Security Advisory"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-12243"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-674",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-164902"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12243"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
          },
          {
            "trust": 1.9,
            "url": "https://usn.ubuntu.com/4352-1/"
          },
          {
            "trust": 1.8,
            "url": "https://git.openldap.org/openldap/openldap/-/blob/openldap_rel_eng_2_4/changes"
          },
          {
            "trust": 1.8,
            "url": "https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20200511-0003/"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht211289"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2020/dsa-4666"
          },
          {
            "trust": 1.8,
            "url": "https://bugs.openldap.org/show_bug.cgi?id=9202"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html"
          },
          {
            "trust": 1.8,
            "url": "https://usn.ubuntu.com/4352-2/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12243"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1742.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1458/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1569/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-116-01"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht211289"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/openldap-denial-of-service-via-search-filters-32124"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159347/red-hat-security-advisory-2020-4041-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157602/ubuntu-security-notice-usn-4352-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1637/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1613/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1742/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-12749"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17023"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-6829"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12403"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-20388"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11756"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12243"
          },
          {
            "trust": 0.4,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-14973"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17498"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-7595"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17006"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-5094"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-19956"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17546"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12400"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11727"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-15903"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2018-20843"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12402"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-12652"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12401"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11719"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-14866"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-5188"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-19126"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-5482"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-16935"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-12450"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-20386"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-14822"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-5313"
          },
          {
            "trust": 0.2,
            "url": "https://usn.ubuntu.com/4352-1"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1240"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-18874"
          },
          {
            "trust": 0.2,
            "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-14365"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/674.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:4041"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-116-01"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/openldap"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4352-2"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:4264"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-2974"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#low"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2226"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2780"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2974"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2752"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2574"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14352"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2225"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12825"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18190"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8696"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2181"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2182"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8675"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-18190"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2224"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9283"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-11068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2812"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20907"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1079"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8625"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20228"
          },
          {
            "trust": 0.1,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3156"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3447"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1971"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20180"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20178"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:4255"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openldap/2.4.48+dfsg-1ubuntu1.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.8"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:4254"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-164902"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12243"
          },
          {
            "db": "PACKETSTORM",
            "id": "168811"
          },
          {
            "db": "PACKETSTORM",
            "id": "157602"
          },
          {
            "db": "PACKETSTORM",
            "id": "159661"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "159553"
          },
          {
            "db": "PACKETSTORM",
            "id": "157601"
          },
          {
            "db": "PACKETSTORM",
            "id": "159552"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12243"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-164902",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12243",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168811",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "157602",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "159661",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "162142",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "159553",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "157601",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "159552",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2326",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12243",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-04-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-164902",
            "ident": null
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12243",
            "ident": null
          },
          {
            "date": "2020-04-28T19:12:00",
            "db": "PACKETSTORM",
            "id": "168811",
            "ident": null
          },
          {
            "date": "2020-05-07T15:33:32",
            "db": "PACKETSTORM",
            "id": "157602",
            "ident": null
          },
          {
            "date": "2020-10-21T15:40:32",
            "db": "PACKETSTORM",
            "id": "159661",
            "ident": null
          },
          {
            "date": "2021-04-09T15:06:13",
            "db": "PACKETSTORM",
            "id": "162142",
            "ident": null
          },
          {
            "date": "2020-10-14T16:52:18",
            "db": "PACKETSTORM",
            "id": "159553",
            "ident": null
          },
          {
            "date": "2020-05-07T15:33:27",
            "db": "PACKETSTORM",
            "id": "157601",
            "ident": null
          },
          {
            "date": "2020-10-14T16:52:12",
            "db": "PACKETSTORM",
            "id": "159552",
            "ident": null
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2326",
            "ident": null
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005084",
            "ident": null
          },
          {
            "date": "2020-04-28T19:15:12.267000",
            "db": "NVD",
            "id": "CVE-2020-12243",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-04-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-164902",
            "ident": null
          },
          {
            "date": "2022-04-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12243",
            "ident": null
          },
          {
            "date": "2022-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2326",
            "ident": null
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005084",
            "ident": null
          },
          {
            "date": "2024-11-21T04:59:22.057000",
            "db": "NVD",
            "id": "CVE-2020-12243",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "157602"
          },
          {
            "db": "PACKETSTORM",
            "id": "157601"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2326"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "_id": null,
        "data": "OpenLDAP Resource exhaustion vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005084"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2326"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201710-0206

    Vulnerability from variot - Updated: 2026-04-10 22:39

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The WPA2 wireless network has a PTK-TK key reload vulnerability in the fourth handshake. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: wpa_supplicant security update Advisory ID: RHSA-2017:2907-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2907 Issue date: 2017-10-17 CVE Names: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 =====================================================================

    1. Summary:

    An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

    Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake 1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake 1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake 1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it 1500302 - CVE-2017-13086 wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake 1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame 1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    aarch64: wpa_supplicant-2.6-5.el7_4.1.aarch64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm

    ppc64: wpa_supplicant-2.6-5.el7_4.1.ppc64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm

    ppc64le: wpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm

    s390x: wpa_supplicant-2.6-5.el7_4.1.s390x.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2017-13077 https://access.redhat.com/security/cve/CVE-2017-13078 https://access.redhat.com/security/cve/CVE-2017-13080 https://access.redhat.com/security/cve/CVE-2017-13082 https://access.redhat.com/security/cve/CVE-2017-13086 https://access.redhat.com/security/cve/CVE-2017-13087 https://access.redhat.com/security/cve/CVE-2017-13088 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kracks

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9

    AirPort Base Station Firmware Update 7.7.9 is now available and addresses the following:

    AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

    AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    Installation note:

    Firmware version 7.7.9 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.

    AirPort Utility for Mac is a free download from https://support.apple.com/downloads/ and AirPort Utility for iOS is a free download from the App Store. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    Installation note:

    Wi-Fi Update for Boot Camp 6.4.0 may be obtained from Apple Software Update for Windows. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).

    An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2.

    For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1.

    For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1.

    For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1.

    We recommend that you upgrade your wpa packages. ========================================================================== Ubuntu Security Notice USN-3455-1 October 16, 2017

    wpa vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 17.04
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS

    Summary:

    Several security issues were fixed in wpa_supplicant.

