This Integration is part of the Qualys Pack.

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Qualys VMDR lets you create, run, fetch and manage reports, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance. This integration was integrated and tested with version 2.0 of QualysVulnerabilityManagement

Changes compared to V1

Changes in commands

1. qualys-vm-scan-launch command - Added new parameters and outputs.
2. qualys-ip-add - Added new parameters and outputs.
3. qualys-ip-update - Added new parameters and changed existing parameters, added new outputs.
4. qualys-virtual-host-manage - Added new parameters and outputs.
5. qualys-host-excluded-manage - Changed existing parameters, added new outputs.
6. qualys-vulnerability-list - Added new parameters, added new outputs.
7. qualys-vm-scan-fetch - Added new parameters, changed context paths of outputs.
8. qualys-pc-scan-fetch - Added outputs.
9. qualys-report-list - Added new parameters, changed context paths of outputs.
10. qualys-ip-list - Added new parameters, changed context paths of outputs.
11. qualys-vm-scan-list - Removed context paths.
12. qualys-scap-scan-list - Added new parameters, changed existing parameters, changed context paths.
13. qualys-ip-restricted-list - New command.
14. qualys-host-excluded-list - Added new parameters, added new outputs.
15. qualys-report-fetch - Added new parameters, added new outputs.
16. qualys-report-cancel - Added new outputs.
17. qualys-group-list - Added new parameters, changed existing parameters, changed context paths.
18. qualys-report-launch-compliance-policy - changed existing parameters.
19. qualys-report-launch-remediation - changed existing parameters.
20. qualys-report-launch-patch - changed existing parameters.
21. qualys-report-launch-compliance - changed existing parameters.
22. qualys-report-launch-scan-based-findings - changed existing parameters.
23. qualys-report-launch-host-based-findings - changed existing parameters.
24. qualys-vm-scan-action - Removed output.
25. qualys-pc-scan-list - Added new parameters, changed existing parameters, changed outputs.
26. qualys-pc-scan-launch - changed outputs.
27. qualys-pc-scan-manage - changed outputs.
28. qualys-schedule-scan-list - Added new parameters, changed outputs.
29. qualys-host-list - Added new parameters, changed existing parameters, changed outputs.
30. qualys-virtual-host-list - Added new parameters, changed outputs.
31. qualys-scheduled-report-list - Added new parameters, changed existing parameters, changed outputs.
32. qualys-report-template-list - Added new parameters, changed outputs.
33. qualys-report-launch-map - Changed existing parameters.
34. qualys-ip-restricted-manage - New command.
35. qualys-purge-scan-host-data - New command.

Playbooks

1. Vulnerability Management - Qualys (Job) - migrated to work with this new version
2. New playbook - qualys-pc-scan-launch-and-fetch
3. New playbook - qualys-report-launch-compliance-and-fetch
4. New playbook - qualys-vm-scan-launch-and-fetch.yml
5. New playbook - qualys-report-launch-scan-based-findings-and-fetch.yml
6. New playbook - qualys-scheduled-report-launch-and-fetch.yml
7. New playbook - qualys-report-launch-remediation-and-fetch.yml
8. New playbook - qualys-report-launch-patch-and-fetch.yml
9. New playbook - qualys-report-launch-map-and-fetch.yml
10. New playbook - qualys-report-launch-host-based-findings-and-fetch.yml
11. New playbook - qualys-report-launch-compliance-policy-and-fetch.yml

Configure Qualys VMDR in Cortex

1. Navigate to Settings > Integrations > Servers & Services.

2. Search for Qualys VMDR.

3. Click Add instance to create and configure a new integration instance.

   Name	Description	Required
   Server URL	When using asset-tag commands, the official documentation recommends that the SERVER URL parameter should be in the following format: https://qualysapi.<tenant>.apps.qualys.com/<end-point>.	True
   Username		True
   Trust any certificate (not secure)		False
   Use system proxy settings		False
   Fetch Events		False
   Event first fetch time	Available on Cortex XSIAM only. If "First event fetch time" is set for a long time ago, it may cause performance issues.	False
   Event Fetch Limit	Available in Cortex XSIAM only. Maximum number of events to fetch per fetch iteration.	False
   Events Fetch Interval	Available in Cortex XSIAM only.	False
   Fetch Assets and Vulnerabilities	Available in Cortex XSIAM only. Whether to fetch host list detections (assets) and vulnerabilites.	False
   Assets and Vulnerabilities Fetch Interval	Available in Cortex XSIAM only. The fetch interval for assets and vulnerabilities. It is recommended to set it to 24 hours. Interval lower then 1 hour is not supported. Default is 1 day.	False
   Fetch Vulnerabilities Behavior	Available in Cortex XSIAM only. Default is Fetch by last modified date.	False

4. Click Test to validate the URLs, token, and connection.

Notes

When configuring the integration instance, selecting the "Fetch by last modified date" option in the Fetch Vulnerabilities Behavior dropdown fetches all assets and vulnerabilities from the last 90 days.

To fetch only vulnerabilities by unique QIDs relevant to the assets regardless of the vulnerability modified time, choose the "Fetch by unique QIDs of assets" option.

Asset Tag Commands

The API endpoints in the Qualys API that can be used depend on the value of the Server URL parameter in the integration instance configuration. When using asset-tag commands, the official documentation recommends that the Server URL parameter be in the following format: https://qualysapi.<tenant>.apps.qualys.com/<end-point>.

Commands

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

qualys-ip-list

---

View a list of IP addresses in the user account.

Base Command

qualys-ip-list

Input

Argument Name	Description	Required
ips	Show only certain IP addresses/ranges.	Optional
network_id	Restrict the request to a certain custom network ID.	Optional
tracking_method	Show only IP addresses/ranges which have a certain tracking method. Possible values are: IP, DNS, NETBIOS.	Optional
compliance_enabled	Specify 1 to list compliance IP addresses in the user’s account. These hosts are assigned to the policy compliance module. Specify 0 to get host that are not assigned to the policy compliance module. Possible values are: 0, 1.	Optional
certview_enabled	(Optional) Specify 1 to list IP addresses in the user’s account assigned to the Certificate View module. Specify 0 to list IP addresses that are not assigned to the Certificate View module. Note - This option will be supported when Certificate View GA is released and is enabled for your account. Possible values are: 0, 1.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.IP.Address	unknown	IP addresses.
Qualys.IP.Range	unknown	IP range.

Command Example

!qualys-ip-list ips=1.1.1.1-1.1.1.5 compliance_enabled=1 certview_enabled=1

Context Example

{

"Qualys": {

"IP": {

"Address": [

"1.1.1.1",

"1.1.1.3"

]

}

}

}

Human Readable Output

ip
1.1.1.1
1.1.1.3

qualys-report-list

---

Get a list of generated reports in the system

Base Command

qualys-report-list

Input

Argument Name	Description	Required
id	Specify a report ID of a report that is saved in the Report Share storage space.	Optional
state	Specify reports with a certain state. Possible values are: Running, Finished, Canceled, Errors.	Optional
user_login	Specify a user login ID to get reports launched by the specified user login ID.	Optional
expires_before_datetime	Specify the date and time to get only reports that expire before it. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
client_id	(Optional) Id assigned to the client (Consultant type subscriptions).	Optional
client_name	(Optional) Name of the client (Consultant type subscriptions). Note, The client_id and client_name parameters are mutually exclusive and cannot be specified together in the same request.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.Report.ID	String	Report ID.
Qualys.Report.TITLE	unknown	Report title.
Qualys.Report.TYPE	unknown	Report type.
Qualys.Report.LAUNCH_DATETIME	unknown	Date and time the report launched.
Qualys.Report.OUTPUT_FORMAT	unknown	Report output format.
Qualys.Report.SIZE	unknown	Report size.
Qualys.Report.STATUS.STATE	unknown	Report state status.
Qualys.Report.STATUS.MESSAGE	unknown	Report status message.
Qualys.Report.STATUS.PERCENT	unknown	Report status percent.
Qualys.Report.EXPIRATION_DATETIME	unknown	Report expiration datetime.

Command Example

!qualys-report-list state=Finished expires_before_datetime=2021-05-01

Human Readable Output

No items found

qualys-vm-scan-list

---

Lists vulnerability scans in the user’s account

Base Command

qualys-vm-scan-list

Input

Argument Name	Description	Required
scan_ref	Show only a scan with a certain scan reference code.	Optional
state	Show only one or more scan states.	Optional
processed	Specify 0 to show only scans that are not processed. Specify 1 to show only scans that have been processed. Possible values are: 0, 1.	Optional
type	Show only a certain scan type. Possible values are: On-Demand, Scheduled, API.	Optional
target	Show only one or more target IP addresses.	Optional
user_login	Show only a certain user login.	Optional
launched_after_datetime	Show only scans launched after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.	Optional
launched_before_datetime	Show only scans launched before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.	Optional
show_ags	Specify 1 to show asset group information for each scan in the output. Possible values are: 1.	Optional
show_op	Specify 1 to show option profile information for each scan in the output. Possible values are: 1.	Optional
show_status	Specify 0 to not show scan status for each scan in the output. Possible values are: 0.	Optional
show_last	Specify 1 to show only the most recent scan (which meets all other search filters in the request) in the output. Possible values are: 1.	Optional
scan_id	(Optional) Show only a scan with a certain compliance scan ID.	Optional
client_id	(Optional) Id assigned to the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.	Optional
client_name	(Optional) Name of the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.	Optional
pci_only	(Optional) Specify 1 to show only external PCI scans in the XML output. External PCI scans are vulnerability scans run with the option profile "Payment Card Industry (PCI) Options". When pci_only=1 is specified, the XML output will not include other types of scans run with other option profiles. Possible values are: 1.	Optional
ignore_target	(Optional) Specify 1 to hide target information from the scan list. Specify 0 to display the target information. Possible values are: 1, 0.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.Scan.REF	unknown	Scan REF.
Qualys.Scan.TYPE	unknown	Scan type.
Qualys.Scan.TITLE	unknown	Scan title.
Qualys.Scan.LAUNCH_DATETIME	unknown	Date and time the scan launched.
Qualys.Scan.DURATION	unknown	Scan Duration.
Qualys.Scan.PROCESSING_PRIORITY	unknown	Scan Processing Priority.
Qualys.Scan.PROCESSED	unknown	Scan Processed.
Qualys.Scan.STATUS.STATE	unknown	Scan status state.
Qualys.Scan.STATUS.SUB_STATE	unknown	Scan status sub state.
Qualys.Scan.SCHEDULE	unknown	Scan Schedule.
Qualys.Scan.TARGET	unknown	Scan Target.
Qualys.Scan.ASSET_GROUP_TITLE	unknown	Target Asset Group Title.
Qualys.Scan.DEFAULT_FLAG	unknown	Scan Default Flag.
Qualys.Scan.USER_LOGIN	unknown	The user that created the scan.

Command Example

!qualys-vm-scan-list launched_before_datetime=2021-04-20 type=API processed=1 state=Finished

Context Example

{

"Qualys": {

"Scan": [

{

"DURATION": "00:25:18",

"LAUNCH_DATETIME": "2021-04-11T12:54:19Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618145659.78157",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:25:18",

"LAUNCH_DATETIME": "2021-04-11T12:53:44Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618145624.78156",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:25:36",

"LAUNCH_DATETIME": "2021-04-11T12:52:40Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618145560.78154",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:24:49",

"LAUNCH_DATETIME": "2021-04-11T12:43:03Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618144983.78115",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:25:01",

"LAUNCH_DATETIME": "2021-04-11T12:42:22Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618144942.78113",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:25:56",

"LAUNCH_DATETIME": "2021-04-11T12:41:31Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618144892.78108",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:26:41",

"LAUNCH_DATETIME": "2021-04-11T12:41:22Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618144883.78106",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:25:20",

"LAUNCH_DATETIME": "2021-04-11T12:40:11Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618144811.78099",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:25:03",

"LAUNCH_DATETIME": "2021-04-11T12:39:05Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618144745.78096",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:24:54",

"LAUNCH_DATETIME": "2021-04-11T12:33:36Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1618144416.78068",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:37:29",

"LAUNCH_DATETIME": "2021-03-16T10:19:09Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615889949.37940",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:24:23",

"LAUNCH_DATETIME": "2021-03-16T10:08:20Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615889300.37888",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:22:17",

"LAUNCH_DATETIME": "2021-03-16T10:06:17Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615889177.37862",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:21:29",

"LAUNCH_DATETIME": "2021-03-16T10:02:28Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615888948.37811",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "01:00:13",

"LAUNCH_DATETIME": "2021-03-16T10:01:37Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615888897.37791",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:21:33",

"LAUNCH_DATETIME": "2021-03-16T10:01:09Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615888869.37785",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:21:29",

"LAUNCH_DATETIME": "2021-03-16T09:59:40Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615888780.37762",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:22:04",

"LAUNCH_DATETIME": "2021-03-16T09:27:32Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615886852.37638",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:22:14",

"LAUNCH_DATETIME": "2021-03-16T09:26:31Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615886791.37632",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:21:28",

"LAUNCH_DATETIME": "2021-03-16T09:22:38Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615886558.37620",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

},

{

"DURATION": "00:19:55",

"LAUNCH_DATETIME": "2021-03-16T09:18:53Z",

"PROCESSED": "1",

"PROCESSING_PRIORITY": "0 - No Priority",

"REF": "scan/1615886333.37610",

"STATUS": {

"STATE": "Finished"

},

"TARGET": "1.1.1.1",

"TITLE": "N/A",

"TYPE": "API",

"USER_LOGIN": "demst2nr"

}

]

}

}

Human Readable Output

Scan List

REF	TITLE	STATUS	PROCESSED	TYPE	TARGET	PROCESSING_PRIORITY	LAUNCH_DATETIME	DURATION	USER_LOGIN
scan/1618145659.78157	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:54:19Z	00:25:18	demst2nr
scan/1618145624.78156	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:53:44Z	00:25:18	demst2nr
scan/1618145560.78154	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:52:40Z	00:25:36	demst2nr
scan/1618144983.78115	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:43:03Z	00:24:49	demst2nr
scan/1618144942.78113	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:42:22Z	00:25:01	demst2nr
scan/1618144892.78108	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:41:31Z	00:25:56	demst2nr
scan/1618144883.78106	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:41:22Z	00:26:41	demst2nr
scan/1618144811.78099	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:40:11Z	00:25:20	demst2nr
scan/1618144745.78096	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:39:05Z	00:25:03	demst2nr
scan/1618144416.78068	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-04-11T12:33:36Z	00:24:54	demst2nr
scan/1615889949.37940	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T10:19:09Z	00:37:29	demst2nr
scan/1615889300.37888	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T10:08:20Z	00:24:23	demst2nr
scan/1615889177.37862	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T10:06:17Z	00:22:17	demst2nr
scan/1615888948.37811	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T10:02:28Z	00:21:29	demst2nr
scan/1615888897.37791	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T10:01:37Z	01:00:13	demst2nr
scan/1615888869.37785	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T10:01:09Z	00:21:33	demst2nr
scan/1615888780.37762	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T09:59:40Z	00:21:29	demst2nr
scan/1615886852.37638	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T09:27:32Z	00:22:04	demst2nr
scan/1615886791.37632	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T09:26:31Z	00:22:14	demst2nr
scan/1615886558.37620	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T09:22:38Z	00:21:28	demst2nr
scan/1615886333.37610	N/A	STATE: Finished	1	API	1.1.1.1	0 - No Priority	2021-03-16T09:18:53Z	00:19:55	demst2nr

qualys-scap-scan-list

---

Gives you a list of SCAP scans in your account

Base Command

qualys-scap-scan-list

Input

Argument Name	Description	Required
scan_ref	Show only a scan with a certain scan reference code.	Optional
state	Show only one or more scan states.	Optional
processed	Specify 0 to show only scans that are not processed. Specify 1 to show only scans that have been processed. Possible values are: 0, 1.	Optional
type	Show only a certain scan type. Possible values are: On-Demand, Scheduled, API.	Optional
target	Show only one or more target IP addresses.	Optional
user_login	Show only a certain user login.	Optional
launched_after_datetime	Show only scans launched after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.	Optional
launched_before_datetime	Show only scans launched before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.	Optional
show_ags	Specify 1 to show asset group information for each scan in the output. Possible values are: 1.	Optional
show_op	Specify 1 to show option profile information for each scan in the output. Possible values are: 1.	Optional
show_status	Specify 0 to not show scan status for each scan in the output. Possible values are: 0.	Optional
show_last	Specify 1 to show only the most recent scan (which meets all other search filters in the request) in the output. Possible values are: 1.	Optional
scan_id	(Optional) Show only a scan with a certain compliance scan ID.	Optional
client_id	(Optional) Id assigned to the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.	Optional
client_name	(Optional) Name of the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.	Optional
pci_only	(Optional) Specify 1 to show only external PCI scans in the XML output. External PCI scans are vulnerability scans run with the option profile "Payment Card Industry (PCI) Options". When pci_only=1 is specified, the XML output will not include other types of scans run with other option profiles. Possible values are: 1.	Optional
ignore_target	(Optional) Specify 1 to hide target information from the scan list. Specify 0 to display the target information. Possible values are: 1, 0.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.SCAP.Scan.ID	unknown	Scan ID.
Qualys.SCAP.Scan.Reference	unknown	Scan ref.
Qualys.SCAP.Scan.REF	unknown	Scan REF.
Qualys.SCAP.Scan.Type	unknown	Scan type.
Qualys.SCAP.Scan.Title	unknown	Scan title.
Qualys.SCAP.Scan.LaunchDatetime	unknown	Date and time the scan launched.
Qualys.SCAP.Scan.Duration	unknown	Scan Duration.
Qualys.SCAP.Scan.ProcessingPriority	unknown	Scan Processing Priority.
Qualys.SCAP.Scan.Processed	unknown	Scan Processed.
Qualys.SCAP.Scan.Status.State	unknown	Scan status state.
Qualys.SCAP.Scan.Status.SubState	unknown	Scan status sub state.
Qualys.SCAP.Scan.Schedule	unknown	Scan Schedule.
Qualys.SCAP.Scan.Target	unknown	Scan Target.
Qualys.SCAP.Scan.AssetGroupTitle	unknown	Target Asset Group Title.
Qualys.SCAP.Scan.DeafualtFlag	unknown	Scan Default Flag.
Qualys.SCAP.Scan.UserLogin	unknown	The user that created the scan.

Command Example

!qualys-scap-scan-list action=list

Human Readable Output

qualys-pc-scan-list

---

Get a list of compliance scans in your account.

Base Command

qualys-pc-scan-list

Input

Argument Name	Description	Required
scan_id	Scan id.	Optional
scan_ref	Scan reference.	Optional
state	Show only one or more scan states.	Optional
processed	Specify 0 to show only scans that are not processed. Specify 1 to show only scans that have been processed. Possible values are: 0, 1.	Optional
type	Show only a certain scan type.	Optional
target	Show only one or more target IP addresses.	Optional
user_login	Show only a certain user login.	Optional
launched_after_datetime	Show only scans launched after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.	Optional
launched_before_datetime	Show only scans launched before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.	Optional
show_ags	Specify 1 to show asset group information for each scan in the output. Possible values are: 1.	Optional
show_op	Specify 1 to show option profile information for each scan in the output. Possible values are: 1.	Optional
show_status	Specify 0 to not show scan status for each scan in the output. Possible values are: 0.	Optional
show_last	Specify 1 to show only the most recent scan (which meets all other search filters in the request) in the output. Possible values are: 1.	Optional
pci_only	Specify 1 to show only external PCI scans in the XML output. External PCI scans are vulnerability scans run with the option profile "Payment Card Industry (PCI) Options". When pci_only=1 is specified, the XML output will not include other types of scans run with other option profiles. Possible values are: 1, 0.	Optional
ignore_target	Specify 1 to hide target information from the scan list. Specify 0 to display the target information. Possible values are: 1, 0.	Optional
client_id	(Optional) Id assigned to the client (Consultant type subscriptions).	Optional
client_name	(Optional) Name of the client (Consultant type subscriptions). Note, The client_id and client_name parameters are mutually exclusive and cannot be specified together in the same request.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.Scan.REF	unknown	Scan REF.
Qualys.Scan.TYPE	unknown	Scan type.
Qualys.Scan.TITLE	unknown	Scan title.
Qualys.Scan.LAUNCH_DATETIME	unknown	Date and time the scan launched.
Qualys.Scan.DURATION	unknown	Scan Duration.
Qualys.Scan.PROCESSING_PRIORITY	unknown	Scan Processing Priority.
Qualys.Scan.PROCESSED	unknown	Scan Processed.
Qualys.Scan.STATUS.STATE	unknown	Scan status state.
Qualys.Scan.STATUS.SUB_STATE	unknown	Scan status sub state.
Qualys.Scan.SCHEDULE	unknown	Scan Schedule.
Qualys.Scan.TARGET	unknown	Scan Target.
Qualys.Scan.ASSET_GROUP_TITLE	unknown	Target Asset Group Title.
Qualys.Scan.DEFAULT_FLAG	unknown	Scan Default Flag.
Qualys.Scan.USER_LOGIN	unknown	The user that created the scan.

Command Example

!qualys-pc-scan-list scan_ref=compliance/1619018638.71779 processed=1 state=Finished

Human Readable Output

No items found

qualys-schedule-scan-list

---

Shows schedule scans

Base Command

qualys-schedule-scan-list

Input

Argument Name	Description	Required
id	The ID of the scan schedule you want to display.	Optional
active	Specify 1 for active schedules only, or 0 for deactivated schedules only. Possible values are: 0, 1.	Optional
show_notifications	(Optional) Specify 1 to include the notification settings for each schedule in the XML output.	Optional
scan_type	(Optional) Launch a scan with a certain type. Possible values are: certview, perimeter.	Optional
fqdn	(Optional) The target FQDN for a vulnerability scan. You must specify at least one target i.e. IPs, asset groups or FQDNs. Multiple values are comma separated.	Optional
show_cloud_details	(Optional) Set to 1 to display the cloud details (Provider, Connector, Scan Type and Cloud Target) in the XML output. Otherwise the details are not displayed in the output. The cloud details will show scan type "Cloud Perimeter" for cloud perimeter scans.	Optional
client_id	(Optional) Id assigned to the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.	Optional
client_name	(Optional) Name of the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.Scan.ID	unknown	Scan ID.
Qualys.Scan.REF	unknown	Scan REF.
Qualys.Scan.TYPE	unknown	Scan type.
Qualys.Scan.TITLE	unknown	Scan title.
Qualys.Scan.LAUNCH_DATETIME	unknown	Date and time the scan launched.
Qualys.Scan.DURATION	unknown	Scan Duration.
Qualys.Scan.PROCESSING_PRIORITY	unknown	Scan Processing Priority.
Qualys.Scan.PROCESSED	unknown	Scan Processed.
Qualys.Scan.STATUS.STATE	unknown	Scan status state.
Qualys.Scan.STATUS.SUB_STATE	unknown	Scan status sub state.
Qualys.Scan.TARGET	unknown	Scan Target.
Qualys.Scan.ASSET_GROUP_TITLE	unknown	Target Asset Group Title.
Qualys.Scan.DEFAULT_FLAG	unknown	Scan Default Flag.
Qualys.Scan.USER_LOGIN	unknown	The user that created the scan.
Qualys.Scan.ACTIVE	unknown	Scheduled scan active.
Qualys.Scan.USER_ENTERED_IPS.RANGE.START	unknown	IP range requested start.
Qualys.Scan.USER_ENTERED_IPS.RANGE.END	unknown	IP range requested end.
Qualys.Scan.ISCANNER_NAME	unknown	Iscanner name used in the scan.
Qualys.Scan.SCHEDULE.DAILY.@frequency_days	unknown	Frequency of usage of the scan.
Qualys.Scan.SCHEDULE.START_DATE_UTC	unknown	Start date of the scheduled scan in UTC format.
Qualys.Scan.SCHEDULE.START_HOUR	unknown	Start hour of the scheduled scan.
Qualys.Scan.SCHEDULE.START_MINUTE	unknown	Start minute of the scheduled scan.
Qualys.Scan.SCHEDULE.TIME_ZONE.TIME_ZONE_CODE	unknown	Time zone code of the time for the scheduled scan.
Qualys.Scan.SCHEDULE.TIME_ZONE.TIME_ZONE_DETAILS	unknown	Time zone details of the time for the scheduled scan.
Qualys.Scan.OPTION_PROFILE.DEFAULT_FLAG	unknown	Default flag of the option profile.
Qualys.Scan.OPTION_PROFILE.TITLE	unknown	Title of the option profile.
Qualys.Scan.EC2_INSTANCE.CONNECTOR_UUID	unknown	Connector UUID of EC2 instance.
Qualys.Scan.EC2_INSTANCE.EC2_ENDPOINT	unknown	Endpoint of EC2 instance.
Qualys.Scan.EC2_INSTANCE.EC2_ONLY_CLASSIC	unknown	EC2 only classic.

Command Example

!qualys-schedule-scan-list active=0 id=130694

Context Example

{

"Qualys": {

"Scan": {

"ACTIVE": "0",

"ID": "130694",

"ISCANNER_NAME": "External Scanner",

"OPTION_PROFILE": {

"DEFAULT_FLAG": "1",

"TITLE": "Initial Options"

},

"PROCESSING_PRIORITY": "0 - No Priority",

"SCHEDULE": {

"DAILY": {

"@frequency_days": "1"

},

"DST_SELECTED": "0",

"START_DATE_UTC": "2017-06-07T22:00:00Z",

"START_HOUR": "0",

"START_MINUTE": "0",

"TIME_ZONE": {

"TIME_ZONE_CODE": "BG",

"TIME_ZONE_DETAILS": "(GMT+0200) Bulgaria: Europe/Sofia"

}

},

"TARGET": "23.96.25.100",

"TITLE": "MyScan01",

"USER_ENTERED_IPS": {

"RANGE": {

"END": "23.96.25.100",

"START": "23.96.25.100"

}

},

"USER_LOGIN": "demst2nr"

}

}

}

Human Readable Output

Schedule Scan List

ACTIVE	ID	ISCANNER_NAME	OPTION_PROFILE	PROCESSING_PRIORITY	SCHEDULE	TARGET	TITLE	USER_ENTERED_IPS	USER_LOGIN
0	130694	External Scanner	TITLE: Initial Options DEFAULT_FLAG: 1	0 - No Priority	DAILY: {"@frequency_days": "1"} START_DATE_UTC: 2017-06-07T22:00:00Z START_HOUR: 0 START_MINUTE: 0 TIME_ZONE: {"TIME_ZONE_CODE": "BG", "TIME_ZONE_DETAILS": "(GMT+0200) Bulgaria: Europe/Sofia"} DST_SELECTED: 0	23.96.25.100	MyScan01	RANGE: {"START": "23.96.25.100", "END": "23.96.25.100"}	demst2nr

qualys-host-list

---

View a list of scanned hosts in the user account.

Base Command

qualys-host-list

Input

Argument Name	Description	Required
os_pattern	Show only hosts which have an operating system matching a certain regular expression. An empty value cannot be specified. Use “%5E%24” to match empty string.	Optional
truncation_limit	Specify the maximum number of host records processed per request. When not specified, the truncation limit is set to 1000 host records. You may specify a value less than the default (1-999) or greater than the default (1001-1000000).	Optional
ips	Show only certain IP addresses/ranges. One or more IPs/ranges may be specified. Multiple entries are comma separated. An IP range is specified with a hyphen (for example, 10.10.10.1-10.10.10.100).	Optional
ag_titles	Show only hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group).	Optional
ids	Show only certain host IDs/ranges. One or more host IDs/ranges may be specified. Multiple entries are comma separated. A host ID range is specified with a hyphen (for example, 190-400).Valid host IDs are required.	Optional
network_ids	(Optional, and valid only when the Network Support feature is enabled for the user’s account) Restrict the request to certain custom network IDs. Multiple network IDs are comma separated.	Optional
no_vm_scan_since	Show hosts not scanned since a certain date and time (optional). use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week. Permissions: An Auditor cannot specify this parameter.	Optional
vm_scan_since	Show hosts that were last scanned for vulnerabilities since a certain date and time (optional). Hosts that were the target of a vulnerability scan since the date/time will be shown. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week. Permissions: An Auditor cannot specify this parameter.	Optional
no_compliance_scan_since	(Optional) Show compliance hosts not scanned since a certain date and time (optional). This parameter is invalid for an Express Lite user. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
use_tags	Specify 0 (the default) if you want to select hosts based on IP addresses/ranges and/or asset groups. Specify 1 if you want to select hosts based on asset tags. Possible values are: 0, 1.	Optional
tag_set_by	(Optional when use_tags=1) Specify “id” (the default) to select a tag set by providing tag IDs. Specify “name” to select a tag set by providing tag names. Possible values are: id, name.	Optional
tag_include_selector	(Optional when use_tags=1) Select “any” (the default) to include hosts that match at least one of the selected tags. Select “all” to include hosts that match all of the selected tags. Possible values are: any, all.	Optional
tag_exclude_selector	(Optional when use_tags=1) Select “any” (the default) to exclude hosts that match at least one of the selected tags. Select “all” to exclude hosts that match all of the selected tags. Possible values are: any, all.	Optional
tag_set_include	(Optional when use_tags=1) Specify a tag set to include. Hosts that match these tags will be included. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated.	Optional
tag_set_exclude	(Optional when use_tags=1) Specify a tag set to exclude. Hosts that match these tags will be excluded. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated.	Optional
show_tags	(Optional) Specify 1 to display asset tags associated with each host in the XML output. Possible values are: 0, 1.	Optional
host_metadata	Specify the name of the cloud provider to show the assets managed by the cloud provider. Valid values: ec2, google, azure.	Optional
host_metadata_fields	(Optional when host_metadata is specified) Specify metadata fields to only return data for certain attributes.	Optional
show_cloud_tags	(Optional) Specify 1 to display cloud provider tags for each scanned host asset in the output. The default value of the parameter is set to 0. When set to 0, we will not show the cloud provider tags for the scanned assets. Possible values are: 0, 1.	Optional
cloud_tag_fields	(Optional when show_cloud_tags is specified) Specify cloud tags or cloud tag and name combinations to only return information for specified cloud tags. A cloud tag name and value combination is specified with a colon (for example:SomeTag6:AY_ec2). For each cloud tag, we show the cloud tag’s name, its value, and last success date (the tag last success date/time, fetched from instance). If this parameter is not specified and "show_cloud_tags" is set to 1, we will show all the cloud provider tags for the assets.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional
details	(Optional) Show the requested amount of host information for each host. A valid value is: Basic, Basic/AGs, All, All/AGs, or None.	Optional

Context Output

Path	Type	Description
Qualys.Endpoint.ID	unknown	Endpoint ID.
Qualys.Endpoint.IP	unknown	IP.
Qualys.Endpoint.CLOUD_PROVIDER	unknown	Host's cloud provider.
Qualys.Endpoint.DNS	unknown	DNS.
Qualys.Endpoint.EC2_INSTANCE_ID	unknown	EC2 instance ID.
Qualys.Endpoint.QG_HOSTID	unknown	QG host ID.
Qualys.Endpoint.CLOUD_SERVICE	unknown	Cloud service of the endpoint.
Qualys.Endpoint.TRACKING_METHOD	unknown	Tracking method of the endpoint.
Qualys.Endpoint.CLOUD_RESOURCE_ID	unknown	Cloud resource ID of the endpoint.
Qualys.Endpoint.DNS_DATA.DOMAIN	unknown	Domain of the endpoint.
Qualys.Endpoint.DNS_DATA.HOSTNAME	unknown	Host name of the endpoint.
Qualys.Endpoint.NETBIOS	unknown	NETBIOS.
Qualys.Endpoint.OS	unknown	Endpoint operating system.

Command Example

!qualys-host-list show_tags=1 vm_scan_since=2021-04-01

Context Example

{

"Qualys": {

"Endpoint": [

{

"DNS": "one.one.one.one",

"DNS_DATA": {

"DOMAIN": "one.one.one",

"FQDN": "one.one.one.one",

"HOSTNAME": "one"

},

"ID": "143444841",

"IP": "1.1.1.1",

"OS": "Linux 3.13",

"TAGS": {

"TAG": {

"NAME": "Internet Facing Assets",

"TAG_ID": "31029217"

}

},

"TRACKING_METHOD": "IP"

},

{

"ID": "299167859",

"IP": "1.1.1.1",

"OS": "Linux 2.x",

"TAGS": {

"TAG": {

"NAME": "Internet Facing Assets",

"TAG_ID": "31029217"

}

},

"TRACKING_METHOD": "IP"

}

]

}

}

Human Readable Output

Host List

DNS	DNS_DATA	ID	IP	OS	TAGS	TRACKING_METHOD
one.one.one.one	HOSTNAME: one DOMAIN: one.one.one FQDN: one.one.one.one	143444841	1.1.1.1	Linux 3.13	TAG: {"TAG_ID": "31029217", "NAME": "Internet Facing Assets"}	IP
		299167859	1.1.1.1	Linux 2.x	TAG: {"TAG_ID": "31029217", "NAME": "Internet Facing Assets"}	IP

qualys-virtual-host-list

---

View a list of virtual hosts in the user account.

Base Command

qualys-virtual-host-list

Input

Argument Name	Description	Required
ip	Show only virtual hosts that have a certain IP address.	Optional
port	Show only virtual hosts that have a certain port.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.VirtualEndpoint.IP	unknown	IP.
Qualys.VirtualEndpoint.PORT	unknown	Port.
Qualys.VirtualEndpoint.FQDN	unknown	Fully qualified domain name.

Command Example

!qualys-virtual-host-list ip=1.1.1.1 port=1231

Context Example

{

"Qualys": {

"VirtualEndpoint": {

"FQDN": "panw.raz.com",

"IP": "1.1.1.1",

"PORT": "1231"

}

}

}

Human Readable Output

Virtual Host List

FQDN	IP	PORT
panw.raz.com	1.1.1.1	1231

qualys-virtual-host-manage

---

View a list of virtual hosts in the user account.

Base Command

qualys-virtual-host-manage

Input

Argument Name	Description	Required
action	Virtual host action to perform. Possible values are: create, update, delete, add_fqdn, delete_fqdn.	Required
ip	An IP address for the virtual host configuration.	Required
port	A port number for the virtual host configuration.	Required
network_id	Network support must be enabled to specify the network_id. If network support is enabled and you do not provide a network_id, then the Default Global Network is considered. You can specify only one network_id.	Optional
fqdn	(Required for all actions except “delete”. Invalid for “delete”.) One or more fully-qualified domain names (FQDNs) for the virtual host configuration. Multiple entries are comma separated.	Optional

Context Output

Path	Type	Description
Qualys.VirtualEndpoint.DATETIME	unknown	Date and time of the executed manage action.
Qualys.VirtualEndpoint.TEXT	unknown	Result message of the executed action.

Command Example

!qualys-virtual-host-manage action=create ip=1.1.1.1 port=1291 fqdn=qualys-test.com

Context Example

{

"Qualys": {

"VirtualEndpoint": {

"DATETIME": "2021-05-30T08:48:03Z",

"TEXT": "Virtual host successfully created."

}

}

}

Human Readable Output

DATETIME	TEXT
2021-05-30T08:48:03Z	Virtual host successfully created.

qualys-host-excluded-list

---

Show the excluded host list for the user's account. Hosts in your excluded host list will not be scanned.

Base Command

qualys-host-excluded-list

Input

Argument Name	Description	Required
ips	Get list of excluded hosts or addresses range.	Optional
network_id	(Optional, and valid only when the Network Support feature is enabled for the user’s account) Restrict the request to a certain custom network ID.	Optional
ag_ids	(Optional) Show excluded hosts belonging to asset groups with certain IDs. One or more asset group IDs and/or ranges may be specified. Multiple entries are comma separated. A range is specified with a dash (for example, 386941-386945). Valid asset group IDs are required.	Optional
ag_titles	(Optional) Show excluded hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group).	Optional
use_tags	(Optional) Specify 0 (the default) if you want to select hosts based on IP addresses/ranges and/or asset groups. Specify 1 if you want to select hosts based on asset tags. Possible values are: 0, 1.	Optional
tag_include_selector	(Optional when use_tags=1) Specify "any" (the default) to include excluded hosts that match at least one of the selected tags. Specify "all" to include excluded hosts that match all of the selected tags. Possible values are: any, all.	Optional
tag_exclude_selector	(Optional when use_tags=1) Specify "any" (the default) to ignore excluded hosts that match at least one of the selected tags. Specify "all" to ignore excluded hosts that match all of the selected tags. Possible values are: any, all.	Optional
tag_set_by	(Optional when use_tags=1) Specify "id" (the default) to select a tag set by providing tag IDs. Specify "name" to select a tag set by providing tag names. Possible values are: id, name.	Optional
tag_set_include	(Optional when use_tags=1) Specify a tag set to include. Excluded hosts that match these tags will be included. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated.	Optional
tag_set_exclude	(Optional when use_tags=1) Specify a tag set to exclude. Excluded hosts that match these tags will be ignored. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.Excluded.Host.Address	unknown	IP Address.
Qualys.Excluded.Host.Address.#text	unknown	IP of excluded host with expiration date.
Qualys.Excluded.Host.Address.@expiration_date	unknown	Expiration date of excluded host address.
Qualys.Excluded.Host.Range.#text	unknown	Range of excluded hosts with expiration date.
Qualys.Excluded.Host.Range.@expiration_date	unknown	Expiration date of excluded hosts ranges.
Qualys.Excluded.Host.Range	unknown	Range of IP addresses.

Command Example

!qualys-host-excluded-list ips=1.1.1.1

Context Example

{

"Qualys": {

"Excluded": {

"Host": {

"Address": {

"#text": "1.1.1.1",

"@expiration_date": "2021-06-01T00:00:00Z"

}

}

}

}

}

Human Readable Output

ip
@expiration_date
#text

qualys-scheduled-report-list

---

Get list of scheduled reports

Base Command

qualys-scheduled-report-list

Input

Argument Name	Description	Required
id	Scheduled report ID.	Optional
is_active	Select is_active=1 for active or is_active=0 for inactive scheduled reports to view. Possible values are: 1, 0.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.Report.ID	String	Report ID.
Qualys.Report.TITLE	unknown	Report title.
Qualys.Report.TYPE	unknown	Report type.
Qualys.Report.LAUNCH_DATETIME	unknown	Date and time the report launched.
Qualys.Report.OUTPUT_FORMAT	unknown	Report output format.
Qualys.Report.SIZE	unknown	Report size.
Qualys.Report.STATUS.STATE	unknown	Report state status.
Qualys.Report.STATUS.MESSAGE	unknown	Report status message.
Qualys.Report.STATUS.PERCENT	unknown	Report status percent.
Qualys.Report.EXPIRATION_DATETIME	unknown	Report expiration datetime.
Qualys.Report.ACTIVE	unknown	Report active.
Qualys.Report.TEMPLATE_TITLE	unknown	Title of the template.
Qualys.Report.SCHEDULE.START_DATE_UTC	unknown	Start date of the scheduled report in UTC format.
Qualys.Report.SCHEDULE.START_HOUR	unknown	Start hour of the scheduled report.
Qualys.Report.SCHEDULE.START_MINUTE	unknown	Start minute of the scheduled report.
Qualys.Report.SCHEDULE.DAILY.@frequency_days	unknown	Frequency of the scheduled report.
Qualys.Report.SCHEDULE.TIME_ZONE.TIME_ZONE_CODE	unknown	Timezone of the scheduled report.
Qualys.Report.SCHEDULE.TIME_ZONE.TIME_ZONE_DETAILS	unknown	Timezone details of the scheduled report.