    Software Description: - wpa: client support for WPA and WPA2

    Details:

    Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

    Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476)

    Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 17.04: hostapd 2.4-0ubuntu9.1 wpasupplicant 2.4-0ubuntu9.1

    Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.2 wpasupplicant 2.4-0ubuntu6.2

    Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.5 wpasupplicant 2.1-0ubuntu1.5

    After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201711-03


                                           https://security.gentoo.org/
    

    Severity: Normal Title: hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks Date: November 10, 2017 Bugs: #634436, #634438 ID: 201711-03


    Synopsis

    A flaw was discovered in the 4-way handshake in hostapd and wpa_supplicant that allows attackers to conduct a Man in the Middle attack.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-wireless/hostapd < 2.6-r1 >= 2.6-r1 2 net-wireless/wpa_supplicant < 2.6-r3 >= 2.6-r3 ------------------------------------------------------------------- 2 affected packages

    Description

    WiFi Protected Access (WPA and WPA2) and it's associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details.

    Impact

    An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks.

    Workaround

    There is no known workaround at this time.

    Resolution

    All hostapd users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.6-r1"

    All wpa_supplicant users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot -v ">=net-wireless/wpa_supplicant-2.6-r3"

    References

    [ 1 ] CVE-2017-13077 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077 [ 2 ] CVE-2017-13078 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078 [ 3 ] CVE-2017-13079 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079 [ 4 ] CVE-2017-13080 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project

    Topic: WPA2 protocol vulnerability

    Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

    1. Revision history

    v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases.

    I.

    hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol.

    II. Problem Description

    A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys.

    III. Impact

    Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

    IV. Workaround

    An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary:

    wpa_supplicant_program="/usr/local/sbin/wpa_supplicant"

    and restart networking.

    An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary:

    hostapd_program="/usr/local/sbin/hostapd"

    and restart hostapd.

    V. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    2) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

    freebsd-update fetch

    freebsd-update install

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    3) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc

    gpg --verify wpa-11.patch.asc

    [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc

    gpg --verify wpa-10.patch.asc

    b) Apply the patch. Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    c) Recompile the operating system using buildworld and installworld as described in .

    Restart the applicable daemons, or reboot the system.

    VI. Correction details

    The following list contains the correction revision numbers for each affected branch.

    Branch/path Revision


    stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741


    To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

    svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    VII. References

    The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE----- .

    Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz

    Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz

    MD5 signatures: +-------------+

    Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz

    Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz

    Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux enterprise point of sale",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "openstack cloud",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.7"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.8"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "_id": null,
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.2"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "17.04"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "9front",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "adtran",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aerohive",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "alcatel lucent",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "android open source",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "arch linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aruba",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "barracuda",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cambium",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "centos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cradlepoint",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cypress semiconductor",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dell",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "digi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "draytek",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "edimax computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "engenius",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "endian",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "espressif",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "extreme",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "f secure",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fortinet",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hostap",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ipfire",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lancom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lede",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lifx",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lenovo",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microchip",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mojo",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nest",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netbsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netgear",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opnsense",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "omnirom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "open mesh",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "peplink",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "riverbed",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ruckus",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "samsung mobile",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sonos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sony",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sophos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tp link",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "texas instruments",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba commerce",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba electronic devices storage",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba memory",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "turris omnia",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "volumio",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "watchguard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xiaomi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xirrus",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zebra",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dd wrt",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "eero",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pfsense",
            "version": null
          },
          {
            "_id": null,
            "model": "ubuntu",
            "scope": null,
            "trust": 0.8,
            "vendor": "canonical",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "leap",
            "scope": null,
            "trust": 0.8,
            "vendor": "opensuse",
            "version": null
          },
          {
            "_id": null,
            "model": "linux enterprise desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "_id": null,
            "model": "linux enterprise point of sale",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "_id": null,
            "model": "openstack cloud",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "_id": null,
            "model": "hostapd",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": "edge gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "_id": null,
            "model": "sr-m20ac1",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "_id": null,
            "model": "sr-m20ac2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "_id": null,
            "model": "alliance wi-fi protected access 2",
            "scope": null,
            "trust": 0.6,
            "vendor": "wi fi",
            "version": null
          },
          {
            "_id": null,
            "model": "alliance w1.f1 wpa supplicant",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wi fi",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "scalance w-700",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux desktop",
            "version": "12"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux server",
            "version": "11"
          },
          {
            "_id": null,
            "model": "atom processor c3200 series for yocto project bsp mr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.2"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "pyxis supplystation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "_id": null,
            "model": "sinamics smart access module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "v200"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.27.3264"
          },
          {
            "_id": null,
            "model": "meraki mr34",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ck71a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2.0"
          },
          {
            "_id": null,
            "model": "macbook air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18500"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "meraki mr26",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "28000"
          },
          {
            "_id": null,
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "_id": null,
            "model": "meraki mr84",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "510x0"
          },
          {
            "_id": null,
            "model": "windows server r2 for itanium-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "contact itc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "81130"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.0.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "_id": null,
            "model": "meraki mr18",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.3"
          },
          {
            "_id": null,
            "model": "scalance w1750d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "_id": null,
            "model": "secure ii med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "_id": null,
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "210x0"
          },
          {
            "_id": null,
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "_id": null,
            "model": "aironet access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "wap371 wireless-ac n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2090"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "_id": null,
            "model": "contact rad-80211-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "contact fl wlan dap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.1"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.25"
          },
          {
            "_id": null,
            "model": "pyxis medstation es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "_id": null,
            "model": "wireless ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88210"
          },
          {
            "_id": null,
            "model": "pyxis stockstation system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "_id": null,
            "model": "macbook",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.1"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.2"
          },
          {
            "_id": null,
            "model": "scalance wlc712",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "_id": null,
            "model": "contact fl wlan spa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "meraki mr62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "simatic et200 pro im154-6 pn iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tropos broadband mesh routers and bridges",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "abb",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.2"
          },
          {
            "_id": null,
            "model": "meraki mr33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "_id": null,
            "model": "micros handheld terminal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "0"
          },
          {
            "_id": null,
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.2"
          },
          {
            "_id": null,
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "_id": null,
            "model": "atom processor c3200 series for yocto project bsp mr4.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "110x0"
          },
          {
            "_id": null,
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "_id": null,
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.4"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "contact fl comserver wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "232/422/4850"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.8"
          },
          {
            "_id": null,
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7."
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1.91.3272"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.9"
          },
          {
            "_id": null,
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "230802-110"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "_id": null,
            "model": "meraki mr14",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18150"
          },
          {
            "_id": null,
            "model": "wireless client bridge 2.0.0.1-aruba501-b00",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "_id": null,
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.2"
          },
          {
            "_id": null,
            "model": "airport express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "meraki mr16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "clarity engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "meraki mr30h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "airport extreme",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "windows server r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.3"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "contact bl2 bpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "watch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "meraki mr32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "ruggedcom rx1400",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "_id": null,
            "model": "cn70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "_id": null,
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "_id": null,
            "model": "pyxis parx handheld",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.40.100"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "_id": null,
            "model": "windows rt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "meraki mr42",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.6"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.3"
          },
          {
            "_id": null,
            "model": "wap561 wireless-n dual radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.26.3000"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2016"
          },
          {
            "_id": null,
            "model": "contact rad-whg/wlan-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.3"
          },
          {
            "_id": null,
            "model": "wi-fi update for boot camp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.4.0"
          },
          {
            "_id": null,
            "model": "suremark printer 2nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.0.0"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.8"
          },
          {
            "_id": null,
            "model": "windows server for x64-based systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "pyxis supply roller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.3"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3"
          },
          {
            "_id": null,
            "model": "telepresence collaboration endpoint",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2.61.3535"
          },
          {
            "_id": null,
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "70xx0"
          },
          {
            "_id": null,
            "model": "imac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "meraki mr72",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.25.3001"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.4"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "meraki mr53",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "wap551 wireless-n single radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.0.0"
          },
          {
            "_id": null,
            "model": "wap121 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.0.1000"
          },
          {
            "_id": null,
            "model": "wireless client bridge 1.0.1.3-hp501-b0012",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "_id": null,
            "model": "i.roc ci70-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.0.0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.2"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "cn70e-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.0.0.0"
          },
          {
            "_id": null,
            "model": "meraki mr24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "suremark printer 1nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "_id": null,
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "50xx0"
          },
          {
            "_id": null,
            "model": "meraki mr74",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "090"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.15"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.1"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.20"
          },
          {
            "_id": null,
            "model": "anyconnect secure mobility client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.1"
          },
          {
            "_id": null,
            "model": "systems esp32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "_id": null,
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "_id": null,
            "model": "micros handheld terminal 2.03.0.0.021r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "38000"
          },
          {
            "_id": null,
            "model": "pyxis parx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dx70",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1.9"
          },
          {
            "_id": null,
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "_id": null,
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2141"
          },