Command Example

!qualys-scheduled-report-list id=8084468 is_active=1

Context Example

{

"Qualys": {

"Report": {

"ACTIVE": "1",

"ID": "8084468",

"OUTPUT_FORMAT": "PDF",

"SCHEDULE": {

"DAILY": {

"@frequency_days": "1"

},

"DST_SELECTED": "0",

"START_DATE_UTC": "2021-03-15T09:49:00Z",

"START_HOUR": "11",

"START_MINUTE": "49",

"TIME_ZONE": {

"TIME_ZONE_CODE": "IL",

"TIME_ZONE_DETAILS": "(GMT +02:00) Israel"

}

},

"TEMPLATE_TITLE": "Executive Report",

"TITLE": "Test - 20210315"

}

}

}

Human Readable Output

Scheduled Report List

ACTIVE	ID	OUTPUT_FORMAT	SCHEDULE	TEMPLATE_TITLE	TITLE
1	8084468	PDF	DAILY: {"@frequency_days": "1"} START_DATE_UTC: 2021-03-15T09:49:00Z START_HOUR: 11 START_MINUTE: 49 TIME_ZONE: {"TIME_ZONE_CODE": "IL", "TIME_ZONE_DETAILS": "(GMT +02:00) Israel"} DST_SELECTED: 0	Executive Report	Test - 20210315

qualys-report-template-list

---

get list of report template for user

Base Command

qualys-report-template-list

Input

Argument Name	Description	Required
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.ReportTemplate.ID	unknown	Report template ID.
Qualys.ReportTemplate.TYPE	unknown	Report type.
Qualys.ReportTemplate.TITLE	unknown	Report template title.
Qualys.ReportTemplate.LAST_UPDATE	unknown	Last update time.
Qualys.ReportTemplate.GLOBAL	unknown	Report template global.
Qualys.ReportTemplate.DEFAULT	unknown	Report template default.
Qualys.ReportTemplate.USER.LOGIN	unknown	Last updated user login.
Qualys.ReportTemplate.USER.FIRSTNAME	unknown	Last updated user login first name.
Qualys.ReportTemplate.USER.LASTNAME	unknown	Last updated user login last name.
Qualys.ReportTemplate.TEMPLATE_TYPE	unknown	Type of report template.

Command Example

!qualys-report-template-list

Context Example

{

"Qualys": {

"ReportTemplate": [

{

"GLOBAL": "1",

"ID": "2385938",

"LAST_UPDATE": "2021-04-08T09:50:45Z",

"TEMPLATE_TYPE": "Map",

"TITLE": "maptemptest",

"TYPE": "Manual",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "0",

"ID": "2383157",

"LAST_UPDATE": "2021-03-15T10:19:46Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "Remediated Vulnerabilities Last 30 Days v.1",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "0",

"ID": "2383160",

"LAST_UPDATE": "2021-03-15T10:38:09Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "Assets at risk of Malware v.1",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "2339987",

"LAST_UPDATE": "2020-04-07T06:14:41Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "Patchable High-priority Vulnerabilities v.1 - (1)",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1977713",

"LAST_UPDATE": "2018-05-08T14:18:50Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "Virtually Patchable Assets v.1",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1977717",

"LAST_UPDATE": "2018-05-08T14:22:47Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "Virtually Patchable Assets v.2",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1977716",

"LAST_UPDATE": "2018-05-08T14:20:29Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "Assets with Obsolete Software v.1",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1977714",

"LAST_UPDATE": "2018-05-08T14:19:31Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "Patchable High-priority Vulnerabilities v.1",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1528875",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Patch",

"TITLE": "Qualys Patch Report",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1528873",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "Executive Report",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1528874",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "Technical Report",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1528876",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Scan",

"TITLE": "High Severity Report",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1528877",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Compliance",

"TITLE": "2008 SANS Top 20 Report",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "System",

"LASTNAME": "System",

"LOGIN": "System"

}

},

{

"GLOBAL": "1",

"ID": "1528878",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Compliance",

"TITLE": "Qualys Top 20 Report",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "System",

"LASTNAME": "System",

"LOGIN": "System"

}

},

{

"GLOBAL": "1",

"ID": "1528879",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Compliance",

"TITLE": "Payment Card Industry (PCI) Technical Report",

"TYPE": "Manual",

"USER": {

"FIRSTNAME": "System",

"LASTNAME": "System",

"LOGIN": "System"

}

},

{

"GLOBAL": "1",

"ID": "1528880",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Compliance",

"TITLE": "Payment Card Industry (PCI) Executive Report",

"TYPE": "Manual",

"USER": {

"FIRSTNAME": "System",

"LASTNAME": "System",

"LOGIN": "System"

}

},

{

"GLOBAL": "1",

"ID": "1528881",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Remediation",

"TITLE": "Executive Remediation Report",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "System",

"LASTNAME": "System",

"LOGIN": "System"

}

},

{

"GLOBAL": "1",

"ID": "1528882",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Remediation",

"TITLE": "Tickets per Vulnerability",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "System",

"LASTNAME": "System",

"LOGIN": "System"

}

},

{

"GLOBAL": "1",

"ID": "1528883",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Remediation",

"TITLE": "Tickets per User",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "System",

"LASTNAME": "System",

"LOGIN": "System"

}

},

{

"GLOBAL": "1",

"ID": "1528884",

"LAST_UPDATE": "2017-06-07T20:34:57Z",

"TEMPLATE_TYPE": "Remediation",

"TITLE": "Tickets per Asset Group",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "System",

"LASTNAME": "System",

"LOGIN": "System"

}

},

{

"GLOBAL": "1",

"ID": "1528886",

"LAST_UPDATE": "2017-06-07T20:35:05Z",

"TEMPLATE_TYPE": "Policy",

"TITLE": "Policy Report Template",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "1528888",

"LAST_UPDATE": "2017-06-07T20:34:58Z",

"TEMPLATE_TYPE": "Map",

"TITLE": "Unknown Device Report",

"TYPE": "Manual",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

},

{

"GLOBAL": "1",

"ID": "2389895",

"LAST_UPDATE": "2021-05-07T15:28:52Z",

"TEMPLATE_TYPE": "Patch",

"TITLE": "Critical Patches Required v.1",

"TYPE": "Auto",

"USER": {

"FIRSTNAME": "Neelima",

"LASTNAME": "Rustagi",

"LOGIN": "demst2nr"

}

}

]

}

}

Human Readable Output

Template Report List

GLOBAL	ID	LAST_UPDATE	TEMPLATE_TYPE	TITLE	TYPE	USER
1	2385938	2021-04-08T09:50:45Z	Map	maptemptest	Manual	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
0	2383157	2021-03-15T10:19:46Z	Scan	Remediated Vulnerabilities Last 30 Days v.1	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
0	2383160	2021-03-15T10:38:09Z	Scan	Assets at risk of Malware v.1	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	2339987	2020-04-07T06:14:41Z	Scan	Patchable High-priority Vulnerabilities v.1 - (1)	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1977713	2018-05-08T14:18:50Z	Scan	Virtually Patchable Assets v.1	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1977717	2018-05-08T14:22:47Z	Scan	Virtually Patchable Assets v.2	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1977716	2018-05-08T14:20:29Z	Scan	Assets with Obsolete Software v.1	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1977714	2018-05-08T14:19:31Z	Scan	Patchable High-priority Vulnerabilities v.1	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1528875	2017-06-07T20:34:57Z	Patch	Qualys Patch Report	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1528873	2017-06-07T20:34:57Z	Scan	Executive Report	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1528874	2017-06-07T20:34:57Z	Scan	Technical Report	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1528876	2017-06-07T20:34:57Z	Scan	High Severity Report	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1528877	2017-06-07T20:34:57Z	Compliance	2008 SANS Top 20 Report	Auto	LOGIN: System FIRSTNAME: System LASTNAME: System
1	1528878	2017-06-07T20:34:57Z	Compliance	Qualys Top 20 Report	Auto	LOGIN: System FIRSTNAME: System LASTNAME: System
1	1528879	2017-06-07T20:34:57Z	Compliance	Payment Card Industry (PCI) Technical Report	Manual	LOGIN: System FIRSTNAME: System LASTNAME: System
1	1528880	2017-06-07T20:34:57Z	Compliance	Payment Card Industry (PCI) Executive Report	Manual	LOGIN: System FIRSTNAME: System LASTNAME: System
1	1528881	2017-06-07T20:34:57Z	Remediation	Executive Remediation Report	Auto	LOGIN: System FIRSTNAME: System LASTNAME: System
1	1528882	2017-06-07T20:34:57Z	Remediation	Tickets per Vulnerability	Auto	LOGIN: System FIRSTNAME: System LASTNAME: System
1	1528883	2017-06-07T20:34:57Z	Remediation	Tickets per User	Auto	LOGIN: System FIRSTNAME: System LASTNAME: System
1	1528884	2017-06-07T20:34:57Z	Remediation	Tickets per Asset Group	Auto	LOGIN: System FIRSTNAME: System LASTNAME: System
1	1528886	2017-06-07T20:35:05Z	Policy	Policy Report Template	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	1528888	2017-06-07T20:34:58Z	Map	Unknown Device Report	Manual	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi
1	2389895	2021-05-07T15:28:52Z	Patch	Critical Patches Required v.1	Auto	LOGIN: demst2nr FIRSTNAME: Neelima LASTNAME: Rustagi

qualys-vulnerability-list

---

download a list of vulnerabilities from Qualys’ KnowledgeBase

Base Command

qualys-vulnerability-list

Input

Argument Name	Description	Required
details	Show the requested amount of information for each vulnerability in the XML output. A valid value is: Basic (default), All, or None. Basic includes basic elements plus CVSS Base and Temporal scores. All includes all vulnerability details, including the Basic details. Possible values are: Basic, All, None.	Optional
ids	Used to filter the XML output to include only vulnerabilities that have QID numbers matching the QID numbers you specify.	Optional
id_min	Used to filter the XML output to show only vulnerabilities that have a QID number greater than or equal to a QID number you specify.	Optional
id_max	Used to filter the XML output to show only vulnerabilities that have a QID number less than or equal to a QID number you specify.	Optional
is_patchable	Used to filter the XML output to show only vulnerabilities that are patchable or not patchable. A vulnerability is considered patchable when a patch exists for it. When 1 is specified, only vulnerabilities that are patchable will be included in the output. When 0 is specified, only vulnerabilities that are not patchable will be included in the output. When unspecified, patchable and unpatchable vulnerabilities will be included in the output. Possible values are: 0, 1.	Optional
last_modified_after	Used to filter the XML output to show only vulnerabilities last modified after a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
last_modified_before	Used to filter the XML output to show only vulnerabilities last modified before a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
last_modified_by_user_after	Used to filter the XML output to show only vulnerabilities last modified by a user after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
last_modified_by_user_before	Used to filter the XML output to show only vulnerabilities last modified by a user before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
last_modified_by_service_after	Used to filter the XML output to show only vulnerabilities last modified by the service after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
last_modified_by_service_before	Used to filter the XML output to show only vulnerabilities last modified by the service before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
published_after	Used to filter the XML output to show only vulnerabilities published after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
published_before	Used to filter the XML output to show only vulnerabilities published before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like “2007-07-01” or “2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.	Optional
discovery_method	(Optional) Used to filter the XML output to show only vulnerabilities assigned a certain discovery method. A valid value is: Remote, Authenticated, RemoteOnly, AuthenticatedOnly, or RemoteAndAuthenticated. Possible values are: Remote, Authenticated, RemoteOnly, AuthenticatedOnly, RemoteAndAuthenticated.	Optional
discovery_auth_types	Used to filter the XML output to show only vulnerabilities having one or more authentication types. A valid value is: Windows, Oracle, Unix or SNMP. Multiple values are entered as a comma-separated list.	Optional
show_pci_reasons	Used to filter the XML output to show reasons for passing or failing PCI compliance (when the CVSS Scoring feature is turned on in the user’s subscription). Specify 1 to view the reasons in the XML output. When unspecified, the reasons are not included in the XML output. Possible values are: 0, 1.	Optional
show_supported_modules_info	Used to filter the XML output to show Qualys modules that can be used to detect each vulnerability. Specify 1 to view supported modules in the XML output. When unspecified, supported modules are not included in the XML output. Possible values are: 0, 1.	Optional
show_disabled_flag	Specify 1 to include the disabled flag for each vulnerability in the XML output. Possible values are: 0, 1.	Optional
show_qid_change_log	Specify 1 to include QID changes for each vulnerability in the XML output. Possible values are: 0, 1.	Optional
limit	Specify a positive numeric value to limit the amount of results in the requested list.	Optional

Context Output

Path	Type	Description
Qualys.Vulnerability.List.QID	unknown	Vulnerability QID.
Qualys.Vulnerability.List.PATCHABLE	unknown	Is Vulnerability patchable.
Qualys.Vulnerability.List.SEVERITY_LEVEL	unknown	Severity level of the Vulnerability.
Qualys.Vulnerability.List.CONSEQUENCE	unknown	Consequence of the Vulnerability.
Qualys.Vulnerability.List.VENDOR_REFERENCE_LIST.VENDOR_REFERENCE.ID	unknown	ID of the vendor.
Qualys.Vulnerability.List.VENDOR_REFERENCE_LIST.VENDOR_REFERENCE.URL	unknown	URL of the vendor.
Qualys.Vulnerability.List.LAST_SERVICE_MODIFICATION_DATETIME	unknown	Date of the last service modification.
Qualys.Vulnerability.List.CVE_LIST.CVE.ID	unknown	CVE ID.
Qualys.Vulnerability.List.CVE_LIST.CVE.URL	unknown	CVE URL.
Qualys.Vulnerability.List.PUBLISHED_DATETIME	unknown	Published date.
Qualys.Vulnerability.List.DISCOVERY.ADDITIONAL_INFO	unknown	Additional info.
Qualys.Vulnerability.List.DISCOVERY.AUTH_TYPE_LIST.AUTH_TYPE	unknown	Discovery Authentication type.
Qualys.Vulnerability.List.DISCOVERY.REMOTE	unknown	Is discovery remote.
Qualys.Vulnerability.List.DIAGNOSIS	unknown	Diagnosis of vulnerability.
Qualys.Vulnerability.List.PCI_FLAG	unknown	PCI flag.
Qualys.Vulnerability.List.SOFTWARE_LIST.SOFTWARE.PRODUCT	unknown	Product name.
Qualys.Vulnerability.List.SOFTWARE_LIST.SOFTWARE.VENDOR	unknown	Vendor of the product.
Qualys.Vulnerability.List.VULN_TYPE	unknown	Type of the vulnerability.
Qualys.Vulnerability.List.TITLE	unknown	Title of the vulnerability.
Qualys.Vulnerability.List.SOLUTION	unknown	Solution for the vulnerability.
Qualys.Vulnerability.List.CATEGORY	unknown	Category of the vulnerability.

Command Example

!qualys-vulnerability-list published_after=2021-04-01 published_before=2021-04-20 details=Basic is_patchable=1

Context Example

{

"File": {

"EntryID": "1457@ad70a33b-26a4-4a3c-8013-24494880c3ee",

"Info": "text/html",

"MD5": "fcc96f72a8ec05bad85f76b84b660548",

"Name": "Result file",

"SHA1": "c7511da62209ea195fb3e4c57e472ed8f47576bc",

"SHA256": "3551eb3fea9fd881dc5827bb53040f11aedaa1515045bbf5ab7b648e6fc380b7",

"SHA512": "480085d65387a950e9a60d017ced084290c1bc2f783dad758e986e15b04c5edd6c1ff622f6632875a7ad54f7105bcbb4eb05f3878995ad27c797eb41c4b27afe",

"SSDeep": "3072:UtD4/FegMJuPyfrDK2fkQqGp+Zr2QNim101s6cZj+5BnF/WkWFdG5LB3Zag357OB:u/5LsTMc4/U5",

"Size": 713309,

"Type": "HTML document text, ASCII text, with very long lines"

},

"Qualys": {

"Vulnerability": {

"List": [

{

"CATEGORY": "CGI",

"CONSEQUENCE": "These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting (XSS) vulnerabilities.<P>",

"CORRELATION": {

"EXPLOITS": {

"EXPLT_SRC": {

"EXPLT_LIST": {

"EXPLT": [

{

"DESC": "jQuery 1.2 - Cross-Site Scripting (XSS) - The Exploit-DB Ref : 49766",

"LINK": "http://www.exploit-db.com/exploits/49766",

"REF": "CVE-2020-11022"

},

{

"DESC": "jQuery 1.0.3 - Cross-Site Scripting (XSS) - The Exploit-DB Ref : 49767",

"LINK": "http://www.exploit-db.com/exploits/49767",

"REF": "CVE-2020-11023"

}

]

},

"SRC_NAME": "The Exploit-DB"

}

}

},

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-11022",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022"

},

{

"ID": "CVE-2020-11023",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023"

}

]

},

"DIAGNOSIS": "Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.<P>\n\nAffected version:<br/>\nAtlassian Jira before version 8.15.0<P>\n\nQID Detection Logic:(Unauthenticated)<br/>\nIt checks for vulnerable version of Atlassian Jira.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available, Exploit Available",

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:29Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:29Z",

"QID": "10083",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "jira",

"VENDOR": "atlassian"

}

},

"SOLUTION": "Customers are advised to refer to <A HREF=\"https://jira.atlassian.com/browse/JRASERVER-72052\" TARGET=\"_blank\">JRASERVER-72052</A> for updates pertaining to this vulnerability.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://jira.atlassian.com/browse/JRASERVER-72052\" TARGET=\"_blank\">JRASERVER-72052</A>",

"TITLE": "Atlassian Jira Cross-Site Scripting Vulnerability(JRASERVER-72052)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "JRASERVER-72052",

"URL": "https://jira.atlassian.com/browse/JRASERVER-72052"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "CGI",

"CONSEQUENCE": "Allow a remote attacker to inject arbitrary Javascript into the context of the application.<P>",

"DIAGNOSIS": "Confluence is team collaboration software written in Java.<P>\n\nAffected Versions:<br/>\nAtlassian Confluence before version 7.4.8<P>\n\nQID Detection Logic:<br/>\nThis unauthenticated QID detects vulnerable Atlassian Confluence versions by making GET request to login.action page and parsing information exposed in ajs-version-number or footer-build-information HTML entities.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:29Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:29Z",

"QID": "10501",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "confluence",

"VENDOR": "atlassian"

}

},

"SOLUTION": "Customers are advised to refer to upgrade to <A HREF=\"https://www.atlassian.com/software/confluence/download\" TARGET=\"_blank\">Atlassian Confluence 7.8.0, 6.13.20, 7.4.8</A> or later versions to remediate this vulnerability.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://jira.atlassian.com/browse/CONFSERVER-61622\" TARGET=\"_blank\">CONFSERVER-61622</A>",

"TITLE": "Atlassian Confluence Cross-Site Scripting Vulnerability (CONFSERVER-61622)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "CONFSERVER-61622",

"URL": "https://jira.atlassian.com/browse/CONFSERVER-61622"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"BUGTRAQ_LIST": {

"BUGTRAQ": {

"ID": "95386",

"URL": "http://www.securityfocus.com/bid/95386"

}

},

"CATEGORY": "CGI",

"CONSEQUENCE": "An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2019-7932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7932"

}

},

"DIAGNOSIS": "Magento is PHP based e-commerce platform.<br/>\nMagento Commerce has a remote code execution vulnerability<P>\n\nAffected Versions:<br/>\nMagento Commerce prior to 1.14.4.2<br/>\nMagento 2.1 prior to 2.1.18<br/>\nMagento 2.2 prior to 2.2.9<br/>\nMagento 2.3 prior to 2.3.2<P>\n\nQID Detection Logic:<br/>\nThis QID checks for vulnerable version of Magento on system<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "13250",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "magento",

"VENDOR": "adobe"

}

},

"SOLUTION": "The vendor has released a fix in <A HREF=\"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13\" TARGET=\"_blank\">PRODSECBUG-2351</A> to remediate this vulnerability.<br/>\n\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://magento.com/tech-resources/download?_ga=2.48007079.18249196.1609397868-1531796080.1609397868\" TARGET=\"_blank\">Magento</A>",

"TITLE": "Magento Commerce Remote Code Execution Vulnerability",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "CVE-2019-7932",

"URL": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Hardware",

"CONSEQUENCE": "This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-0223",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0223"

},

{

"ID": "CVE-2021-0204",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0204"

}

]

},

"DIAGNOSIS": "Juniper Junos is the network operating system used in Juniper Networks hardware systems.<P>\n\nMultiple local privilege escalation vulnerabilities in Juniper Networks Junos OS have been reported due to the setuid bit being enabled on multiple binaries.<P>\n\nAffected releases are Junos OS:<br/>\nall versions prior to 15.1R7-S9;\n17.3 versions prior to 17.3R3-S11;\n17.4 versions prior to 17.4R2-S12, 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S6;\n18.3 versions prior to 18.3R3-S4;\n18.4 versions prior to 18.4R2-S7, 18.4R3-S6;\n19.1 versions prior to 19.1R2-S2, 19.1R3-S4;\n19.2 versions prior to 19.2R1-S6, 19.2R3-S1;\n19.3 versions prior to 19.3R3-S1;\n19.4 versions prior to 19.4R2-S2, 19.4R3-S1;\n20.1 versions prior to 20.1R1-S4, 20.1R2;\n20.2 versions prior to 20.2R2.\n\n\nQID detection logic: (Authenticated)<br/>\nIt checks for vulnerable Junos OS version.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "43823",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "junos",

"VENDOR": "juniper"

}

},

"SOLUTION": "The vendor has released fixes.<br/>\nThe following software releases have been updated to resolve these specific issues:<br/>\n\nJunos OS 15.1R7-S9*, 17.3R3-S11*, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R3-S1, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases.<br/>\n\n\nFor more information please visit <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11114\" TARGET=\"_blank\">JSA11114</A>.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11114\" TARGET=\"_blank\">JSA11114</A>",

"TITLE": "Juniper Junos Multiple Local Privilege Escalation Vulnerabilities (JSA11114)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "JSA11114",

"URL": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11114"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Hardware",

"CONSEQUENCE": "Successful exploitation allows unauthorized disclosure information.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2009-3238",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3238"

}

},

"DIAGNOSIS": "A security vulnerability in certain HPE routers, switches, and office connectivity products that use Linux-based Comware 5 and Comware 7 software could allow remote unauthorized disclosure of information.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "43824",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "router",

"VENDOR": "hpe"

}

},

"SOLUTION": "Vendor has released updates to fix the issue. Please refer to vendor advisory <A HREF=\"https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03836en_us\" TARGET=\"_blank\">HPESBHF03836</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf03836en_us\" TARGET=\"_blank\">HPESBHF03836</A>",

"TITLE": "HPE Comware Routers and Switches Remote Unauthorized Disclosure of Information HPESBHF03836",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "HPESBHF03836",

"URL": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf03836en_us"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Hardware",

"CONSEQUENCE": "On Successful exploitation could lead to information disclosure.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2019-5591",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5591"

}

},

"DIAGNOSIS": "<P>FortiOS is a security-hardened, purpose-built operating system that is the software foundation of FortiGate.<br/>\nIt is affected with following vulnerability:<br/> CVE-2019-5591 : A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet <br/>to intercept sensitive information by impersonating the LDAP server.\n\n<P>Affected Products :<br/>\n FortiOS 6.2.0 and below. Enabling the CLI option that checks for LDAP server identity entirely prevents the issue. Potential detection as cannot determine server-identity-check enabled or disabled.\n\nNote: FortiOS 6.2.1 and above have server-identity-check enabled by default, when installed from scratch. <br/>Upgrading from 6.0.3 - 6.2.0 to 6.2.1 and above does not suffice to thwart the <br/>issue: server-identity-check must be enabled (prior the upgrade of after, indifferently) to solve this.\n\n<P>QID Detection Logic (Authenticated) :<br/>\nDetection checks for vulnerable version of FortiOS.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-13T05:06:29Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "43825",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "fortios",

"VENDOR": "cisco"

}

},

"SOLUTION": "Enabling the CLI option that checks for LDAP server identity entirely prevents the issue OR Upgrade to FortiOS 6.2.1 or above from scratch.\nVendor has released fix to address these vulnerabilities. Refer to <A HREF=\"https://www.fortiguard.com/psirt/FG-IR-19-037\" TARGET=\"_blank\">FG-IR-19-037</A>Workaround:<br/> A workaround exists, enabling the CLI option that checks for LDAP server identity entirely prevents the issue. This option can be enabled only if secure and ca-cert of the LDAP server are set. \nFollowing commands can be used for this cli option:\nconfig user ldap\nedit ldap-server\nset ca-cert\nset secure ldaps\nset server-identity-check enable\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://www.fortiguard.com/psirt/FG-IR-19-037\" TARGET=\"_blank\">FG-IR-19-037: FortiOS</A>",

"TITLE": "Fortigate FortiOS Default Configuration(FG-IR-19-037)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "FG-IR-19-037",

"URL": "https://www.fortiguard.com/psirt/FG-IR-19-037"

}

},

"VULN_TYPE": "Potential Vulnerability"

},

{

"CATEGORY": "Hardware",

"CONSEQUENCE": "This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-1660",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1660"

}

},

"DIAGNOSIS": "Juniper Junos is the network operating system used in Juniper Networks hardware systems.<P>\n\nAffected releases are Junos OS:<br/>\n17.3 versions prior to 17.3R3-S8.<br/>\n18.3 versions prior to 18.3R3-S1.<br/>\n18.4 versions prior to 18.4R3.<br/>\n19.1 versions prior to 19.1R3.<br/>\n19.2 versions prior to 19.2R2.<br/>\n19.3 versions prior to 19.3R3.<P>\n\nQID detection logic: (Authenticated)<br/>\nIt checks for vulnerable Junos OS version.\n\nNOTE: The following minimal configuration is required to potentially hit this issue:\nservices web-filter profile profile-name dns-filter-template template-name",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "43826",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "junos",

"VENDOR": "juniper"

}

},

"SOLUTION": "The vendor has released fixes.<br/>For more information please visit <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11054\" TARGET=\"_blank\">JSA11054</A>.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11054\" TARGET=\"_blank\">JSA11054</A>",

"TITLE": "Juniper Junos OS:MX Series Denial of Service (DNS Filtering)vulnerability(JSA11054)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "JSA11054",

"URL": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11054"

}

},

"VULN_TYPE": "Potential Vulnerability"

},

{

"CATEGORY": "Hardware",

"CONSEQUENCE": "Successful exploitation allows attacker to execute remote code.<P>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-0254",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0254"

}

},

"DIAGNOSIS": "Juniper Junos is the network operating system used in Juniper Networks hardware systems.<P>\nA buffer overflow vulnerability exists in the overlayd service of Juniper Networks Junos OS.<br/>\nThe overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow.<P>\n\nAffected releases are Junos OS:<br/>\n15.1X49 versions prior to 15.1X49-D240 on SRX Series;<br/>\n15.1 versions prior to 15.1R7-S9;<br/>\n17.3 versions prior to 17.3R3-S11;<br/>\n17.4 versions prior to 17.4R2-S13, 17.4R3-S4;<br/>\n18.1 versions prior to 18.1R3-S12;<br/>\n18.2 versions prior to 18.2R2-S8, 18.2R3-S7;<br/>\n18.3 versions prior to 18.3R3-S4;<br/>\n18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7;<br/>\n19.1 versions prior to 19.1R2-S2, 19.1R3-S4;<br/>\n19.2 versions prior to 19.2R1-S6, 19.2R3-S2;<br/>\n19.3 versions prior to 19.3R3-S1;<br/>\n19.4 versions prior to 19.4R2-S4, 19.4R3-S1;<br/>\n20.1 versions prior to 20.1R2-S1, 20.1R3;<br/>\n20.2 versions prior to 20.2R2, 20.2R2-S1, 20.2R3;<br/>\n20.3 versions prior to 20.3R1-S1.<P>\n\nQID detection logic: (Authenticated)<br/>\nIt checks for vulnerable Junos OS version.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T16:47:32Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "43827",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "junos",

"VENDOR": "juniper"

}

},

"SOLUTION": "The vendor has released fixes.<br/>\nThe following software releases have been updated to resolve these specific issues:<br/>\n\nJunos OS 15.1X49-D240, 15.1R7-S9, 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.2R3-S7, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S1, 19.4R2-S4, 19.4R3-S1, 20.1R2-S1, 20.1R3, 20.2R2, 20.2R2-S1, 20.2R3, 20.3R1-S1, 20.4R1, and all subsequent releases.<br/>\n\n\nFor more information please visit <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11114\" TARGET=\"_blank\">JSA11147</A>.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11147&actp=METADATA\" TARGET=\"_blank\">JSA11147</A>",

"TITLE": "Juniper Junos Remote Code Execution Vulnerability (JSA11147)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "JSA11147",

"URL": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11147&actp=METADATA"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Mail services",

"CONSEQUENCE": "Successful exploitation allows attackers to execute remote code.<br/>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-28480",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28480"

},

{

"ID": "CVE-2021-28481",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28481"

},

{

"ID": "CVE-2021-28482",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28482"

},

{

"ID": "CVE-2021-28483",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28483"

}

]

},

"DIAGNOSIS": "Microsoft Exchange Server is prone to remote code execution vulnerability.<br/>\nKB Articles associated with this update are: KB5001779<P>\nAffected Versions:<br/>\nMicrosoft Exchange Server 2013 Cumulative Update 23<br/>\nMicrosoft Exchange Server 2016 Cumulative Update 19<br/>\nMicrosoft Exchange Server 2016 Cumulative Update 20<br/>\nMicrosoft Exchange Server 2019 Cumulative Update 8<br/>\nMicrosoft Exchange Server 2019 Cumulative Update 9<P>\n\nQID Detection Logic (authenticated):<br/>The QID checks for the version of file Exsetup.exe.<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Windows"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:01Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",

"QID": "50109",

"SEVERITY_LEVEL": "5",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "exchange_server",

"VENDOR": "microsoft"

}

},

"SOLUTION": "Customers are advised to refer to <A HREF=\"https://support.microsoft.com/help/5001779\" TARGET=\"_blank\">KB5001779</A> for information pertaining to this vulnerability.<br/>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://support.microsoft.com/help/5001779\" TARGET=\"_blank\">KB5001779</A>",

"TITLE": "Microsoft Exchange Server Remote Code Execution Vulnerability - April 2021",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "KB5001779",

"URL": "https://support.microsoft.com/help/5001779"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Web server",

"CONSEQUENCE": "A successful exploit could give an unauthenticated attacker access file on the SAP system.",

"CORRELATION": {

"EXPLOITS": {

"EXPLT_SRC": {

"EXPLT_LIST": {

"EXPLT": {

"DESC": "SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal - The Exploit-DB Ref : 39996",

"LINK": "http://www.exploit-db.com/exploits/39996",

"REF": "CVE-2016-3976"

}

},

"SRC_NAME": "The Exploit-DB"

}

}

},

"CVE_LIST": {

"CVE": {

"ID": "CVE-2016-3976",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3976"

}

},

"DIAGNOSIS": "SAP NetWeaver Application Server (AS) or SAP Web Application Server is a component of the solution which works as a web application server to SAP solutions.<P>\nSAP NetWeaver AS JAVA is exposed to a directory traversal vulnerability. (CVE-2016-3976)\n<P>Affected Versions<br/>\nSAP NetWeaver AS JAVA Versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40 , 7.50.\n<P>QID Detection Logic(s):<br/>\nScan initiates HTTP request with an active payload to detect the vulnerability.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available, Exploit Available",

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:32Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:32Z",

"QID": "87446",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "netweaver",

"VENDOR": "sap"

}

},

"SOLUTION": "some solution",

"TITLE": "SAP NetWeaver AS JAVA Directory Traversal Vulnerability",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "someid",

"URL": "https://blogs.sap.com/2016/03/08/sap-security-patch-day-march-2016/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Web server",

"CONSEQUENCE": "A successful exploit could give an unauthenticated attacker to obtain unauthorized access to an OS filesystem.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2016-9563",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9563"

}

},

"DIAGNOSIS": "SAP NetWeaver Application Server (AS) or SAP Web Application Server is a component of the solution which works as a web application server to SAP solutions.<P>\nBC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI<P>\n<P>Affected Versions<br/>\nSAP NetWeaver AS JAVA Versions 7.50.\n<P>QID Detection Logic(s):<br/>\nThis QID sends a HTTP POST request to &quot;sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn&quot; to detect the vulnerability",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T12:29:35Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:32Z",

"QID": "87447",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "netweaver",

"VENDOR": "sap"

}

},

"SOLUTION": "somesolution2",

"TITLE": "SAP NetWeaver AS JAVA 7.5 XML External Entity Vulnerability",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "someid2",

"URL": "https://service.sap.com/sap/support/notes/2296909"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Windows",

"CONSEQUENCE": "Successful exploitation allows attacker to bypass the security feature and allows set a second cookie with the name being percent encoded.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-26701",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26701"

}

},

"DIAGNOSIS": "A denial of service vulnerability exists when .NET Core improperly handles web requests.<br/>\nThis security update is rated Important for supported versions of .NET Core.<P>\nAffected versions:<br/>\nAny .NET Core 2.1 , 3.1 or .NET 5.0 application running on .NET Core 2.1.25, 3.1.12 or .NET 5.0.3 or lower respectively.<P>\nQID Detection Logic (Authenticated):<br/>\nThe qid looks for sub directories under %programfiles%\\dotnet\\shared\\Microsoft.NETCore.App, %programfiles(x86)%\\dotnet\\shared\\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Windows"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-12T13:50:00Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-12T13:50:00Z",

"QID": "91756",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": ".net_core",

"VENDOR": "microsoft"

}

},

"SOLUTION": "Customers are advised to refer to <A HREF=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701\" TARGET=\"_blank\">CVE-2021-26701</A> for more details pertaining to this vulnerability.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701\" TARGET=\"_blank\">CVE-2021-26701: WIndows</A>",

"TITLE": "Microsoft .NET Core Security Update March 2021",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "CVE-2021-26701",

"URL": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Windows",

"CONSEQUENCE": "Successful exploitation can affect confidentiality, integrity and availability.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-27064",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27064"

}

},

"DIAGNOSIS": "Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.<P>\n\nAffected Software:<br/>\nMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)<br/>\nMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)<br/>\nMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)<br/>\n\nMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)<P>\nQID Detection Logic:Authenticated<br/>\nThis QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Windows"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-14T05:14:46Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",

"QID": "91757",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "visual studio",

"VENDOR": "microsoft"

}

},

"SOLUTION": "Customers are advised to refer to <A HREF=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27064\" TARGET=\"_blank\">CVE-2021-27064</A> for more information pertaining to this vulnerability.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27064\" TARGET=\"_blank\">CVE-2021-27064: WIndows</A>",

"TITLE": "Microsoft Visual Studio Security Update for April 2021",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "CVE-2021-27064",

"URL": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27064"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Windows",

"CONSEQUENCE": "A remote attacker could exploit this vulnerability and execute code on the target system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26413",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26413"

},

{

"ID": "CVE-2021-26415",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26415"

},

{

"ID": "CVE-2021-26416",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26416"

},

{

"ID": "CVE-2021-26417",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26417"

},

{

"ID": "CVE-2021-27072",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27072"

},

{

"ID": "CVE-2021-27079",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27079"

},

{

"ID": "CVE-2021-27086",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27086"

},

{

"ID": "CVE-2021-27088",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27088"

},

{

"ID": "CVE-2021-27089",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27089"

},

{

"ID": "CVE-2021-27090",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27090"

},

{

"ID": "CVE-2021-27091",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27091"

},

{

"ID": "CVE-2021-27092",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27092"

},

{

"ID": "CVE-2021-27093",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27093"

},

{

"ID": "CVE-2021-27094",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27094"

},

{

"ID": "CVE-2021-27095",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27095"

},

{

"ID": "CVE-2021-27096",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27096"

},

{

"ID": "CVE-2021-28309",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28309"

},

{

"ID": "CVE-2021-28310",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28310"

},

{

"ID": "CVE-2021-28311",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28311"

},

{

"ID": "CVE-2021-28312",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28312"

},

{

"ID": "CVE-2021-28313",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28313"

},

{

"ID": "CVE-2021-28314",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28314"

},

{

"ID": "CVE-2021-28315",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28315"

},

{

"ID": "CVE-2021-28316",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28316"

},

{

"ID": "CVE-2021-28317",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28317"

},

{

"ID": "CVE-2021-28318",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28318"

},

{

"ID": "CVE-2021-28319",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28319"

},

{

"ID": "CVE-2021-28320",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28320"

},

{

"ID": "CVE-2021-28321",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28321"

},

{

"ID": "CVE-2021-28322",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28322"

},

{

"ID": "CVE-2021-28323",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28323"

},

{

"ID": "CVE-2021-28324",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28324"

},

{

"ID": "CVE-2021-28325",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28325"

},

{

"ID": "CVE-2021-28326",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28326"

},

{

"ID": "CVE-2021-28327",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28327"

},

{

"ID": "CVE-2021-28328",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28328"

},

{

"ID": "CVE-2021-28329",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28329"

},

{

"ID": "CVE-2021-28330",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28330"

},

{

"ID": "CVE-2021-28331",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28331"

},

{

"ID": "CVE-2021-28332",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28332"

},

{

"ID": "CVE-2021-28333",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28333"

},

{

"ID": "CVE-2021-28334",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28334"

},

{

"ID": "CVE-2021-28335",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28335"

},

{

"ID": "CVE-2021-28336",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28336"

},

{

"ID": "CVE-2021-28337",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28337"

},

{

"ID": "CVE-2021-28338",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28338"

},

{

"ID": "CVE-2021-28339",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28339"

},

{

"ID": "CVE-2021-28340",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28340"

},

{

"ID": "CVE-2021-28341",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28341"

},

{

"ID": "CVE-2021-28342",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28342"

},

{

"ID": "CVE-2021-28343",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28343"

},

{

"ID": "CVE-2021-28344",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28344"

},

{

"ID": "CVE-2021-28345",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28345"

},

{

"ID": "CVE-2021-28346",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28346"

},

{

"ID": "CVE-2021-28347",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28347"

},

{

"ID": "CVE-2021-28348",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28348"

},

{

"ID": "CVE-2021-28349",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28349"

},

{

"ID": "CVE-2021-28350",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28350"

},

{

"ID": "CVE-2021-28351",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28351"

},

{

"ID": "CVE-2021-28352",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28352"

},

{

"ID": "CVE-2021-28353",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28353"

},

{

"ID": "CVE-2021-28354",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28354"

},

{

"ID": "CVE-2021-28355",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28355"

},

{

"ID": "CVE-2021-28356",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28356"

},

{

"ID": "CVE-2021-28357",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28357"

},

{

"ID": "CVE-2021-28358",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28358"

},

{

"ID": "CVE-2021-28434",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28434"

},

{

"ID": "CVE-2021-28435",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28435"

},

{

"ID": "CVE-2021-28436",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28436"

},

{

"ID": "CVE-2021-28437",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28437"

},

{

"ID": "CVE-2021-28438",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28438"

},

{

"ID": "CVE-2021-28439",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28439"

},

{

"ID": "CVE-2021-28440",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28440"

},

{

"ID": "CVE-2021-28441",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28441"

},

{

"ID": "CVE-2021-28442",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28442"