          {
            "_id": null,
            "model": "pyxis anesthesia es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aironet series officeextend access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18100"
          },
          {
            "_id": null,
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.1"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.55.3000"
          },
          {
            "_id": null,
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "meraki mr66",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.1"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2131"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18300"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "_id": null,
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.0.50.1004"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.1.0"
          },
          {
            "_id": null,
            "model": "wap321 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "simatic iwlan-pb/link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aironet 1810w series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "meraki mr52",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "_id": null,
            "model": "meraki mr12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "airmesh msr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.20"
          },
          {
            "_id": null,
            "model": "watchos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "contact fl wlan ec",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.8"
          },
          {
            "_id": null,
            "model": "systems esp8266",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "pad-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.0.1205"
          },
          {
            "_id": null,
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88610"
          },
          {
            "_id": null,
            "model": "clarity engine",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0.0.1"
          },
          {
            "_id": null,
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15600"
          },
          {
            "_id": null,
            "model": "windows for 32-bit systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.5"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.2"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.8"
          },
          {
            "_id": null,
            "model": "windows for x64-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "_id": null,
            "model": "meraki mr58",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.2"
          },
          {
            "_id": null,
            "model": "pyxis parassist system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "_id": null,
            "model": "windows server for 32-bit systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "simatic mobile panel 277 iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "_id": null,
            "model": "pyxis medstation t2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.3"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.1"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.0.0"
          },
          {
            "_id": null,
            "model": "wi-fi update for boot camp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "_id": null,
            "model": "ipad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "30xx0"
          },
          {
            "_id": null,
            "model": "enterprise linux for power big endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "wireless client bridge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "5010"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "meraki mr11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.3"
          },
          {
            "_id": null,
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "35000"
          },
          {
            "_id": null,
            "model": "automation stratix 15.3 jc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "5100"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "_id": null,
            "model": "pyxis ciisafe workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "??0"
          },
          {
            "_id": null,
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.7"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.0.0"
          },
          {
            "_id": null,
            "model": "ipad air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "_id": null,
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "enterprise linux for scientific computing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1.71.3608"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.41.3024"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "dx80",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "contact bl2 ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "contact tpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "60130"
          },
          {
            "_id": null,
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1"
          },
          {
            "_id": null,
            "model": "ck70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.1"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.20"
          },
          {
            "_id": null,
            "model": "macbook pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10"
          },
          {
            "_id": null,
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.8"
          },
          {
            "_id": null,
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.4"
          },
          {
            "_id": null,
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.2"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.3"
          },
          {
            "_id": null,
            "model": "tab-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "_id": null,
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "macmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.16"
          },
          {
            "_id": null,
            "model": "contact fl wlan epa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "airport time capsule",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "alliance wpa2 (wi-fi protected access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wi fi",
            "version": "2)0"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.9"
          },
          {
            "_id": null,
            "model": "scalance wlc711",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ruggedcom rs9xxw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.15"
          },
          {
            "_id": null,
            "model": "networks unifi access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubiquiti",
            "version": "0"
          },
          {
            "_id": null,
            "model": "suremark printer 2cr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "_id": null,
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88650"
          },
          {
            "_id": null,
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.7"
          },
          {
            "_id": null,
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "_id": null,
            "model": "asa 5506w-x w/ firepower services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "_id": null,
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.9"
          },
          {
            "_id": null,
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3005"
          },
          {
            "_id": null,
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.0.0.0"
          },
          {
            "_id": null,
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2010"
          },
          {
            "_id": null,
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "17.04"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.2"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux desktop",
            "version": "7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.7.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.10"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.7.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux point of sale",
            "version": "11"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "12"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "openstack cloud",
            "version": "6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:canonical:ubuntu",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:debian:debian_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:freebsd:freebsd",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opensuse_project:leap",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:suse:linux_enterprise_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:suse:suse_linux_enterprise_point_of_sale",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:suse:linux_enterprise_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:suse:openstack_cloud",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:w1.fi:hostapd",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:w1.fi:wpa_supplicant",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:nec:nec_edge_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:sr-m20ac1",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:sr-m20ac2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Mathy Vanhoef from imec-DistriNet and KU Leuven.",
        "sources": [
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-13077",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CVE-2017-13077",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CNVD-2017-30406",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "69402209-7265-4991-8217-51ff9b4857be",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2017-13077",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-13077",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-13077",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-30406",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-380",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "69402209-7265-4991-8217-51ff9b4857be",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-13077",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or \"KRACK\" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The WPA2 wireless network has a PTK-TK key reload vulnerability in the fourth handshake. WPA2  is prone to multiple security weaknesses. \nExploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: wpa_supplicant security update\nAdvisory ID:       RHSA-2017:2907-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2017:2907\nIssue date:        2017-10-17\nCVE Names:         CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 \n                   CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 \n                   CVE-2017-13088 \n=====================================================================\n\n1. Summary:\n\nAn update for wpa_supplicant is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for\nWEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication\nmethods. They implement key negotiation with a WPA Authenticator for client\nstations and controls the roaming and IEEE 802.11 authentication and\nassociation of the WLAN driver. A remote attacker within Wi-Fi range\ncould exploit these attacks to decrypt Wi-Fi traffic or possibly inject\nforged Wi-Fi packets by manipulating cryptographic handshakes used by the\nWPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original reporter\nof these issues. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake\n1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake\n1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake\n1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it\n1500302 - CVE-2017-13086 wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake\n1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame\n1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\naarch64:\nwpa_supplicant-2.6-5.el7_4.1.aarch64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm\n\nppc64:\nwpa_supplicant-2.6-5.el7_4.1.ppc64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm\n\nppc64le:\nwpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm\n\ns390x:\nwpa_supplicant-2.6-5.el7_4.1.s390x.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-13077\nhttps://access.redhat.com/security/cve/CVE-2017-13078\nhttps://access.redhat.com/security/cve/CVE-2017-13080\nhttps://access.redhat.com/security/cve/CVE-2017-13082\nhttps://access.redhat.com/security/cve/CVE-2017-13086\nhttps://access.redhat.com/security/cve/CVE-2017-13087\nhttps://access.redhat.com/security/cve/CVE-2017-13088\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/kracks\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9\n\nAirPort Base Station Firmware Update 7.7.9 is now available and\naddresses the following:\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker within range may be able to execute arbitrary\ncode on the Wi-Fi chip\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA\nunicast/PTK clients (Key Reinstallation Attacks - KRACK)\nDescription: A logic issue existed in the handling of state\ntransitions. This was addressed with improved state management. \nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA\nmulticast/GTK clients (Key Reinstallation Attacks - KRACK)\nDescription: A logic issue existed in the handling of state\ntransitions. This was addressed with improved state management. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nFirmware version 7.7.9 is installed on AirPort Extreme or\nAirPort Time Capsule base stations with 802.11ac using\nAirPort Utility for Mac or iOS. \n\nAirPort Utility for Mac is a free download from\nhttps://support.apple.com/downloads/ and AirPort Utility for iOS\nis a free download from the App Store. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at\nKU Leuven\n\nInstallation note:\n\nWi-Fi Update for Boot Camp 6.4.0 may be obtained from Apple Software\nUpdate for Windows. Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant). \n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u1. \n\nFor the testing distribution (buster), these problems have been fixed\nin version 2:2.4-1.1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:2.4-1.1. \n\nWe recommend that you upgrade your wpa packages. ==========================================================================\nUbuntu Security Notice USN-3455-1\nOctober 16, 2017\n\nwpa vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in wpa_supplicant. \n\nSoftware Description:\n- wpa: client support for WPA and WPA2\n\nDetails:\n\nMathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly\nhandled WPA2. (CVE-2017-13077,\nCVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A remote attacker could use\nthis issue to cause a denial of service. (CVE-2016-4476)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A local attacker could use\nthis issue to cause a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-4477)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n  hostapd                         2.4-0ubuntu9.1\n  wpasupplicant                   2.4-0ubuntu9.1\n\nUbuntu 16.04 LTS:\n  hostapd                         2.4-0ubuntu6.2\n  wpasupplicant                   2.4-0ubuntu6.2\n\nUbuntu 14.04 LTS:\n  hostapd                         2.1-0ubuntu1.5\n  wpasupplicant                   2.1-0ubuntu1.5\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201711-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: hostapd and wpa_supplicant: Key Reinstallation (KRACK)\n           attacks\n     Date: November 10, 2017\n     Bugs: #634436, #634438\n       ID: 201711-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA flaw was discovered in the 4-way handshake in hostapd and\nwpa_supplicant that allows attackers to conduct a Man in the Middle\nattack. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-wireless/hostapd         \u003c 2.6-r1                  \u003e= 2.6-r1 \n  2  net-wireless/wpa_supplicant\n                                  \u003c 2.6-r3                  \u003e= 2.6-r3 \n    -------------------------------------------------------------------\n     2 affected packages\n\nDescription\n===========\n\nWiFi Protected Access (WPA and WPA2) and it\u0027s associated technologies\nare all vulnerable to the KRACK attacks. Please review the referenced\nCVE identifiers for details. \n\nImpact\n======\n\nAn attacker can carry out the KRACK attacks on a wireless network in\norder to gain access to network clients. Once achieved, the attacker\ncan potentially harvest confidential information (e.g. HTTP/HTTPS),\ninject malware, or perform a myriad of other attacks. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll hostapd users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-wireless/hostapd-2.6-r1\"\n\nAll wpa_supplicant users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=net-wireless/wpa_supplicant-2.6-r3\"\n\nReferences\n==========\n\n[  1 ] CVE-2017-13077\n       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077\n[  2 ] CVE-2017-13078\n       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078\n[  3 ] CVE-2017-13079\n       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079\n[  4 ] CVE-2017-13080\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-17:07.wpa                                        Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          WPA2 protocol vulnerability\n\nCategory:       contrib\nModule:         wpa\nAnnounced:      2017-10-16\nCredits:        Mathy Vanhoef\nAffects:        All supported versions of FreeBSD. \nCorrected:      2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE)\n                2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2)\n                2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13)\n                2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE)\n                2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1)\n                2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22)\nCVE Name:       CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n                CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n                CVE-2017-13086, CVE-2017-13087, CVE-2017-13088\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\n0.   Revision history\n\nv1.0  2017-10-17 Initial release. \nv1.1  2017-10-19 Add patches for 10.x releases. \n\nI. \n\nhostapd and wpa_supplicant are implementations of user space daemon for\naccess points and wireless client that implements the WPA2 protocol. \n\nII.  Problem Description\n\nA vulnerability was found in how a number of implementations can be\ntriggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by\nreplaying a specific frame that is used to manage the keys. \n\nIII. Impact\n\nSuch reinstallation of the encryption key can result in two different\ntypes of vulnerabilities: disabling replay protection and significantly\nreducing the security of encryption to the point of allowing frames to\nbe decrypted or some parts of the keys to be determined by an attacker\ndepending on which cipher is used. \n\nIV.  Workaround\n\nAn updated version of wpa_supplicant is available in the FreeBSD Ports\nCollection. Install version 2.6_2 or later of the\nsecurity/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf\nto use the new binary:\n\nwpa_supplicant_program=\"/usr/local/sbin/wpa_supplicant\"\n\nand restart networking. \n\nAn updated version of hostapd is available in the FreeBSD Ports\nCollection. Install version 2.6_1 or later of the net/hostapd port/pkg. \nOnce installed, update /etc/rc.conf to use the new binary:\n\nhostapd_program=\"/usr/local/sbin/hostapd\"\n\nand restart hostapd. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart the Wi-Fi network interfaces/hostapd or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart the Wi-Fi network interfaces/hostapd or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc\n# gpg --verify wpa-11.patch.asc\n\n[FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc\n# gpg --verify wpa-10.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the applicable daemons, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/11/                                                        r324697\nreleng/11.0/                                                      r324698\nreleng/11.1/                                                      r324699\nstable/10/                                                        r324739\nreleng/10.3/                                                      r324740\nreleng/10.4/                                                      r324741\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\u003e\n\u003cURL:https://www.krackattacks.com/\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD\nRjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P\nauc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf\nuJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/\nF/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp\ngN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM\n4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0\nVpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd\nOAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O\ny7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K\nxfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr\nSdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K\nETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE=\n=h/5q\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz:  Upgraded. \n  This update includes patches to mitigate the WPA2 protocol issues known\n  as \"KRACK\" (Key Reinstallation AttaCK), which may be used to decrypt data,\n  hijack TCP connections, and to forge and inject packets. \n  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)\n    Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)\n    while processing it. \n  For more information, see:\n    https://www.krackattacks.com/\n    https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd8ecfaadb50b3547967ab53733ffc019  wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nf25216d28800504ce498705da7c9a825  wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n15c61050e4bab2581757befd86be74c0  wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n49fd537a520338744f7757615556d352  wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc5539f40c8510af89be92945f0f80185  wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n4c527ff84fcdfd7839f217bbce2e4ae4  wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n28bd88a54e96368f7a7020c1f5fb67fe  n/wpa_supplicant-2.6-i586-2.txz\n\nSlackware x86_64 -current package:\n464fc6b48d1ac077f47e9a3a8534c160  n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          }
        ],
        "trust": 4.23
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-13077",
            "trust": 4.5
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "101274",
            "trust": 2.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-17420",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1039577",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039576",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039581",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039578",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039585",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039573",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1041432",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-003",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-005",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-901333",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-114-01",
            "trust": 1.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-19-029-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-353-02",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-325-01",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380",
            "trust": 0.8
          },
          {
            "db": "JUNIPER",
            "id": "JSA10827",
            "trust": 0.8
          },
          {
            "db": "DLINK",
            "id": "SAP10075",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02A",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU94846424",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU90609033",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4125",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-299-02",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51FF9B4857BE",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144652",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145394",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145395",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "148445",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144630",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144632",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144944",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144669",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144663",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "id": "VAR-201710-0206",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          }
        ],
        "trust": 1.4306096569230768
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          }
        ]
      },
      "last_update_date": "2026-04-10T22:39:00.479000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "ARUBA-PSA-2017-007",
            "trust": 0.8,
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
          },
          {
            "title": "DSA-3999",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2017/dsa-3999"
          },
          {
            "title": "FreeBSD-SA-17:07.wpa",
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:07.wpa.asc"
          },
          {
            "title": "LEN-17420",
            "trust": 0.8,
            "url": "https://support.lenovo.com/jp/en/product_security/len-17420"
          },
          {
            "title": "NV17-024",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv17-024.html"
          },
          {
            "title": "KRACKs - wpa_supplicant Multiple Vulnerabilities",
            "trust": 0.8,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "title": "RHSA-2017:2907",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/RHSA-2017:2907"
          },
          {
            "title": "RHSA-2017:2911",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/RHSA-2017:2911"
          },
          {
            "title": "USN-3455-1",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/USN-3455-1/"
          },
          {
            "title": "WPA packet number reuse with replayed messages and key reinstallation",
            "trust": 0.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "title": "Wi-Fi\u306e\u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306e\u8907\u6570\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.fujitsu.com/jp/products/network/support/2017/srm-01/index.html"
          },
          {
            "title": "WPA2\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u5f0a\u793e\u8abf\u67fb\u30fb\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wpa2/"
          },
          {
            "title": "\u7121\u7ddaLAN \u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306e\u304a\u77e5\u3089\u305b",
            "trust": 0.8,
            "url": "http://www.fmworld.net/biz/common/info/20171110/"
          },
          {
            "title": "Patch for WPA2 Wireless Network PTK-TK Encryption Key Reload Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/103818"
          },
          {
            "title": "Multiple WiFi product WPA2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75494"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172911 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172907 - Security Advisory"
          },
          {
            "title": "Red Hat: CVE-2017-13077",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-13077"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-13077"
          },
          {
            "title": "Apple: Wi-Fi Update for Boot Camp 6.4.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4dc3bb86865485e4364fd6b2dc2fc379"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.7.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7ca8130f8030911575aa17c0e84114dd"
          },
          {
            "title": "Apple: watchOS 4.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=345c3fa8a313cd9a1ced5ef372c465c4"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.6.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=43d8dcf7961e20b6ec02761d12969c19"
          },
          {
            "title": "Debian CVElist Bug Report Logs: firmware-brcm80211: BroadPwn vulnerability CVE-2017-9417",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2e0affd9108e95fa2aa2c706c74cd8a9"
          },
          {
            "title": "Ubuntu Security Notice: wpa vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3455-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3999-1 wpa -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=08990d9925276738bd732fa4d58f9ef0"
          },
          {
            "title": "Apple: tvOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7a8e908aff7c02a31b2d335766e6d5c2"
          },
          {
            "title": "Apple: iOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7814c280e80969d4c4d88f74b13290f2"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-23] hostapd: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201710-23"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-22] wpa_supplicant: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201710-22"
          },
          {
            "title": "HP: HPSBPI03574 rev. 1 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03574"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=6df91267eee9400a24a98876f50ffe84"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014May 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=170d2de05a0349ffa4f579ee79da1e9d"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014November 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=8c29eb008bb212762e5cfb25c7c5c0d5"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20171016-wpa"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=25584b3d319ca9e7cb2fae9ec5dbf5e0"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014June 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=cc496c56e2bf669809bfb568f59af8e1"
          },
          {
            "title": "HP: HPSBHF03571 rev. 6  -  Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03571"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
          },
          {
            "title": "Apple: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=870f3f04ef17f7b183f74ae687a1561d"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014April 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=068d787c35ce8cea494780f9a47b5827"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
          },
          {
            "title": "vanhoefm-krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/84KaliPleXon3/vanhoefm-krackattacks-scripts "
          },
          {
            "title": "krankattack",
            "trust": 0.1,
            "url": "https://github.com/DevKosov/krankattack "
          },
          {
            "title": "krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/vanhoefm/krackattacks-scripts "
          },
          {
            "title": "KRACK",
            "trust": 0.1,
            "url": "https://github.com/chinatso/KRACK "
          },
          {
            "title": "krackinfo",
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo "
          },
          {
            "title": "nixos-issue-db-example",
            "trust": 0.1,
            "url": "https://github.com/andir/nixos-issue-db-example "
          },
          {
            "title": "SamsungReleaseNotes",
            "trust": 0.1,
            "url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
          },
          {
            "title": "welivesecurity",
            "trust": 0.1,
            "url": "https://www.welivesecurity.com/2019/10/17/alexa-how-amazon-echo-kindle-got-kracked/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/millions-of-amazon-echo-and-kindle-devices-affected-by-wifi-bug/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/11/07/android_november_security_update/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/10/16/wpa2_inscure_krackattack/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-330",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.krackattacks.com/"