},

{

"ID": "CVE-2021-28443",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28443"

},

{

"ID": "CVE-2021-28444",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28444"

},

{

"ID": "CVE-2021-28445",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28445"

},

{

"ID": "CVE-2021-28446",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28446"

},

{

"ID": "CVE-2021-28447",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28447"

},

{

"ID": "CVE-2021-28464",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28464"

},

{

"ID": "CVE-2021-28466",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28466"

},

{

"ID": "CVE-2021-28468",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28468"

}

]

},

"DIAGNOSIS": "Microsoft releases the security update for Windows April 2021<P>\nThe KB Articles associated with the update:<br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001387\" TARGET=\"_blank\">KB5001387</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001382\" TARGET=\"_blank\">KB5001382</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001339\" TARGET=\"_blank\">KB5001339</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001337\" TARGET=\"_blank\">KB5001337</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001347\" TARGET=\"_blank\">KB5001347</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001383\" TARGET=\"_blank\">KB5001383</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001342\" TARGET=\"_blank\">KB5001342</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001392\" TARGET=\"_blank\">KB5001392</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001335\" TARGET=\"_blank\">KB5001335</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001330\" TARGET=\"_blank\">KB5001330</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001389\" TARGET=\"_blank\">KB5001389</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001332\" TARGET=\"_blank\">KB5001332</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001393\" TARGET=\"_blank\">KB5001393</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001340\" TARGET=\"_blank\">KB5001340</A><br/>\n<P>This QID checks for the file version of ntoskrnl.exe\n<P>The following versions of ntoskrnl.exe with their corresponding KBs are verified:<br/>\nKB5001387 - 6.2.9200.23327<br/>\nKB5001382 - 6.3.9600.19994<br/>\nKB5001339 - 10.0.17134.2145<br/>\nKB5001337 - 10.0.18362.1500<br/>\nKB5001347 - 10.0.14393.4350<br/>\nKB5001383 - 6.2.9200.23327<br/>\nKB5001342 - 10.0.17763.1879<br/>\nKB5001392 - 6.1.7601.24576<br/>\nKB5001335 - 6.1.7601.24576<br/>\nKB5001330 - 10.0.19041.928<br/>\nKB5001389 - 6.0.6003.21095<br/>\nKB5001332 - 6.0.6003.21095<br/>\nKB5001393 - 6.3.9600.19994<br/>\nKB5001340 - 10.0.10240.18906<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Windows"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:01Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",

"QID": "91758",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "windows",

"VENDOR": "microsoft"

}

},

"SOLUTION": "Please refer to the <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance\" TARGET=\"_blank\">Security Update Guide</A> for more information pertaining to these vulnerabilities.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance\" TARGET=\"_blank\">Microsoft Security Update Guide: Windows</A>",

"TITLE": "Microsoft Windows Security Update for April 2021",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": [

{

"ID": "KB5001387",

"URL": "https://support.microsoft.com/en-in/help/5001387"

},

{

"ID": "KB5001382",

"URL": "https://support.microsoft.com/en-in/help/5001382"

},

{

"ID": "KB5001339",

"URL": "https://support.microsoft.com/en-in/help/5001339"

},

{

"ID": "KB5001337",

"URL": "https://support.microsoft.com/en-in/help/5001337"

},

{

"ID": "KB5001347",

"URL": "https://support.microsoft.com/en-in/help/5001347"

},

{

"ID": "KB5001383",

"URL": "https://support.microsoft.com/en-in/help/5001383"

},

{

"ID": "KB5001342",

"URL": "https://support.microsoft.com/en-in/help/5001342"

},

{

"ID": "KB5001392",

"URL": "https://support.microsoft.com/en-in/help/5001392"

},

{

"ID": "KB5001335",

"URL": "https://support.microsoft.com/en-in/help/5001335"

},

{

"ID": "KB5001330",

"URL": "https://support.microsoft.com/en-in/help/5001330"

},

{

"ID": "KB5001389",

"URL": "https://support.microsoft.com/en-in/help/5001389"

},

{

"ID": "KB5001332",

"URL": "https://support.microsoft.com/en-in/help/5001332"

},

{

"ID": "KB5001393",

"URL": "https://support.microsoft.com/en-in/help/5001393"

},

{

"ID": "KB5001340",

"URL": "https://support.microsoft.com/en-in/help/5001340"

}

]

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Windows",

"CONSEQUENCE": "Successful exploitation may allow unauthorized disclosure of information, unauthorized modification or disruption of service.<P>",

"DIAGNOSIS": "Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.<P>\nMicrosoft has released Servicing Stack security updates for Windows.<br/>Related KBs:<br/>KB5001401,KB5001403,KB5001399,KB5001402,KB5001400,KB5001404,5001406\n<br/>\nQID Detection Logic (Authenticated): <br/>\nThis authenticated QID will check for file version of CbsCore.dll<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Windows"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-14T05:14:46Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",

"QID": "91759",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "servicing_stack",

"VENDOR": "microsoft"

}

},

"SOLUTION": "Customers are advised to refer to advisory <A HREF=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001\" TARGET=\"_blank\">ADV990001</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001\" TARGET=\"_blank\">ADV990001</A>",

"TITLE": "Microsoft Windows Servicing Stack Security Update April 2021",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ADV990001",

"URL": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Windows",

"CONSEQUENCE": "Successful exploitation allows attacker to get access to Azure DevOps Server pipeline configuration variables and secrets.<br/>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27067",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27067"

},

{

"ID": "CVE-2021-28459",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28459"

}

]

},

"DIAGNOSIS": "Azure DevOps Server and Team Foundation Server are prone to information disclosure vulnerability.<br/>\nAzure DevOps Server 2020.0.1<br/>\nAzure DevOps Server 2020<br/>\nAzure DevOps Server 2019.0.1<br/>\nAzure DevOps Server 2019 Update 1<br/>\nAzure DevOps Server 2019 Update 1.1<br/>\nTeam Foundation Server 2018 Update 3.2<br/>\nTeam Foundation Server 2018 Update 1.2<br/>\nTeam Foundation Server 2017 Update 3.1<br/>\nTeam Foundation Server 2015 Update 4.2<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Windows"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:00Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",

"QID": "91760",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "azure_devops_server",

"VENDOR": "microsoft"

}

},

"SOLUTION": "Customers are advised to refer to <A HREF=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27067\" TARGET=\"_blank\">CVE-2021-27067</A>, <A HREF=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28459\" TARGET=\"_blank\">CVE-2021-28459</A> for information pertaining to this vulnerability.<br/>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://aka.ms/azdev2020.0.1patch2\" TARGET=\"_blank\">Azure DevOps Server 2020</A><P> <A HREF=\"https://aka.ms/azdev2019.1.1patch8\" TARGET=\"_blank\">Azure DevOps Server 2019 Update 1.1</A><P> <A HREF=\"http://aka.ms/azdev2019.1patch\" TARGET=\"_blank\">Azure DevOps Server 2019 Update 1</A><P> <A HREF=\"https://aka.ms/tfs2015.4.2patch\" TARGET=\"_blank\">Team Foundation Server 2015 Update 4.2</A><P> <A HREF=\"https://aka.ms/tfs2018.3.2patch\" TARGET=\"_blank\">Team Foundation Server 2018 Update 3.2</A><P> <A HREF=\"https://aka.ms/tfs2018.1.2patch\" TARGET=\"_blank\">Team Foundation Server 2018 Update 1.2</A><P> <A HREF=\"https://aka.ms/tfs2017.3.1patch\" TARGET=\"_blank\">Team Foundation Server 2017 Update 3.1</A><P> <A HREF=\"https://aka.ms/azdev2019.1.1patch10\" TARGET=\"_blank\">Azure DevOps Server 2019.0.1</A><P> <A HREF=\"https://aka.ms/azdev2020.0.1patch2\" TARGET=\"_blank\">Azure DevOps Server 2020.0.1</A>",

"TITLE": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability - April 2021",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": [

{

"ID": "CVE-2021-28459",

"URL": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28459"

},

{

"ID": "CVE-2021-27067",

"URL": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27067"

}

]

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Windows",

"CONSEQUENCE": "An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-28466",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28466"

},

{

"ID": "CVE-2021-28464",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28464"

},

{

"ID": "CVE-2021-28468",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28468"

}

]

},

"DIAGNOSIS": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.<br/>\nMicrosoft has disclosed Information Disclosure and Remote Code Execution in Windows Codecs Library and VP9 Video Extensions.<P>\n\nAffected Product:<br/>\nVP9 Video Extensions prior to version 1.0.40631.0<br/>\nRaw Image Extension prior to version 1.0.40392.0<P>\n\n\nQID detection Logic:<br/>\nThe gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Windows"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:01Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",

"QID": "91761",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "codecs",

"VENDOR": "microsoft"

}

},

"SOLUTION": "Users are advised to check <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-26902\" TARGET=\"_blank\">CVE-2021-26902</A> for more information.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28317\" TARGET=\"_blank\">CVE-2021-28317: Windows</A><P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28466\" TARGET=\"_blank\">CVE-2021-28466: Windows</A><P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-27079\" TARGET=\"_blank\">CVE-2021-27079: Windows</A><P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28464\" TARGET=\"_blank\">CVE-2021-28464: Windows</A><P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28468\" TARGET=\"_blank\">CVE-2021-28468: Windows</A>",

"TITLE": "Microsoft Windows Codecs Library and VP9 Video Extensions Multiple Vulnerabilities",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": [

{

"ID": "CVE-2021-28466",

"URL": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28466"

},

{

"ID": "CVE-2021-28464",

"URL": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28464"

},

{

"ID": "CVE-2021-28468",

"URL": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28468"

}

]

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Office Application",

"CONSEQUENCE": "Successful exploitation allows an attacker to execute code remotely.<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-28450",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28450"

},

{

"ID": "CVE-2021-28453",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28453"

}

]

},

"DIAGNOSIS": "Microsoft has released April 2021 security updates to fix multiple security vulnerabilities.<P>\nThis security update contains the following KBs:<P>\nKB4504709<br/>\nKB4504716<br/>\nKB4493170<br/>\nKB4504719<br/>\nKB4504701<br/>\nKB4504715<br/>\nKB4493201<br/>\nKB4504723<P>\nQID Detection Logic:<br/>\nThis authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Windows"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:00Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-14T05:14:45Z",

"QID": "110377",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "sharepoint_server",

"VENDOR": "microsoft"

},

{

"PRODUCT": "sharepoint_foundation",

"VENDOR": "microsoft"

}

]

},

"SOLUTION": "Refer to <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Security Guidance</A> for more details pertaining to this vulnerability.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021</A>",

"TITLE": "Microsoft SharePoint Enterprise Server Multiple Vulnerabilities April 2021",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": [

{

"ID": "KB4504709",

"URL": "https://support.microsoft.com/kb/4504709"

},

{

"ID": "KB4504716",

"URL": "https://support.microsoft.com/kb/4504716"

},

{

"ID": "KB4493170",

"URL": "https://support.microsoft.com/kb/4493170"

},

{

"ID": "KB4504719",

"URL": "https://support.microsoft.com/kb/4504719"

},

{

"ID": "KB4504701",

"URL": "https://support.microsoft.com/kb/4504701"

},

{

"ID": "KB4504715",

"URL": "https://support.microsoft.com/kb/4504715"

},

{

"ID": "KB4493201",

"URL": "https://support.microsoft.com/kb/4493201"

},

{

"ID": "KB4504723",

"URL": "https://support.microsoft.com/kb/4504723"

}

]

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Office Application",

"CONSEQUENCE": "Successful exploitation will lead to Remote Code Execution.<P>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-28452",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28452"

}

},

"DIAGNOSIS": "Microsoft has released April 2021 security updates for outlook to fix a Remote Code Execution vulnerability.<P>\nThis security update contains the following KBs:<br/>\n\nKB4493185<br/>\nKB4504733<br/>\nKB4504712<br/>\n\nQID Detection Logic:<br/>\nThis authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications.<P>\n\nNote: Office click-2-run and Office 365 installations need to be either updated manually or need to be set to automatic update. There is no direct download for the patch.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Windows"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:00Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-14T05:14:45Z",

"QID": "110378",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "outlook",

"VENDOR": "microsoft"

}

},

"SOLUTION": "Refer to <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Security Guide</A> for more details pertaining to this vulnerability.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021</A>",

"TITLE": "Microsoft Outlook Remote Code Execution Vulnerability Security Update April 2021",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": [

{

"ID": "KB4493185",

"URL": "https://support.microsoft.com/kb/4493185"

},

{

"ID": "KB4504733",

"URL": "https://support.microsoft.com/kb/4504733"

},

{

"ID": "KB4504712",

"URL": "https://support.microsoft.com/kb/4504712"

}

]

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Office Application",

"CONSEQUENCE": "Successful exploitation allows an attacker to execute code remotely.<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-28454",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28454"

},

{

"ID": "CVE-2021-28453",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28453"

},

{

"ID": "CVE-2021-28452",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28452"

},

{

"ID": "CVE-2021-28451",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28451"

},

{

"ID": "CVE-2021-28449",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28449"

},

{

"ID": "CVE-2021-28456",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28456"

}

]

},

"DIAGNOSIS": "Microsoft has released April 2021 security updates to fix multiple security vulnerabilities.<P>\nThis security update contains the following KBs:<P>\n\nKB4504727<br/>\nKB4493218<br/>\nKB4504729<br/>\nKB4504735<br/>\nKB4504721<br/>\nKB4504714<br/>\nKB4504726<br/>\nKB3178643<br/>\nKB3178639<br/>\nKB2553491<br/>\nKB2589361<br/>\nKB4504738<br/>\nKB4504705<br/>\nKB4493215<br/>\nKB4493198<br/>\nKB4504739<br/>\nKB3017810<br/>\nKB4504724<br/>\nKB4493208<br/>\nKB4504722<P>\n\nQID Detection Logic:<br/>\nThis authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.<P>\n\nNote: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": [

"Windows",

"Unix"

]

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:01Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-14T05:14:45Z",

"QID": "110379",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "office",

"VENDOR": "microsoft"

}

},

"SOLUTION": "Refer to <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Security Guidance</A> for more details pertaining to this vulnerability.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021</A>",

"TITLE": "Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": [

{

"ID": "KB4504727",

"URL": "https://support.microsoft.com/kb/4504727"

},

{

"ID": "KB4493218",

"URL": "https://support.microsoft.com/kb/4493218"

},

{

"ID": "KB4504729",

"URL": "https://support.microsoft.com/kb/4504729"

},

{

"ID": "KB4504735",

"URL": "https://support.microsoft.com/kb/4504735"

},

{

"ID": "KB4504721",

"URL": "https://support.microsoft.com/kb/4504721"

},

{

"ID": "KB4504714",

"URL": "https://support.microsoft.com/kb/4504714"

},

{

"ID": "KB4504726",

"URL": "https://support.microsoft.com/kb/4504726"

},

{

"ID": "KB3178643",

"URL": "https://support.microsoft.com/kb/3178643"

},

{

"ID": "KB3178639",

"URL": "https://support.microsoft.com/kb/3178639"

},

{

"ID": "KB2553491",

"URL": "https://support.microsoft.com/kb/2553491"

},

{

"ID": "KB2589361",

"URL": "https://support.microsoft.com/kb/2589361"

},

{

"ID": "KB4504738",

"URL": "https://support.microsoft.com/kb/4504738"

},

{

"ID": "KB4504705",

"URL": "https://support.microsoft.com/kb/4504705"

},

{

"ID": "KB4493215",

"URL": "https://support.microsoft.com/kb/4493215"

},

{

"ID": "KB4493198",

"URL": "https://support.microsoft.com/kb/4493198"

},

{

"ID": "KB4504739",

"URL": "https://support.microsoft.com/kb/4504739"

},

{

"ID": "KB3017810",

"URL": "https://support.microsoft.com/kb/3017810"

},

{

"ID": "KB4504724",

"URL": "https://support.microsoft.com/kb/4504724"

},

{

"ID": "KB4493208",

"URL": "https://support.microsoft.com/kb/4493208"

},

{

"ID": "KB4504722",

"URL": "https://support.microsoft.com/kb/4504722"

}

]

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "Malicious users could use this vulnerability to change partial contents or configuration on the system.",

"CORRELATION": {

"EXPLOITS": {

"EXPLT_SRC": {

"EXPLT_LIST": {

"EXPLT": {

"DESC": "jQuery 1.0.3 - Cross-Site Scripting (XSS) - The Exploit-DB Ref : 49767",

"LINK": "http://www.exploit-db.com/exploits/49767",

"REF": "CVE-2020-11023"

}

},

"SRC_NAME": "The Exploit-DB"

}

}

},

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-11023",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023"

}

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for ipa to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available, Exploit Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",

"QID": "159121",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "peoplesoft_enterprise_human_capital_management_resources",

"VENDOR": "oracle"

},

{

"PRODUCT": "communications_session_route_manager",

"VENDOR": "oracle"

},

{

"PRODUCT": "jd_edwards_enterpriseone_orchestrator",

"VENDOR": "oracle"

},

{

"PRODUCT": "communications_element_manager",

"VENDOR": "oracle"

},

{

"PRODUCT": "weblogic_server",

"VENDOR": "oracle"

},

{

"PRODUCT": "application_testing_suite",

"VENDOR": "oracle"

},

{

"PRODUCT": "hyperion_financial_reporting",

"VENDOR": "oracle"

},

{

"PRODUCT": "application_express",

"VENDOR": "oracle"

},

{

"PRODUCT": "siebel_mobile",

"VENDOR": "oracle"

},

{

"PRODUCT": "rest_data_services",

"VENDOR": "oracle"

},

{

"PRODUCT": "storagetek_tape_analytics_sw_tool",

"VENDOR": "oracle"

},

{

"PRODUCT": "webcenter_sites",

"VENDOR": "oracle"

},

{

"PRODUCT": "communications_analytics",

"VENDOR": "oracle"

},

{

"PRODUCT": "communications_interactive_session_recorder",

"VENDOR": "oracle"

},

{

"PRODUCT": "healthcare_translational_research",

"VENDOR": "oracle"

},

{

"PRODUCT": "banking_enterprise_collections",

"VENDOR": "oracle"

},

{

"PRODUCT": "banking_platform",

"VENDOR": "oracle"

},

{

"PRODUCT": "communications_operations_monitor",

"VENDOR": "oracle"

},

{

"PRODUCT": "financial_services_regulatory_reporting_for_de_nederlandsche_bank",

"VENDOR": "oracle"

},

{

"PRODUCT": "communications_session_report_manager",

"VENDOR": "oracle"

},

{

"PRODUCT": "primavera_gateway",

"VENDOR": "oracle"

},

{

"PRODUCT": "jd_edwards_enterpriseone_tools",

"VENDOR": "oracle"

},

{

"PRODUCT": "None",

"VENDOR": "oracle"

}

]

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0860.html\" TARGET=\"_blank\">ELSA-2021-0860</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0860.html\" TARGET=\"_blank\">ELSA-2021-0860: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for ipa (ELSA-2021-0860)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-0860",

"URL": "https://linux.oracle.com/errata/ELSA-2021-0860.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20179",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20179"

}

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for pki-core:10.6 to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",

"QID": "159122",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0966.html\" TARGET=\"_blank\">ELSA-2021-0966</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0966.html\" TARGET=\"_blank\">ELSA-2021-0966: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for pki-core:10.6 (ELSA-2021-0966)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-0966",

"URL": "https://linux.oracle.com/errata/ELSA-2021-0966.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for firefox to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",

"QID": "159123",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0990.html\" TARGET=\"_blank\">ELSA-2021-0990</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0990.html\" TARGET=\"_blank\">ELSA-2021-0990: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for firefox (ELSA-2021-0990)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-0990",

"URL": "https://linux.oracle.com/errata/ELSA-2021-0990.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for firefox to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",