          },
          {
            "trust": 3.3,
            "url": "https://source.android.com/security/bulletin/2017-11-01"
          },
          {
            "trust": 2.9,
            "url": "http://www.securityfocus.com/bid/101274"
          },
          {
            "trust": 2.8,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "trust": 2.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171016-wpa"
          },
          {
            "trust": 2.6,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "trust": 2.5,
            "url": "http://www.debian.org/security/2017/dsa-3999"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/228519"
          },
          {
            "trust": 2.1,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "trust": 2.1,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "trust": 2.0,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "trust": 1.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-3455-1"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039585"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039581"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039578"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039577"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039573"
          },
          {
            "trust": 1.7,
            "url": "https://support.lenovo.com/us/en/product_security/len-17420"
          },
          {
            "trust": 1.7,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/201711-03"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208222"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208221"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208220"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208219"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "trust": 1.7,
            "url": "https://source.android.com/security/bulletin/2018-04-01"
          },
          {
            "trust": 1.7,
            "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03792en_us"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-003"
          },
          {
            "trust": 1.7,
            "url": "https://source.android.com/security/bulletin/2018-06-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1041432"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
          },
          {
            "trust": 1.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13077"
          },
          {
            "trust": 1.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-114-01"
          },
          {
            "trust": 1.1,
            "url": "https://papers.mathyvanhoef.com/ccs2017.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://w1.fi/security/2017-1/"
          },
          {
            "trust": 1.1,
            "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00101\u0026languageid=en-fr"
          },
          {
            "trust": 1.1,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-13080"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-02"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-01"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-325-01"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-19-029-01"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13078"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13077"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/323.html"
          },
          {
            "trust": 0.8,
            "url": "https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-krack-vulnerability"
          },
          {
            "trust": 0.8,
            "url": "https://www3.aerohive.com/support/security-bulletins/product-security-announcement-aerohives-response-to-krack-10162017.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.al-enterprise.com/en/support/security-alert-krack"
          },
          {
            "trust": 0.8,
            "url": "https://support.apple.com/en-gb/ht208222"
          },
          {
            "trust": 0.8,
            "url": "https://security.archlinux.org/avg-447"
          },
          {
            "trust": 0.8,
            "url": "https://www.asus.com/static_webpage/asus-product-security-advisory/"
          },
          {
            "trust": 0.8,
            "url": "https://community.barracudanetworks.com/forum/index.php?/topic/23525-security-advisories/page-2"
          },
          {
            "trust": 0.8,
            "url": "https://lists.centos.org/pipermail/centos-announce/2017-october/022569.html"
          },
          {
            "trust": 0.8,
            "url": "https://community.cypress.com/docs/doc-13871"
          },
          {
            "trust": 0.8,
            "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10075"
          },
          {
            "trust": 0.8,
            "url": "http://www.dell.com/support/article/sln307822"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/espressif/esp8266_nonos_sdk"
          },
          {
            "trust": 0.8,
            "url": "https://extremeportal.force.com/extrarticledetail?n=000018005"
          },
          {
            "trust": 0.8,
            "url": "https://bodhi.fedoraproject.org/updates/fedora-2017-60bfb576b7"
          },
          {
            "trust": 0.8,
            "url": "http://www.fortiguard.com/psirt/fg-ir-17-196"
          },
          {
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 0.8,
            "url": "https://bugs.gentoo.org/634440"
          },
          {
            "trust": 0.8,
            "url": "https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null\u0026doclocale=en_us\u0026docid=emr_na-a00029151en_us"
          },
          {
            "trust": 0.8,
            "url": "https://kb.juniper.net/jsa10827"
          },
          {
            "trust": 0.8,
            "url": "https://support.lenovo.com/ca/en/product_security/len-17420"
          },
          {
            "trust": 0.8,
            "url": "http://www.microchip.com/wwwproducts/en/atwinc1500"
          },
          {
            "trust": 0.8,
            "url": "http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html"
          },
          {
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049498/security-advisory-for-wpa-2-vulnerabilities-psv-2017-2826-psv-2017-2836-psv-2017-2837"
          },
          {
            "trust": 0.8,
            "url": "https://forum.peplink.com/t/security-advisory-wpa2-vulnerability-vu-228519/12715"
          },
          {
            "trust": 0.8,
            "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-101617-v1.0.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://www.suse.com/de-de/support/kb/doc/?id=7022107"
          },
          {
            "trust": 0.8,
            "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---wpa-and-wpa2-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "http://www.slackware.com/changelog/stable.php?cpu=x86_64"
          },
          {
            "trust": 0.8,
            "url": "https://community.sophos.com/kb/en-us/127658"
          },
          {
            "trust": 0.8,
            "url": "https://www.toshibacommerce.com/wps/myportal/%21ut/p/a1/rzrnc8igeiz_sw8egqhjcdmmwr8abw2dqcnfoyqotidrrk399uxrrwotuzgws7a87y6z88iuzmcq2u4uwcnlzypjnjj5-exr_wnhya-laxtrid-j3uchdtb8gylmuw6qzgktovtowsrrqlrs6-8dbeqhwc1mykqnlabgdjlf1yjvn7i5af4qtdwsn2tri7j"
          },
          {
            "trust": 0.8,
            "url": "http://www.toshiba-personalstorage.net/en/news/hdd/ot_notice/20171017.htm"
          },
          {
            "trust": 0.8,
            "url": "http://support.toshiba.com/support/staticcontentdetail?contentid=4015875\u0026isfromtoclink=false"
          },
          {
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/unifi-updates-blog/firmware-3-9-3-7537-for-uap-usw-has-been-released/ba-p/2099365"
          },
          {
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "trust": 0.8,
            "url": "http://en.miui.com/thread-954223-1-1.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.zebra.com/content/dam/zebra_new_ia/en-us/support-and-downloads/lifeguard-security/krack-security-bulletin.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_wpa2_key_management.shtml"
          },
          {
            "trust": 0.8,
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk120938"
          },
          {
            "trust": 0.8,
            "url": "https://community.rsa.com/docs/doc-84103"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k23642330"
          },
          {
            "trust": 0.8,
            "url": "https://forum.mikrotik.com/viewtopic.php?f=21\u0026t=126695"
          },
          {
            "trust": 0.8,
            "url": "https://community.linksys.com/t5/wireless-routers/krack-vulnerability/td-p/1218573"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13080"
          },
          {
            "trust": 0.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02a"
          },
          {
            "trust": 0.8,
            "url": "https://www.ipa.go.jp/security/ciadr/vul/20171017_wpa2.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94846424/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu90609033/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.kb.cert.org/vuls/id/cheu-aqnmyp"
          },
          {
            "trust": 0.6,
            "url": "https://www.kb.cert.org/vuls/id/228519/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4125/"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13082"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13087"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13086"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13088"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13079"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13077"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13078"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13080"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13082"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13086"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13087"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13088"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13081"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/stevenhoneyman/wpa_gui/tree/master/wpa_supplicant-2.4"
          },
          {
            "trust": 0.3,
            "url": "http://www.wi-fi.org/index.php"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-ie/ht208847"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208334"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208327"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208325"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00009.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00008.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00000.html"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13079"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13081"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13084"
          },
          {
            "trust": 0.3,
            "url": "http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-299-02"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9417"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht208038"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4476"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4477"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu9.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13078"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13079"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13077"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-10.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.krackattacks.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-11.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-11.patch"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-10.patch"
          },
          {
            "trust": 0.1,
            "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13078"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13080"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13082"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13087"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13081"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13086"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13088"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13079"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077",
            "ident": null
          },
          {
            "db": "BID",
            "id": "101274",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144652",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "145394",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "145395",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "148445",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144630",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144632",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144944",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144669",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "144663",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-10-17T00:00:00",
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be",
            "ident": null
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519",
            "ident": null
          },
          {
            "date": "2017-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30406",
            "ident": null
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13077",
            "ident": null
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "BID",
            "id": "101274",
            "ident": null
          },
          {
            "date": "2017-10-17T16:52:00",
            "db": "PACKETSTORM",
            "id": "144652",
            "ident": null
          },
          {
            "date": "2017-12-13T03:33:33",
            "db": "PACKETSTORM",
            "id": "145394",
            "ident": null
          },
          {
            "date": "2017-12-13T04:44:44",
            "db": "PACKETSTORM",
            "id": "145395",
            "ident": null
          },
          {
            "date": "2018-07-05T23:02:22",
            "db": "PACKETSTORM",
            "id": "148445",
            "ident": null
          },
          {
            "date": "2017-10-16T13:49:34",
            "db": "PACKETSTORM",
            "id": "144630",
            "ident": null
          },
          {
            "date": "2017-10-16T23:23:00",
            "db": "PACKETSTORM",
            "id": "144632",
            "ident": null
          },
          {
            "date": "2017-11-10T19:19:00",
            "db": "PACKETSTORM",
            "id": "144944",
            "ident": null
          },
          {
            "date": "2017-10-19T14:28:55",
            "db": "PACKETSTORM",
            "id": "144669",
            "ident": null
          },
          {
            "date": "2017-10-18T20:44:00",
            "db": "PACKETSTORM",
            "id": "144663",
            "ident": null
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-380",
            "ident": null
          },
          {
            "date": "2017-10-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008412",
            "ident": null
          },
          {
            "date": "2017-10-17T02:29:00.207000",
            "db": "NVD",
            "id": "CVE-2017-13077",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-11-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519",
            "ident": null
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30406",
            "ident": null
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13077",
            "ident": null
          },
          {
            "date": "2019-02-21T09:00:00",
            "db": "BID",
            "id": "101274",
            "ident": null
          },
          {
            "date": "2020-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-380",
            "ident": null
          },
          {
            "date": "2019-02-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008412",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-13077",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "security feature problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-1805

    Vulnerability from variot - Updated: 2026-04-10 22:36

    Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. 7) - noarch, x86_64

    Bug Fix(es):

    • proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)

    Additional changes:

    • To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.

    On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.

    If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:

    LimitRequestBody 2147483648

    Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.

    For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.

    For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.

    We recommend that you upgrade your apache2 packages.

    For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary:

    An update for httpd is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    Security Fix(es):

    • httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)

    • httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)

    • httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

    • httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content

    1. Package List:

    Red Hat Enterprise Linux Client Optional (v. 7):

    Source: httpd-2.4.6-97.el7_9.4.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm

    x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    Source: httpd-2.4.6-97.el7_9.4.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm

    x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: httpd-2.4.6-97.el7_9.4.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm

    ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm

    ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm

    s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm

    x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm

    ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm

    s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm

    x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: httpd-2.4.6-97.el7_9.4.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm

    x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64


    1. Gentoo Linux Security Advisory GLSA 202208-20

                                           https://security.gentoo.org/
    

    Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20


    Synopsis

    Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Apache HTTPD users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"

    All Apache HTTPD tools users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"

    References

    [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202208-20

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-4 September 28, 2021

    apache2 regression

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 16.04 ESM

    Summary:

    USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

    Original advisory details:

    James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798)

    Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275)

    It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm3 apache2-bin 2.4.18-2ubuntu3.17+esm3