"QID": "159124",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0992.html\" TARGET=\"_blank\">ELSA-2021-0992</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0992.html\" TARGET=\"_blank\">ELSA-2021-0992: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for firefox (ELSA-2021-0992)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-0992",

"URL": "https://linux.oracle.com/errata/ELSA-2021-0992.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for thunderbird to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",

"QID": "159125",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0993.html\" TARGET=\"_blank\">ELSA-2021-0993</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0993.html\" TARGET=\"_blank\">ELSA-2021-0993: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-0993)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-0993",

"URL": "https://linux.oracle.com/errata/ELSA-2021-0993.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for thunderbird to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",

"QID": "159126",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0996.html\" TARGET=\"_blank\">ELSA-2021-0996</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0996.html\" TARGET=\"_blank\">ELSA-2021-0996: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-0996)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-0996",

"URL": "https://linux.oracle.com/errata/ELSA-2021-0996.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-21381",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21381"

}

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for flatpak to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",

"QID": "159127",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-1002.html\" TARGET=\"_blank\">ELSA-2021-1002</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-1002.html\" TARGET=\"_blank\">ELSA-2021-1002: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for flatpak (ELSA-2021-1002)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-1002",

"URL": "https://linux.oracle.com/errata/ELSA-2021-1002.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-3449",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449"

},

{

"ID": "CVE-2021-3450",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for openssl to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T20:06:58Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159128",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-1024.html\" TARGET=\"_blank\">ELSA-2021-1024</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-1024.html\" TARGET=\"_blank\">ELSA-2021-1024: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-1024)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-1024",

"URL": "https://linux.oracle.com/errata/ELSA-2021-1024.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3177",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177"

}

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for python2 to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159129",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9128.html\" TARGET=\"_blank\">ELSA-2021-9128</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9128.html\" TARGET=\"_blank\">ELSA-2021-9128: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for python2 (ELSA-2021-9128)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9128",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9128.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3177",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177"

}

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for python36 to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159130",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9129.html\" TARGET=\"_blank\">ELSA-2021-9129</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9129.html\" TARGET=\"_blank\">ELSA-2021-9129: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for python36 (ELSA-2021-9129)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9129",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9129.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3177",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177"

}

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for python38 to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159131",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9130.html\" TARGET=\"_blank\">ELSA-2021-9130</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9130.html\" TARGET=\"_blank\">ELSA-2021-9130: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for python38 (ELSA-2021-9130)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9130",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9130.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for Unbreakable Enterprise kernel to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159132",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9135.html\" TARGET=\"_blank\">ELSA-2021-9135</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9135.html\" TARGET=\"_blank\">ELSA-2021-9135: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9135)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9135",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9135.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for Unbreakable Enterprise kernel-container to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159133",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9136.html\" TARGET=\"_blank\">ELSA-2021-9136</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9136.html\" TARGET=\"_blank\">ELSA-2021-9136: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9136)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9136",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9136.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-1971",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971"

}

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for openssl to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 6<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T20:06:34Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159134",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "graalvm",

"VENDOR": "oracle"

},

{

"PRODUCT": "enterprise_manager_base_platform",

"VENDOR": "oracle"

},

{

"PRODUCT": "mysql",

"VENDOR": "oracle"

},

{

"PRODUCT": "None",

"VENDOR": "oracle"

}

]

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9137.html\" TARGET=\"_blank\">ELSA-2021-9137</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9137.html\" TARGET=\"_blank\">ELSA-2021-9137: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9137)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9137",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9137.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

},

{

"ID": "CVE-2020-25639",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25639"

},

{

"ID": "CVE-2020-27170",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27170"

},

{

"ID": "CVE-2020-27171",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27171"

},

{

"ID": "CVE-2020-28588",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28588"

},

{

"ID": "CVE-2021-3444",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3444"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for Unbreakable Enterprise kernel to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159135",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9140.html\" TARGET=\"_blank\">ELSA-2021-9140</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9140.html\" TARGET=\"_blank\">ELSA-2021-9140: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9140)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9140",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9140.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

},

{

"ID": "CVE-2020-25639",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25639"

},

{

"ID": "CVE-2020-27170",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27170"

},

{

"ID": "CVE-2020-27171",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27171"

},

{

"ID": "CVE-2020-28588",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28588"

},

{

"ID": "CVE-2021-3444",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3444"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for Unbreakable Enterprise kernel-container to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159136",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9141.html\" TARGET=\"_blank\">ELSA-2021-9141</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9141.html\" TARGET=\"_blank\">ELSA-2021-9141: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9141)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9141",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9141.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-1971",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971"

}

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for openssl to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 6<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T20:05:21Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159137",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "graalvm",

"VENDOR": "oracle"

},

{

"PRODUCT": "enterprise_manager_base_platform",

"VENDOR": "oracle"

},

{

"PRODUCT": "mysql",

"VENDOR": "oracle"

},

{

"PRODUCT": "None",

"VENDOR": "oracle"

}

]

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9150.html\" TARGET=\"_blank\">ELSA-2021-9150</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9150.html\" TARGET=\"_blank\">ELSA-2021-9150: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9150)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9150",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9150.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "OEL",

"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-3449",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449"

},

{

"ID": "CVE-2021-3450",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450"

}

]

},

"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for openssl to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T20:04:57Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "159138",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "oracle"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9151.html\" TARGET=\"_blank\">ELSA-2021-9151</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-9151.html\" TARGET=\"_blank\">ELSA-2021-9151: Oracle Linux</A>",

"TITLE": "Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9151)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "ELSA-2021-9151",

"URL": "https://linux.oracle.com/errata/ELSA-2021-9151.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-12673",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12673"

},

{

"ID": "CVE-2020-25275",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25275"

},

{

"ID": "CVE-2020-12100",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12100"

},

{

"ID": "CVE-2020-24386",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24386"

},

{

"ID": "CVE-2020-12674",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12674"

}

]

},

"DIAGNOSIS": "<br/><br/> This update for dovecot23 fixes the following issues:<br/><br/> Security issues fixed:<br/><br/> - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME<br/> parts (bsc#1174920).<br/> - CVE-2020-12673: Fixed an improper implementation of NTLM that did not<br/> check the message buffer size (bsc#1174922).<br/> - CVE-2020-12674: Fixed an improper implementation of the RPA mechanism<br/> (bsc#1174923).<br/> - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users<br/> to access other users' emails (bsc#1180405).<br/> - CVE-2020-25275: Fixed a crash when the 10000th MIME part was<br/> message/rfc822 (bsc#1180406).<br/><br/> Non-security issues fixed:<br/><br/> - Pigeonhole was updated to version 0.5.11.<br/> - Dovecot was updated to version 2.3.11.3.<br/><br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:37Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:37Z",

"QID": "174719",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "dovecot23",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-January/008152.html to address this issue and obtain further details.",

"TITLE": "SUSE Enterprise Linux Security update for dovecot23 (SUSE-SU-2021:0028-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0028-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008152.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-25275",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25275"

},

{

"ID": "CVE-2020-24386",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24386"

},

{

"ID": "CVE-2020-12100",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12100"

}

]

},

"DIAGNOSIS": "<br/><br/> This update for dovecot23 fixes the following issues:<br/><br/> Security issues fixed:<br/><br/> - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME<br/> parts (bsc#1174920).<br/> - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users<br/> to access other users' emails (bsc#1180405).<br/> - CVE-2020-25275: Fixed a crash when the 10000th MIME part was<br/> message/rfc822 (bsc#1180406).<br/><br/> Non-security issues fixed:<br/><br/> - Pigeonhole was updated to version 0.5.11.<br/> - Dovecot was updated to version 2.3.11.3.<br/><br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:37Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:37Z",

"QID": "174720",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "dovecot23",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-January/008154.html to address this issue and obtain further details.",

"TITLE": "SUSE Enterprise Linux Security update for dovecot23 (SUSE-SU-2021:0027-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0027-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008154.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2019-16785",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16785"

},

{

"ID": "CVE-2019-16786",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16786"

},

{

"ID": "CVE-2019-16792",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16792"

},

{

"ID": "CVE-2019-16789",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16789"

}

]

},

"DIAGNOSIS": "<br/><br/> This update for python-waitress to 1.4.3 fixes the following security<br/> issues:<br/><br/> - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling<br/> (bsc#1161088).<br/> - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding<br/> (bsc#1161089).<br/> - CVE-2019-16789: HTTP request smuggling through invalid whitespace<br/> characters (bsc#1160790).<br/> - CVE-2019-16792: HTTP request smuggling by sending the Content-Length<br/> header twice (bsc#1161670).<br/><br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:37Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:37Z",

"QID": "174724",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "python-waitress",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2020-November/007743.html to address this issue and obtain further details.",

"TITLE": "SUSE Enterprise Linux Security update for python-waitress (SUSE-SU-2020:3269-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2020:3269-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007743.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-12771",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12771"

},

{

"ID": "CVE-2020-10767",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10767"

},

{

"ID": "CVE-2019-16746",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746"

},

{

"ID": "CVE-2020-13974",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13974"

},

{

"ID": "CVE-2020-0305",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0305"

},

{

"ID": "CVE-2020-14416",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14416"

},

{

"ID": "CVE-2020-15393",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15393"

},

{

"ID": "CVE-2020-10766",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10766"

},

{

"ID": "CVE-2020-10768",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10768"

},

{

"ID": "CVE-2020-15780",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15780"

},

{

"ID": "CVE-2019-20908",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20908"

},

{

"ID": "CVE-2020-10773",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10773"

},

{

"ID": "CVE-2020-12888",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12888"

},

{

"ID": "CVE-2020-10769",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10769"

}

]

},

"DIAGNOSIS": "<br/><br/>The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various<br/> security and bugfixes.<br/><br/> The following security bugs were fixed:<br/><br/> - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible<br/> use-after-free due to a race condition. This could lead to local<br/> escalation of privilege with System execution privileges needed. User<br/> interaction is not needed for exploitation (bnc#1174462).<br/> - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c<br/> where incorrect access permissions for the efivar_ssdt ACPI variable<br/> could be used by attackers to bypass lockdown or secure boot<br/> restrictions, aka CID-1957a85b0032 (bnc#1173567).<br/> - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c<br/> where injection of malicious ACPI tables via configfs could be used by<br/> attackers to bypass lockdown and secure boot restrictions, aka<br/> CID-75b0cea7bf30 (bnc#1173573).<br/> - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a<br/> memory leak, aka CID-28ebeb8db770 (bnc#1173514).<br/> - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a<br/> deadlock if a coalescing operation fails (bnc#1171732).<br/> - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which<br/> did not check the length of variable elements in a beacon head, leading<br/> to a buffer overflow (bnc#1152107 1173659).<br/> - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access<br/> disabled memory space (bnc#1171868).<br/> - CVE-2020-10769: A buffer over-read flaw was found in<br/> crypto_authenc_extractkeys in crypto/authenc.c in the IPsec<br/> Cryptographic algorithm's module, authenc. When a payload longer than 4<br/> bytes, and is not following 4-byte alignment boundary guidelines, it<br/> causes a buffer over-read threat, leading to a system crash. This flaw<br/> allowed a local attacker with user privileges to cause a denial of<br/> service (bnc#1173265).<br/> - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed<br/> (bnc#1172999).<br/> - CVE-2020-14416: A race condition in tty-&gt;disc_data handling in the slip<br/> and slcan line discipline could lead to a use-after-free, aka<br/> CID-0ace17d56824. This affects drivers/net/slip/slip.c and<br/> drivers/net/can/slcan.c (bnc#1162002).<br/> - CVE-2020-10768: Indirect branch speculation could have been enabled<br/> after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.<br/> (bnc#1172783).<br/> - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux<br/> scheduler logical bug allows an attacker to turn off the SSBD<br/> protection. (bnc#1172781).<br/> - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled<br/> when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782).<br/> - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if<br/> k_ascii is called several times in a row, aka CID-b86dab054059<br/> (bnc#1172775).<br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-26T10:18:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174729",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "kernel",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2020-August/007214.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2020-August/007214.html\" TARGET=\"_blank\">SUSE-SU-2020:2106-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2020:2106-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2020:2106-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2020-August/007214.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-8019",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8019"

}

},

"DIAGNOSIS": "<br/><br/> This update for syslog-ng fixes the following issues:<br/><br/> - CVE-2020-8019: Fixed a local privilege escalation during package update<br/> (bsc#1169385).<br/><br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174734",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "syslog-ng",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2020-May/006804.html to address this issue and obtain further details.",

"TITLE": "SUSE Enterprise Linux Security update for syslog-ng (SUSE-SU-2020:1221-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2020:1221-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2020-May/006804.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-27803",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803"

}

},

"DIAGNOSIS": "<br/><br/> This update for wpa_supplicant fixes the following issues:<br/><br/> - CVE-2021-27803: Fixed a P2P provision discovery processing vulnerability<br/> (bsc#1182805).<br/><br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174736",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "wpa_supplicant",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008439.html to address this issue and obtain further details.",

"TITLE": "SUSE Enterprise Linux Security update for wpa_supplicant (SUSE-SU-2021:0721-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0721-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008439.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23960",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23960"

},

{

"ID": "CVE-2021-23964",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23964"

},

{

"ID": "CVE-2021-23954",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23954"

},

{

"ID": "CVE-2021-23953",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23953"

},

{

"ID": "CVE-2020-26976",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26976"

}

]

},

"DIAGNOSIS": "<br/><br/> This update for MozillaFirefox fixes the following issues:<br/><br/> - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414)<br/> * CVE-2021-23953: Fixed a Cross-origin information leakage via<br/> redirected PDF requests<br/> * CVE-2021-23954: Fixed a type confusion when using logical assignment<br/> operators in JavaScript switch statements<br/> * CVE-2020-26976: Fixed an issue where HTTPS pages could have been<br/> intercepted by a registered service worker when they should not have<br/> been<br/> * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared<br/> JavaScript variables during GC<br/> * CVE-2021-23964: Fixed Memory safety bugs<br/><br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174740",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "firefox",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-January/008257.html to address this issue and obtain further details.",

"TITLE": "SUSE Enterprise Linux Security update for MozillaFirefox (SUSE-SU-2021:0246-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0246-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008257.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-35518",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518"

}

},

"DIAGNOSIS": "This update for 389-ds fixes the following issues:<br/><br/> - 389-ds was updated to version 1.4.3.19<br/> - CVE-2020-35518: Fixed an information disclosure during the binding of<br/> a DN (bsc#1181159).",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174763",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "389-ds",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008440.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008440.html\" TARGET=\"_blank\">SUSE-SU-2021:0724-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for 389-ds (SUSE-SU-2021:0724-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0724-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008440.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2020-12362",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12362"

},

{

"ID": "CVE-2020-12373",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12373"

},

{

"ID": "CVE-2020-12363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12363"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

},

{

"ID": "CVE-2020-29368",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368"

},

{

"ID": "CVE-2020-12364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12364"

},

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2020-29374",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374"

}

]

},

"DIAGNOSIS": "The SUSE Linux Enterprise 15 SP2 kernel Azure was updated to receive<br/> various security and bugfixes.<br/><br/> The following security bugs were fixed:<br/><br/> - CVE-2021-26930: Fixed an improper error handling in blkback's grant<br/> mapping (XSA-365 bsc#1181843).<br/> - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant<br/> mapping errors as bugs (XSA-362 bsc#1181753).<br/> - CVE-2021-26932: Fixed improper error handling issues in Linux grant<br/> mapping (XSA-361 bsc#1181747). by remote attackers to read or write<br/> files via directory traversal in an XCOPY request (bsc#178372).<br/> - CVE-2020-12362: Fixed an integer overflow in the firmware which may have<br/> allowed a privileged user to potentially enable an escalation of<br/> privilege via local access (bsc#1181720).<br/> - CVE-2020-12363: Fixed an improper input validation which may have<br/> allowed a privileged user to potentially enable a denial of service via<br/> local access (bsc#1181735).<br/> - CVE-2020-12364: Fixed a null pointer reference which may have allowed a<br/> privileged user to potentially enable a denial of service via local<br/> access (bsc#1181736 ).<br/> - CVE-2020-12373: Fixed an expired pointer dereference which may have<br/> allowed a privileged user to potentially enable a denial of service via<br/> local access (bsc#1181738).<br/> - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write<br/> implementation which could have granted unintended write access because<br/> of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).<br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174764",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "kernel",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008445.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008445.html\" TARGET=\"_blank\">SUSE-SU-2021:0738-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0738-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0738-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008445.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2020-12362",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12362"

},

{

"ID": "CVE-2020-12373",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12373"

},

{

"ID": "CVE-2020-12363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12363"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

},

{

"ID": "CVE-2020-29368",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368"

},

{

"ID": "CVE-2020-12364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12364"

},

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2020-29374",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374"

}

]

},

"DIAGNOSIS": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various<br/> security and bugfixes.<br/><br/> The following security bugs were fixed:<br/><br/> - CVE-2021-26930: Fixed an improper error handling in blkback's grant<br/> mapping (XSA-365 bsc#1181843).<br/> - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant<br/> mapping errors as bugs (XSA-362 bsc#1181753).<br/> - CVE-2021-26932: Fixed improper error handling issues in Linux grant<br/> mapping (XSA-361 bsc#1181747). by remote attackers to read or write<br/> files via directory traversal in an XCOPY request (bsc#178372).<br/> - CVE-2020-12362: Fixed an integer overflow in the firmware which may have<br/> allowed a privileged user to potentially enable an escalation of<br/> privilege via local access (bsc#1181720).<br/> - CVE-2020-12363: Fixed an improper input validation which may have<br/> allowed a privileged user to potentially enable a denial of service via<br/> local access (bsc#1181735).<br/> - CVE-2020-12364: Fixed a null pointer reference which may have allowed a<br/> privileged user to potentially enable a denial of service via local<br/> access (bsc#1181736 ).<br/> - CVE-2020-12373: Fixed an expired pointer dereference which may have<br/> allowed a privileged user to potentially enable a denial of service via<br/> local access (bsc#1181738).<br/> - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write<br/> implementation which could have granted unintended write access because<br/> of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).<br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174768",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "kernel",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008450.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008450.html\" TARGET=\"_blank\">SUSE-SU-2021:0735-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0735-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0735-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008450.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2020-12362",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12362"

},

{

"ID": "CVE-2020-12373",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12373"

},

{

"ID": "CVE-2020-12363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12363"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

},

{

"ID": "CVE-2020-29368",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368"

},

{

"ID": "CVE-2020-12364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12364"

},

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2020-29374",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374"

}

]

},

"DIAGNOSIS": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various<br/> security and bugfixes.<br/><br/> The following security bugs were fixed:<br/><br/> - CVE-2021-26930: Fixed an improper error handling in blkback's grant<br/> mapping (XSA-365 bsc#1181843).<br/> - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant<br/> mapping errors as bugs (XSA-362 bsc#1181753).<br/> - CVE-2021-26932: Fixed improper error handling issues in Linux grant<br/> mapping (XSA-361 bsc#1181747). by remote attackers to read or write<br/> files via directory traversal in an XCOPY request (bsc#178372).<br/> - CVE-2020-12362: Fixed an integer overflow in the firmware which may have<br/> allowed a privileged user to potentially enable an escalation of<br/> privilege via local access (bsc#1181720).<br/> - CVE-2020-12363: Fixed an improper input validation which may have<br/> allowed a privileged user to potentially enable a denial of service via<br/> local access (bsc#1181735).<br/> - CVE-2020-12364: Fixed a null pointer reference which may have allowed a<br/> privileged user to potentially enable a denial of service via local<br/> access (bsc#1181736 ).<br/> - CVE-2020-12373: Fixed an expired pointer dereference which may have<br/> allowed a privileged user to potentially enable a denial of service via<br/> local access (bsc#1181738).<br/> - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write<br/> implementation which could have granted unintended write access because<br/> of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).<br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174770",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "kernel",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008452.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008452.html\" TARGET=\"_blank\">SUSE-SU-2021:0741-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0741-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0741-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008452.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

},

{

"ID": "CVE-2020-29368",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368"

},

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2020-29374",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374"

}

]

},

"DIAGNOSIS": "The SUSE Linux Enterprise 15 SP1 kernel was updated receive various<br/> security and bugfixes.<br/><br/> The following security bugs were fixed:<br/><br/> - CVE-2021-26930: Fixed an improper error handling in blkback's grant<br/> mapping (XSA-365 bsc#1181843).<br/> - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant<br/> mapping errors as bugs (XSA-362 bsc#1181753).<br/> - CVE-2021-26932: Fixed improper error handling issues in Linux grant<br/> mapping (XSA-361 bsc#1181747). by remote attackers to read or write<br/> files via directory traversal in an XCOPY request (bsc#178372).<br/> - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write<br/> implementation which could have granted unintended write access because<br/> of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).<br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174772",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "kernel",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008455.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008455.html\" TARGET=\"_blank\">SUSE-SU-2021:0737-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0737-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0737-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008455.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

},

{

"ID": "CVE-2020-29368",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368"

},

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2020-29374",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374"

}

]

},

"DIAGNOSIS": "The SUSE Linux Enterprise 15 kernel was updated to receive various<br/> security and bugfixes.<br/><br/> The following security bugs were fixed:<br/><br/> - CVE-2021-26930: Fixed an improper error handling in blkback's grant<br/> mapping (XSA-365 bsc#1181843).<br/> - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant<br/> mapping errors as bugs (XSA-362 bsc#1181753).<br/> - CVE-2021-26932: Fixed improper error handling issues in Linux grant<br/> mapping (XSA-361 bsc#1181747). by remote attackers to read or write<br/> files via directory traversal in an XCOPY request (bsc#178372).<br/> - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write<br/> implementation which could have granted unintended write access because<br/> of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).<br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174774",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "kernel",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008458.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008458.html\" TARGET=\"_blank\">SUSE-SU-2021:0740-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0740-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0740-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008458.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-21300",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21300"

}

},

"DIAGNOSIS": "This update for git fixes the following issues:<br/><br/> - On case-insensitive filesystems, with support for symbolic links, if Git<br/> is configured globally to apply delay-capable clean/smudge filters (such<br/> as Git LFS), Git could be fooled into running remote code during a<br/> clone. (bsc#1183026, CVE-2021-21300)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174776",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "git",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008461.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008461.html\" TARGET=\"_blank\">SUSE-SU-2021:0757-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for git (SUSE-SU-2021:0757-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0757-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008461.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-36222",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36222"

},

{

"ID": "CVE-2020-36224",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36224"

},

{

"ID": "CVE-2020-36228",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36228"

},

{

"ID": "CVE-2020-36225",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36225"

},

{

"ID": "CVE-2020-36223",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36223"

},

{

"ID": "CVE-2020-36229",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36229"

},

{

"ID": "CVE-2020-36227",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36227"

},

{

"ID": "CVE-2021-27212",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27212"

},

{

"ID": "CVE-2020-36230",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36230"

},

{

"ID": "CVE-2020-36226",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36226"

},

{

"ID": "CVE-2020-36221",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36221"

}

]

},

"DIAGNOSIS": "This update for openldap2 fixes the following issues:<br/><br/> - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509<br/> DN parsing in decode.c ber_next_element, resulting in denial<br/> of service.<br/> - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN<br/> parsing in ad_keystring, resulting in denial of service.<br/> - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the<br/> Certificate List Exact Assertion processing, resulting in denial of<br/> service.<br/> - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the<br/> cancel_extop Cancel operation, resulting in denial of service.<br/> - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the<br/> saslAuthzTo processing, resulting in denial of service.<br/> - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the<br/> saslAuthzTo processing, resulting in denial of service.<br/> - bsc#1182415 CVE-2020-36226 - memch-&gt;bv_len miscalculation and slapd<br/> crash in the saslAuthzTo processing, resulting in denial of service.<br/> - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the<br/> saslAuthzTo validation, resulting in denial of service.<br/> - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact<br/> Assertion processing, resulting in denial of service (schema_init.c<br/> serialNumberAndIssuerCheck).<br/> - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter<br/> control handling, resulting in denial of service (double free and<br/> out-of-bounds read).<br/> - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in<br/> the issuerAndThisUpdateCheck function via a crafted packet, resulting in<br/> a denial of service (daemon exit) via a short timestamp. This is related<br/> to schema_init.c and checkTime.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174780",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "openldap2",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008431.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008431.html\" TARGET=\"_blank\">SUSE-SU-2021:0692-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for openldap2 (SUSE-SU-2021:0692-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0692-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008431.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-36222",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36222"

},

{

"ID": "CVE-2020-36224",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36224"

},

{

"ID": "CVE-2020-36228",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36228"

},

{

"ID": "CVE-2020-36225",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36225"

},

{

"ID": "CVE-2020-36223",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36223"

},

{

"ID": "CVE-2020-36229",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36229"

},

{

"ID": "CVE-2020-36227",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36227"

},

{

"ID": "CVE-2021-27212",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27212"

},

{

"ID": "CVE-2020-36230",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36230"

},

{

"ID": "CVE-2020-36226",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36226"

},

{

"ID": "CVE-2020-36221",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36221"

}

]

},

"DIAGNOSIS": "This update for openldap2 fixes the following issues:<br/><br/> - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509<br/> DN parsing in decode.c ber_next_element, resulting in denial<br/> of service.<br/> - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN<br/> parsing in ad_keystring, resulting in denial of service.<br/> - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the<br/> Certificate List Exact Assertion processing, resulting in denial of<br/> service.<br/> - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the<br/> cancel_extop Cancel operation, resulting in denial of service.<br/> - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the<br/> saslAuthzTo processing, resulting in denial of service.<br/> - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the<br/> saslAuthzTo processing, resulting in denial of service.<br/> - bsc#1182415 CVE-2020-36226 - memch-&gt;bv_len miscalculation and slapd<br/> crash in the saslAuthzTo processing, resulting in denial of service.<br/> - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the<br/> saslAuthzTo validation, resulting in denial of service.<br/> - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact<br/> Assertion processing, resulting in denial of service (schema_init.c<br/> serialNumberAndIssuerCheck).<br/> - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter<br/> control handling, resulting in denial of service (double free and<br/> out-of-bounds read).<br/> - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in<br/> the issuerAndThisUpdateCheck function via a crafted packet, resulting in<br/> a denial of service (daemon exit) via a short timestamp. This is related<br/> to schema_init.c and checkTime.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174783",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "openldap2",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008438.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008438.html\" TARGET=\"_blank\">SUSE-SU-2021:0723-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for openldap2 (SUSE-SU-2021:0723-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0723-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008438.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23840",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840"

},

{

"ID": "CVE-2021-23841",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841"

}

]

},

"DIAGNOSIS": "This update for openssl-1_1 fixes the following issues:<br/><br/> - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)<br/> - CVE-2021-23841: Fixed a Null pointer dereference in<br/> X509_issuer_and_serial_hash() (bsc#1182331)<br/> - Fixed unresolved error codes in FIPS (bsc#1182959).",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T20:16:03Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174786",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "openssl-1_1",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008453.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008453.html\" TARGET=\"_blank\">SUSE-SU-2021:0754-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for Open Secure Sockets Layer (OpenSSL-1_1) (SUSE-SU-2021:0754-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0754-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008453.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23840",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840"

},

{

"ID": "CVE-2021-23841",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841"

}

]

},

"DIAGNOSIS": "This update for openssl-1_0_0 fixes the following issues:<br/><br/> - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)<br/> - CVE-2021-23841: Fixed a Null pointer dereference in<br/> X509_issuer_and_serial_hash() (bsc#1182331)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T20:35:20Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174789",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "openssl-1_0_0",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008473.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008473.html\" TARGET=\"_blank\">SUSE-SU-2021:0769-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for Open Secure Sockets Layer (OpenSSL-1_0_0) (SUSE-SU-2021:0769-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0769-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008473.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20230",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20230"

}

},

"DIAGNOSIS": "This update for stunnel fixes the following issues:<br/><br/> - Security fix: [bsc#1177580, bsc#1182529, CVE-2021-20230]<br/> * &quot;redirect&quot; option does not properly handle &quot;verifyChain = yes&quot;",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174790",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "stunnel",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008483.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008483.html\" TARGET=\"_blank\">SUSE-SU-2021:0772-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for stunnel (SUSE-SU-2021:0772-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0772-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008483.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27219",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27219"

},

{

"ID": "CVE-2021-27218",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27218"

}

]

},

"DIAGNOSIS": "This update for glib2 fixes the following issues:<br/><br/> - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores<br/> in a guint, this patch will refuse if the length is larger than guint.<br/> (bsc#1182328)<br/> - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads<br/> into an integer overflow, so add a g_memdup2 function which uses gsize<br/> to replace it. (bsc#1182362)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174791",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "glib2",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008486.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008486.html\" TARGET=\"_blank\">SUSE-SU-2021:0778-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for glib2 (SUSE-SU-2021:0778-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0778-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008486.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23840",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840"

},

{

"ID": "CVE-2021-23841",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841"

}

]

},

"DIAGNOSIS": "This update for compat-openssl098 fixes the following issues:<br/><br/> - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)<br/> - CVE-2021-23841: Fixed a Null pointer dereference in<br/> X509_issuer_and_serial_hash() (bsc#1182331)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T21:10:37Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174794",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "compat-openssl098",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008492.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008492.html\" TARGET=\"_blank\">SUSE-SU-2021:0793-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for Compat-Open Secure Sockets Layer (compat-OpenSSL098) (SUSE-SU-2021:0793-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0793-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008492.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-27746",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27746"

},

{

"ID": "CVE-2016-10030",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10030"

},

{

"ID": "CVE-2019-12838",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12838"

},

{

"ID": "CVE-2019-6438",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6438"

},

{

"ID": "CVE-2018-7033",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7033"

},

{

"ID": "CVE-2018-10995",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10995"

},

{

"ID": "CVE-2020-27745",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27745"

},

{

"ID": "CVE-2019-19727",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19727"

},

{

"ID": "CVE-2020-12693",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12693"

},

{

"ID": "CVE-2017-15566",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15566"

},

{

"ID": "CVE-2019-19728",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19728"

}

]

},

"DIAGNOSIS": "This update for pdsh fixes the following issues:<br/><br/> - Preparing pdsh for Slurm 20.11 (jsc#ECO-2412)<br/> - Simplify convoluted condition.<br/><br/> This update for slurm fixes the following issues:<br/><br/> - Fix potential buffer overflows from use of unpackmem(). CVE-2020-27745<br/> (bsc#1178890)<br/> - Fix potential leak of the magic cookie when sent as an argument to the<br/> xauth command. CVE-2020-27746 (bsc#1178891)<br/> - Add support for openPMIx also for Leap/SLE 15.0/1 (bsc#1173805).<br/> - Updated to 20.02.3 which fixes CVE-2020-12693 (bsc#1172004).<br/> - slurm-plugins will now also require pmix not only libpmix (bsc#1164326)<br/> - Removed autopatch as it doesn't work for the SLE-11-SP4 build.<br/> - Disable %arm builds as this is no longer supported.<br/> - pmix searches now also for libpmix.so.2 so that there is no dependency<br/> for devel package (bsc#1164386)<br/> - Update to version 20.02.0 (jsc#SLE-8491)<br/> * Fix minor memory leak in slurmd on reconfig.<br/> * Fix invalid ptr reference when rolling up data in the database.<br/> * Change shtml2html.py to require python3 for RHEL8 support, and match<br/> man2html.py.<br/> * slurm.spec - override &quot;hardening&quot; linker flags to ensure RHEL8 builds<br/> in a usable manner.<br/> * Fix type mismatches in the perl API.<br/> * Prevent use of uninitialized slurmctld_diag_stats.<br/> * Fixed various Coverity issues.<br/> * Only show warning about root-less topology in daemons.<br/> * Fix accounting of jobs in IGNORE_JOBS reservations.<br/> * Fix issue with batch steps state not loading correctly when upgrading<br/> from 19.05.<br/> * Deprecate max_depend_depth in SchedulerParameters and move it to<br/> DependencyParameters.<br/> * Silence erroneous error on slurmctld upgrade when loading federation<br/> state.<br/> * Break infinite loop in cons_tres dealing with incorrect tasks per tres<br/> request resulting in slurmctld hang.<br/> * Improve handling of --gpus-per-task to make sure appropriate number of<br/> GPUs is assigned to job.<br/> * Fix seg fault on cons_res when requesting --spread-job.<br/><br/> - Move to python3 for everything but SLE-11-SP4<br/> * For SLE-11-SP4 add a workaround to handle a python3 script (python2.7<br/> compliant).<br/><br/> * sbatch - fix segfault when no newline at the end of a burst buffer<br/> file.<br/> * Change scancel to only check job's base state when matching -t options.<br/> * Save job dependency list in state files.<br/> * cons_tres - allow jobs to be run on systems with root-less topologies.<br/> * Restore pre-20.02pre1 PrologSlurmctld synchonization behavior to avoid<br/> various race conditions, and ensure proper batch job launch.<br/> * Add new slurmrestd command/daemon which implements the Slurm REST API.<br/><br/> - standard slurm.conf uses now also SlurmctldHost on all build targets<br/> (bsc#1162377)<br/><br/> - start slurmdbd after mariadb (bsc#1161716)<br/><br/> - Update to version 19.05.5 (jsc#SLE-8491)<br/> * Includes security fixes CVE-2019-19727, CVE-2019-19728, CVE-2019-12838.<br/> * Disable i586 builds as this is no longer supported.<br/> * Create libnss_slurm package to support user and group resolution thru<br/> slurmstepd.<br/><br/> - Update to v18.08.9 for fixing CVE-2019-19728 (bsc#1159692).<br/> * Make Slurm compile on linux after sys/sysctl.h was deprecated.<br/> * Install slurmdbd.conf.example with 0600 permissions to encourage<br/> secure use. CVE-2019-19727.<br/> * srun - do not continue with job launch if --uid fails. CVE-2019-19728.<br/><br/> - added pmix support jsc#SLE-10800<br/><br/> - Use --with-shared-libslurm to build slurm binaries using libslurm.<br/> - Make libslurm depend on slurm-config.<br/><br/> - Fix ownership of /var/spool/slurm on new installations and upgrade<br/> (bsc#1158696).<br/><br/> - Fi[...]",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174796",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "slurm_20_11 and pdsh",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008484.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008484.html\" TARGET=\"_blank\">SUSE-SU-2021:0773-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for slurm_20_11 and pdsh (SUSE-SU-2021:0773-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0773-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008484.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-25316",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25316"

}

},

"DIAGNOSIS": "This update for s390-tools fixes the following issues:<br/><br/> - Fixed an issue where IPL was not working when bootloader was installed<br/> on a SCSI disk with 4k physical blocksize without using a devicemapper<br/> target (bsc#1183041).<br/> - CVE-2021-25316: Do not use predictable temporary file names<br/> (bsc#1182777).<br/> - Made the name of the temporary configuration file in /tmp/ unpredictable<br/> (bsc#1182876).<br/> - Changing the scheduler from &quot;deadline&quot; to the newly created<br/> &quot;mq-deadline&quot; scheduler (bsc#1176574)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-09T05:09:14Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174798",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "s390-tools",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008490.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008490.html\" TARGET=\"_blank\">SUSE-SU-2021:0777-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for s390-tools (SUSE-SU-2021:0777-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0777-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008490.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-13936",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13936"

}

},

"DIAGNOSIS": "This update for velocity fixes the following issues:<br/><br/> - CVE-2020-13936: Fixed an arbitrary code execution when attacker is able<br/> to modify templates (bsc#1183360).",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174799",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "velocity",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008494.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008494.html\" TARGET=\"_blank\">SUSE-SU-2021:0800-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for velocity (SUSE-SU-2021:0800-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0800-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008494.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-23336",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336"

}

},

"DIAGNOSIS": "This update for python fixes the following issues:<br/><br/> - python27 was upgraded to 2.7.18<br/> - CVE-2021-23336: Fixed a potential web cache poisoning by using a<br/> semicolon in query parameters use of semicolon as a query string<br/> separator (bsc#1182379).",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174803",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "python",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security\n Update use YaST online_update. Alternatively you can run the command listed for your product.\n \n To install packages using the command line interface, use command &quot;yum update&quot;.\n \n Refer to Suse security advisory: https://lists.suse.com/pipermail/sle-security-updates/2021-March/008475.html to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008475.html\" TARGET=\"_blank\">SUSE-SU-2021:0768-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security update for python (SUSE-SU-2021:0768-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0768-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008475.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-26572",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26572"

},

{

"ID": "CVE-2019-15946",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15946"

},

{

"ID": "CVE-2020-26570",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26570"

},

{

"ID": "CVE-2020-26571",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26571"

},

{

"ID": "CVE-2019-19479",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19479"

},

{

"ID": "CVE-2019-15945",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15945"

}

]

},

"DIAGNOSIS": "This update for opensc fixes the following issues:<br/><br/> - CVE-2020-26571: gemsafe GPK smart card software driver stack-based<br/> buffer overflow (bsc#1177380)<br/> - CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string in<br/> asn1_decode_entry (bsc#1149747)<br/> - CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring in<br/> decode_bit_string (bsc#1149746)<br/> - CVE-2019-19479: incorrect read operation during parsing of a SETCOS file<br/> attribute (bsc#1158256)<br/> - CVE-2020-26572: Prevent out of bounds write (bsc#1177378)<br/> - CVE-2020-26570: Fix buffer overflow in sc_oberthur_read_file<br/> (bsc#1177364)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-07T12:31:55Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-07T12:31:55Z",

"QID": "174870",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "opensc",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008574.html\" TARGET=\"_blank\">SUSE-SU-2021:0998-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008574.html\" TARGET=\"_blank\">SUSE-SU-2021:0998-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for opensc (SUSE-SU-2021:0998-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0998-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008574.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-12658",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12658"

}

},

"DIAGNOSIS": "This update for gssproxy fixes the following issues:<br/><br/> - CVE-2020-12658: Fixed an issue where gssproxy was not unlocking<br/> cond_mutex before pthread exit in gp_worker_main() (bsc#1180515).",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-03T10:30:04Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "174872",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "gssproxy",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008587.html\" TARGET=\"_blank\">SUSE-SU-2021:1030-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008587.html\" TARGET=\"_blank\">SUSE-SU-2021:1030-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for gssproxy (SUSE-SU-2021:1030-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1030-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008587.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-25645",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25645"

},

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2020-1749",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1749"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2020-0429",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0429"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

}

]

},

"DIAGNOSIS": "This update for the Linux Kernel 4.4.180-94_141 fixes several issues.<br/><br/> The following security issues were fixed:<br/><br/> - CVE-2021-27365: Fixed an issue where data structures did not have<br/> appropriate length constraints or checks, and could exceed the PAGE_SIZE<br/> value (bsc#1183491).<br/> - CVE-2021-27363: Fixed a kernel pointer leak which could have been used<br/> to determine the address of the iscsi_transport structure (bsc#1183120).<br/> - CVE-2021-27364: Fixed an issue where an unprivileged user could craft<br/> Netlink messages (bsc#1182717).<br/> - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between<br/> two Geneve endpoints to be unencrypted (bsc#1177513).<br/> - CVE-2020-0429: Fixed a memory corruption due to a use after free which<br/> could have led to local escalation of privilege with System execution<br/> privileges needed (bsc#1176931).<br/> - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup<br/> (bsc#1165631).",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "174874",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "kernel",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008590.html\" TARGET=\"_blank\">SUSE-SU-2021:1074-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008590.html\" TARGET=\"_blank\">SUSE-SU-2021:1074-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (SUSE-SU-2021:1074-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1074-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008590.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-3308",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3308"