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.2"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core network function cloud native environment",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.10.0"
          },
          {
            "_id": null,
            "model": "storagegrid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.48"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "ruggedcom nms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "sinec nms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "sinema server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.3"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.1"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.5.0.0"
          },
          {
            "_id": null,
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4.0.0"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "tenable.sc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "5.19.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "brocade fabric operating system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "apache",
            "version": "\u003c=2.4.48"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Siemens reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-34798",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-34798",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-03223",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-395042",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-34798",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-34798",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-03223",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202109-1109",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-395042",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-34798",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: httpd security update\nAdvisory ID:       RHSA-2022:0143-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0143\nIssue date:        2022-01-17\nCVE Names:         CVE-2021-26691 CVE-2021-34798 CVE-2021-39275\n                   CVE-2021-44790\n====================================================================\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: mod_session: Heap overflow via a crafted SessionHeader value\n(CVE-2021-26691)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.4.s390x.rpm\nmod_session-2.4.6-97.el7_9.4.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.4.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w\nivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY\nrAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS\niQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq\nH4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC\nOcc84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4\nAiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon\ngYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ\n7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q\nOueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73\nqFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4\n5VjPyLrWg5U=TyMo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Apache HTTPD: Multiple Vulnerabilities\n     Date: August 14, 2022\n     Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n       ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n      https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n      https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n      https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n      https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n      https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n      https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n      https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5090-4\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n \n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n \n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  apache2                         2.4.18-2ubuntu3.17+esm3\n  apache2-bin                     2.4.18-2ubuntu3.17+esm3\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "165587"
          },
          {
            "db": "PACKETSTORM",
            "id": "166321"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-34798",
            "trust": 3.2
          },
          {
            "db": "TENABLE",
            "id": "TNS-2021-17",
            "trust": 1.8
          },
          {
            "db": "MCAFEE",
            "id": "SB10379",
            "trust": 1.8
          },
          {
            "db": "SIEMENS",
            "id": "SSA-685781",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "165587",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166321",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168072",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168565",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-06",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164329",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012040",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101308",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022030119",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092301",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051316",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031528",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022011749",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021091707",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101513",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101922",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101005",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060624",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101101",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042112",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112902",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3229",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3405",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3341",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.7",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3148",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3591",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0850",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3482",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2978",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.5",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2352",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0217",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3357",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3250",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3387",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-132-02",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "164318",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169132",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164307",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "165587"
          },
          {
            "db": "PACKETSTORM",
            "id": "166321"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "id": "VAR-202109-1805",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          }
        ],
        "trust": 1.3031922749999998
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          }
        ]
      },
      "last_update_date": "2026-04-10T22:36:56.215000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Patch for Apache HTTP Server Code Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/313156"
          },
          {
            "title": "Apache HTTP Server Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=171210"
          },
          {
            "title": "Red Hat: Moderate: httpd:2.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220891 - Security Advisory"
          },
          {
            "title": "Red Hat: CVE-2021-34798",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-34798"
          },
          {
            "title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-34798 log"
          },
          {
            "title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-17"
          },
          {
            "title": "Brocade Security Advisories: CVE-2021-34798. NULL pointer dereference in httpd core.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=2142ed2ad0c6564b6dfdd2779d3117ce"
          },
          {
            "title": "Brocade Security Advisories: Access Denied",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=3499da969fe529a2e6d5812690c8f102"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2021-1543",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2021-1716",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
          },
          {
            "title": "PROJET TUTEURE",
            "trust": 0.1,
            "url": "https://github.com/PierreChrd/py-projet-tut "
          },
          {
            "title": "Tier 0\nTier 1\nTier 2",
            "trust": 0.1,
            "url": "https://github.com/Totes5706/TotesHTB "
          },
          {
            "title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
            "trust": 0.1,
            "url": "https://github.com/kasem545/vulnsearch "
          },
          {
            "title": "Skynet",
            "trust": 0.1,
            "url": "https://github.com/bioly230/THM_Skynet "
          },
          {
            "title": "Shodan Search Script",
            "trust": 0.1,
            "url": "https://github.com/firatesatoglu/shodanSearch "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://security.gentoo.org/glsa/202208-20"
          },
          {
            "trust": 1.8,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenable.com/security/tns-2021-17"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2021/dsa-4982"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
          },
          {
            "trust": 1.7,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10379"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
          },
          {
            "trust": 1.2,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
          },
          {
            "trust": 1.2,
            "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 1.2,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2021-34798"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-34798"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 0.6,
            "url": "http://"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051316"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022030119"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031528"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3405"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166321/red-hat-security-advisory-2022-0891-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112902"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060624"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2352"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0217"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0850"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6520016"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012040"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022011749"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042112"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101922"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101308"
          },
          {
            "trust": 0.6,
            "url": "httpd-2.4.49-vwl69swq"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101101"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3482"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://ubuntu.com/security/notices/usn-5090-1"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/errata/rhsa-2022:0891"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10379"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/476.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/totes5706/toteshtb"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/6975397"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30556"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28614"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6753"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28615"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29404"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26377"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/apache2"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44790"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0143"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/xxxxxx"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "165587"
          },
          {
            "db": "PACKETSTORM",
            "id": "166321"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168565",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169132",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165587",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166321",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168072",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164307",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164329",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03223",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-395042",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-34798",
            "ident": null
          },
          {
            "date": "2022-09-30T14:51:18",
            "db": "PACKETSTORM",
            "id": "168565",
            "ident": null
          },
          {
            "date": "2021-10-28T19:12:00",
            "db": "PACKETSTORM",
            "id": "169132",
            "ident": null
          },
          {
            "date": "2022-01-17T16:53:40",
            "db": "PACKETSTORM",
            "id": "165587",
            "ident": null
          },
          {
            "date": "2022-03-15T15:50:26",
            "db": "PACKETSTORM",
            "id": "166321",
            "ident": null
          },
          {
            "date": "2022-08-15T16:02:48",
            "db": "PACKETSTORM",
            "id": "168072",
            "ident": null
          },
          {
            "date": "2021-09-28T15:13:59",
            "db": "PACKETSTORM",
            "id": "164307",
            "ident": null
          },
          {
            "date": "2021-09-28T15:06:35",
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "date": "2021-09-29T14:50:01",
            "db": "PACKETSTORM",
            "id": "164329",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1109",
            "ident": null
          },
          {
            "date": "2021-09-16T15:15:07.267000",
            "db": "NVD",
            "id": "CVE-2021-34798",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03223",
            "ident": null
          },
          {
            "date": "2022-10-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-395042",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-34798",
            "ident": null
          },
          {
            "date": "2023-02-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1109",
            "ident": null
          },
          {
            "date": "2023-11-07T03:36:26.910000",
            "db": "NVD",
            "id": "CVE-2021-34798",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "_id": null,
        "data": "Apache HTTP Server Code Issue Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          }
        ],
        "trust": 0.6
      }
    }