},

{

"ID": "CVE-2020-28368",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28368"

},

{

"ID": "CVE-2021-28687",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28687"

},

{

"ID": "CVE-2021-20257",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20257"

}

]

},

"DIAGNOSIS": "This update for xen fixes the following issues:<br/><br/> - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360)<br/> - CVE-2021-28687: VUL-0: xen: HVM soft-reset crashes toolstack<br/> (bsc#1183072, XSA-368)<br/> - CVE-2021-20257: VUL-0: xen: infinite loop issue in the e1000 NIC<br/> emulator (bsc#1182846)<br/> - CVE-2020-28368: VUL-0: xen: Intel RAPL sidechannel attack aka PLATYPUS<br/> attack aka (bsc#1178591, XSA-351)<br/> - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs<br/> cut (bsc#1177204)<br/> - Kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148)<br/> - OpenQA job causes libvirtd to dump core when running kdump inside domain<br/> (bsc#1181989)<br/> - Allow restart of xenwatchdogd, enable tuning of keep-alive interval and<br/> timeout<br/> options via XENWATCHDOGD_ARGS= (bsc#1178736)<br/> - The receiving side did detect holes in a to-be-allocated superpage, but<br/> allocated a superpage anyway. This resulted to over-allocation<br/> (bsc#1177112)<br/> - The receiving side may punch holes incorrectly into optimistically<br/> allocated superpages. Also reduce overhead in bitmap handling<br/> (bsc#1177112)<br/> - Upstream bug fixes (bsc#1027519)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-03T10:30:09Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "174875",

"SEVERITY_LEVEL": "1",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "xen",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008585.html\" TARGET=\"_blank\">SUSE-SU-2021:1023-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008585.html\" TARGET=\"_blank\">SUSE-SU-2021:1023-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:1023-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1023-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008585.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"DIAGNOSIS": "This update for fwupdate fixes the following issues:<br/><br/> - Add SBAT section to EFI images (bsc#1182057)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-03T10:05:59Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-14T11:33:21Z",

"QID": "174880",

"SEVERITY_LEVEL": "1",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "suse_enterprise_linux",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008597.html\" TARGET=\"_blank\">SUSE-SU-2021:1103-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008597.html\" TARGET=\"_blank\">SUSE-SU-2021:1103-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for fwupdate (SUSE-SU-2021:1103-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1103-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008597.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"DIAGNOSIS": "This update for fwupdate fixes the following issues:<br/><br/> - Add SBAT section to EFI images (bsc#1182057)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-03T10:05:47Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-14T11:33:21Z",

"QID": "174882",

"SEVERITY_LEVEL": "1",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "suse_enterprise_linux",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008599.html\" TARGET=\"_blank\">SUSE-SU-2021:1104-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008599.html\" TARGET=\"_blank\">SUSE-SU-2021:1104-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for fwupdate (SUSE-SU-2021:1104-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1104-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008599.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"DIAGNOSIS": "This update for fwupdate fixes the following issues:<br/><br/> - Add SBAT section to EFI images (bsc#1182057)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-03T10:05:41Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-14T11:33:21Z",

"QID": "174883",

"SEVERITY_LEVEL": "1",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "suse_enterprise_linux",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008600.html\" TARGET=\"_blank\">SUSE-SU-2021:1111-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008600.html\" TARGET=\"_blank\">SUSE-SU-2021:1111-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for fwupdate (SUSE-SU-2021:1111-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1111-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008600.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-29136",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29136"

}

},

"DIAGNOSIS": "This update for umoci fixes the following issues:<br/><br/> - Update to umoci v0.4.6.<br/> - CVE-2021-29136: malicious layer allows overwriting of host files<br/> (bsc#1184147)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-03T10:05:07Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-14T11:33:21Z",

"QID": "174885",

"SEVERITY_LEVEL": "5",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "umoci",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008608.html\" TARGET=\"_blank\">SUSE-SU-2021:1116-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008608.html\" TARGET=\"_blank\">SUSE-SU-2021:1116-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for umoci (SUSE-SU-2021:1116-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1116-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008608.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-30004",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30004"

}

},

"DIAGNOSIS": "This update for wpa_supplicant fixes the following issues:<br/><br/> - CVE-2021-30004: Fixed an issue where forging attacks might have occured<br/> because AlgorithmIdentifier parameters were mishandled in tls/pkcs1.c<br/> and tls/x509v3.c (bsc#1184348)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-14T11:33:21Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-14T11:33:21Z",

"QID": "174886",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "wpa_supplicant",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008610.html\" TARGET=\"_blank\">SUSE-SU-2021:1125-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008610.html\" TARGET=\"_blank\">SUSE-SU-2021:1125-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for wpa_supplicant (SUSE-SU-2021:1125-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1125-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008610.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2019-12420",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12420"

},

{

"ID": "CVE-2020-1946",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1946"

}

]

},

"DIAGNOSIS": "This update for spamassassin fixes the following issues:<br/><br/> - spamassassin was updated to version 3.4.5<br/> - CVE-2019-12420: memory leak via crafted messages (bsc#1159133)<br/> - CVE-2020-1946: security update (bsc#1184221)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174887",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "spamassassin",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008613.html\" TARGET=\"_blank\">SUSE-SU-2021:1152-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008613.html\" TARGET=\"_blank\">SUSE-SU-2021:1152-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for spamassassin (SUSE-SU-2021:1152-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1152-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008613.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2019-12420",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12420"

},

{

"ID": "CVE-2020-1946",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1946"

}

]

},

"DIAGNOSIS": "This update for spamassassin fixes the following issues:<br/><br/> - CVE-2019-12420: memory leak via crafted messages (bsc#1159133)<br/> - CVE-2020-1946: security update (bsc#1184221)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-03T10:04:35Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174888",

"SEVERITY_LEVEL": "5",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "spamassassin",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008614.html\" TARGET=\"_blank\">SUSE-SU-2021:1153-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008614.html\" TARGET=\"_blank\">SUSE-SU-2021:1153-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for spamassassin (SUSE-SU-2021:1153-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1153-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008614.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20208",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20208"

}

},

"DIAGNOSIS": "This update for cifs-utils fixes the following issues:<br/><br/> - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from<br/> container (bsc#1183239)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:38Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:38Z",

"QID": "174890",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "cifs-utils",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008617.html\" TARGET=\"_blank\">SUSE-SU-2021:1159-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008617.html\" TARGET=\"_blank\">SUSE-SU-2021:1159-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for cifs-utils (SUSE-SU-2021:1159-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1159-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008617.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-13987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13987"

},

{

"ID": "CVE-2020-17437",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17437"

},

{

"ID": "CVE-2020-17438",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17438"

},

{

"ID": "CVE-2020-13988",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13988"

}

]

},

"DIAGNOSIS": "This update for open-iscsi fixes the following issues:<br/><br/> - CVE-2020-17437: uIP Out-of-Bounds Write (bsc#1179908)<br/> - CVE-2020-17438: uIP Out-of-Bounds Write (bsc#1179908)<br/> - CVE-2020-13987: uIP Out-of-Bounds Read (bsc#1179908)<br/> - CVE-2020-13988: uIP Integer Overflow (bsc#1179908)<br/> - Enabled no-wait (&quot;-W&quot;) iscsiadm option for iscsi login service<br/> (bsc#1173886, bsc#1183421)<br/> - Added the ability to perform async logins (bsc#1173886)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174892",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "open-iscsi",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008619.html\" TARGET=\"_blank\">SUSE-SU-2021:1164-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008619.html\" TARGET=\"_blank\">SUSE-SU-2021:1164-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for open-iscsi (SUSE-SU-2021:1164-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1164-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008619.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2019-12420",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12420"

},

{

"ID": "CVE-2020-1946",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1946"

}

]

},

"DIAGNOSIS": "This update for spamassassin fixes the following issues:<br/><br/> - CVE-2019-12420: memory leak via crafted messages (bsc#1159133)<br/> - CVE-2020-1946: security update (bsc#1184221)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174894",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "spamassassin",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008622.html\" TARGET=\"_blank\">SUSE-SU-2021:1163-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008622.html\" TARGET=\"_blank\">SUSE-SU-2021:1163-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for spamassassin (SUSE-SU-2021:1163-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1163-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008622.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-29562",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562"

},

{

"ID": "CVE-2020-27618",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618"

},

{

"ID": "CVE-2020-29573",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29573"

}

]

},

"DIAGNOSIS": "This update for glibc fixes the following issues:<br/><br/> - CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386)<br/> - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694)<br/> - CVE-2020-29573: Harden printf against non-normal long double values<br/> (bsc#1179721)<br/> - Check vector support in memmove ifunc-selector (bsc#1184034)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174895",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "glibc",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008623.html\" TARGET=\"_blank\">SUSE-SU-2021:1165-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008623.html\" TARGET=\"_blank\">SUSE-SU-2021:1165-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for glibc (SUSE-SU-2021:1165-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1165-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008623.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2021-29264",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29264"

},

{

"ID": "CVE-2021-28964",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964"

},

{

"ID": "CVE-2020-27170",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27170"

},

{

"ID": "CVE-2020-27171",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27171"

},

{

"ID": "CVE-2021-28971",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971"

},

{

"ID": "CVE-2021-29647",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647"

},

{

"ID": "CVE-2021-3428",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428"

},

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

},

{

"ID": "CVE-2020-35519",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35519"

},

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2020-29374",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374"

},

{

"ID": "CVE-2021-3444",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3444"

},

{

"ID": "CVE-2021-28038",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28038"

},

{

"ID": "CVE-2021-28972",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28972"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

},

{

"ID": "CVE-2020-27815",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27815"

},

{

"ID": "CVE-2020-29368",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368"

},

{

"ID": "CVE-2021-28688",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688"

},

{

"ID": "CVE-2021-29265",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265"

},

{

"ID": "CVE-2020-0433",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0433"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-28660",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660"

}

]

},

"DIAGNOSIS": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive<br/> various security and bugfixes.<br/><br/> The following security bugs were fixed:<br/><br/> - CVE-2021-3444: Fixed an issue with the bpf verifier which did not<br/> properly handle mod32 destination register truncation when the source<br/> register was known to be 0 leading to out of bounds read (bsc#1184170).<br/> - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent<br/> (bsc#1173485).<br/> - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed<br/> attackers to obtain sensitive information from kernel memory because of<br/> a partially uninitialized data structure (bsc#1184192 ).<br/> - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have<br/> allowed attackers to cause a denial of service due to race conditions<br/> during an update of the local and shared status (bsc#1184167).<br/> - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver<br/> which could have allowed attackers to cause a system crash due to a<br/> calculation of negative fragment size (bsc#1184168).<br/> - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a<br/> new device name to the driver from userspace, allowing userspace to<br/> write data to the kernel stack frame directly (bsc#1184198).<br/> - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could<br/> have caused a system crash because the PEBS status in a PEBS record was<br/> mishandled (bsc#1184196 ).<br/> - CVE-2021-28964: Fixed a race condition in get_old_root which could have<br/> allowed attackers to cause a denial of service (bsc#1184193).<br/> - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).<br/> - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan<br/> (bsc#1183593 ).<br/> - CVE-2021-28038: Fixed an issue with the netback driver which was lacking<br/> necessary treatment of errors such as failed memory allocations<br/> (bsc#1183022).<br/> - CVE-2021-27365: Fixed an issue where an unprivileged user can send a<br/> Netlink message that is associated with iSCSI, and has a length up to<br/> the maximum length of a Netlink message (bsc#1182715).<br/> - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink<br/> messages (bsc#1182717).<br/> - CVE-2021-27363: Fixed a kernel pointer leak which could have been used<br/> to determine the address of the iscsi_transport structure (bsc#1182716).<br/> - CVE-2020-35519: Fixed an out-of-bounds memory access was found in<br/> x25_bind (bsc#1183696).<br/> - CVE-2020-27815: Fixed an issue in JFS filesystem where could have<br/> allowed an attacker to execute code (bsc#1179454).<br/> - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds<br/> speculation on pointer arithmetic, leading to side-channel attacks that<br/> defeat Spectre mitigations and obtain sensitive information from kernel<br/> memory (bsc#1183775).<br/> - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre<br/> mitigations and obtain sensitive information from kernel memory<br/> (bsc#1183686).<br/> - CVE-2021-26930: Fixed an improper error handling in blkback's grant<br/> mapping (XSA-365 bsc#1181843).<br/> - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant<br/> mapping errors as bugs (XSA-362 bsc#1181753).<br/> - CVE-2021-26932: Fixed improper error handling issues in Linux grant<br/> mapping (XSA-361 bsc#1181747).<br/> - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write<br/> implementation which could have granted unintended write access because<br/> of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).<br/> - CVE-2020-0433: Fixed a use after free due to improper locking which<br/> could have led to local escalation of privilege (bsc#1176720).<br/><br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174897",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "kernel",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008625.html\" TARGET=\"_blank\">SUSE-SU-2021:1175-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008625.html\" TARGET=\"_blank\">SUSE-SU-2021:1175-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1175-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1175-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008625.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3472",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472"

}

},

"DIAGNOSIS": "This update for xorg-x11-server fixes the following issues:<br/><br/> - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege<br/> Escalation (bsc#1180128)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174898",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "xorg-x11-server",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008628.html\" TARGET=\"_blank\">SUSE-SU-2021:1179-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008628.html\" TARGET=\"_blank\">SUSE-SU-2021:1179-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1179-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1179-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008628.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-1405",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405"

},

{

"ID": "CVE-2021-1252",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252"

},

{

"ID": "CVE-2021-1404",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1404"

}

]

},

"DIAGNOSIS": "This update for clamav fixes the following issues:<br/><br/> - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532)<br/> - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.<br/> (bsc#1184533)<br/> - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534)<br/> - Fix errors when scanning files &gt; 4G (bsc#1181256)<br/> - Update clamav.keyring<br/> - Update to 0.103.2",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174899",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "clamav",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008629.html\" TARGET=\"_blank\">SUSE-SU-2021:1174-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008629.html\" TARGET=\"_blank\">SUSE-SU-2021:1174-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1174-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1174-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008629.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3472",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472"

}

},

"DIAGNOSIS": "This update for xorg-x11-server fixes the following issues:<br/><br/> - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege<br/> Escalation (bsc#1180128)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174900",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "xorg-x11-server",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008630.html\" TARGET=\"_blank\">SUSE-SU-2021:1181-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008630.html\" TARGET=\"_blank\">SUSE-SU-2021:1181-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1181-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1181-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008630.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3472",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472"

}

},

"DIAGNOSIS": "This update for xorg-x11-server fixes the following issues:<br/><br/> - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege<br/> Escalation (bsc#1180128)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174901",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "xorg-x11-server",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008631.html\" TARGET=\"_blank\">SUSE-SU-2021:1180-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008631.html\" TARGET=\"_blank\">SUSE-SU-2021:1180-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1180-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1180-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008631.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-1405",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405"

},

{

"ID": "CVE-2021-1252",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252"

},

{

"ID": "CVE-2021-1404",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1404"

}

]

},

"DIAGNOSIS": "This update for clamav fixes the following issues:<br/><br/> - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532)<br/> - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.<br/> (bsc#1184533)<br/> - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534)<br/> - Fix errors when scanning files &gt; 4G (bsc#1181256)<br/> - Update clamav.keyring<br/> - Update to 0.103.2",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174903",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "clamav",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008636.html\" TARGET=\"_blank\">SUSE-SU-2021:1190-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008636.html\" TARGET=\"_blank\">SUSE-SU-2021:1190-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1190-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1190-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008636.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-25329",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329"

},

{

"ID": "CVE-2020-9484",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484"

},

{

"ID": "CVE-2021-25122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122"

}

]

},

"DIAGNOSIS": "This update for tomcat fixes the following issues:<br/><br/> - CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)<br/> - CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-07T12:31:55Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-07T12:31:55Z",

"QID": "174905",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "tomcat",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008569.html\" TARGET=\"_blank\">SUSE-SU-2021:0988-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008569.html\" TARGET=\"_blank\">SUSE-SU-2021:0988-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for tomcat (SUSE-SU-2021:0988-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0988-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008569.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-25329",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329"

},

{

"ID": "CVE-2020-9484",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484"

},

{

"ID": "CVE-2021-25122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122"

},

{

"ID": "CVE-2021-24122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122"

}

]

},

"DIAGNOSIS": "This update for tomcat fixes the following issues:<br/><br/> - Fixed CVEs:<br/> * CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)<br/> * CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)<br/> - Log if file access is blocked due to symlinks: CVE-2021-24122<br/> (bsc#1180947)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-07T12:31:55Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-07T12:31:55Z",

"QID": "174906",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "tomcat",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008570.html\" TARGET=\"_blank\">SUSE-SU-2021:0989-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008570.html\" TARGET=\"_blank\">SUSE-SU-2021:0989-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for tomcat (SUSE-SU-2021:0989-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0989-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008570.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2013-7484",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7484"

},

{

"ID": "CVE-2021-27927",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27927"

}

]

},

"DIAGNOSIS": "This update for zabbix fixes the following issues:<br/><br/> - CVE-2021-27927: Fixed an improper CSRF protection mechanism<br/> (bsc#1183014).<br/> - CVE-2013-7484: Fixed an issue where passwords in the users table were<br/> unsalted (bsc#1158321).",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-07T12:31:55Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-07T12:31:55Z",

"QID": "174907",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "zabbix",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008571.html\" TARGET=\"_blank\">SUSE-SU-2021:0990-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008571.html\" TARGET=\"_blank\">SUSE-SU-2021:0990-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for zabbix (SUSE-SU-2021:0990-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0990-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008571.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-28211",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28211"

},

{

"ID": "CVE-2021-28210",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28210"

}

]

},

"DIAGNOSIS": "This update for ovmf fixes the following issues:<br/><br/> - CVE-2021-28211: ovmf: edk2: possible heap corruption with<br/> LzmaUefiDecompressGetInfo (bsc#1183578)<br/> - CVE-2021-28210: ovmf: unlimited FV recursion, round 2 (bsc#1183579)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-07T12:31:55Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-07T12:31:55Z",

"QID": "174908",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "ovmf",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008572.html\" TARGET=\"_blank\">SUSE-SU-2021:0987-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008572.html\" TARGET=\"_blank\">SUSE-SU-2021:0987-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for ovmf (SUSE-SU-2021:0987-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0987-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008572.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

}

]

},

"DIAGNOSIS": "This update for MozillaFirefox fixes the following issues:<br/><br/> - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)<br/> * CVE-2021-23981: Texture upload into an unbound backing buffer resulted<br/> in an out-of-bound read<br/> * CVE-2021-23982: Internal network hosts could have been probed by a<br/> malicious webpage<br/> * CVE-2021-23984: Malicious extensions could have spoofed popup<br/> information<br/> * CVE-2021-23987: Memory safety bugs",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-07T12:31:55Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-07T12:31:55Z",

"QID": "174909",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "firefox",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008573.html\" TARGET=\"_blank\">SUSE-SU-2021:0999-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-March/008573.html\" TARGET=\"_blank\">SUSE-SU-2021:0999-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:0999-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:0999-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008573.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3472",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472"

}

},

"DIAGNOSIS": "This update for xorg-x11-server fixes the following issues:<br/><br/> - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege<br/> Escalation (bsc#1180128)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174910",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "xorg-x11-server",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008637.html\" TARGET=\"_blank\">SUSE-SU-2021:1188-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008637.html\" TARGET=\"_blank\">SUSE-SU-2021:1188-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1188-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1188-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008637.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-1405",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405"

},

{

"ID": "CVE-2021-1252",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252"

},

{

"ID": "CVE-2021-1404",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1404"

}

]

},

"DIAGNOSIS": "This update for clamav fixes the following issues:<br/><br/> - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532)<br/> - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.<br/> (bsc#1184533)<br/> - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534)<br/> - Fix errors when scanning files &gt; 4G (bsc#1181256)<br/> - Update clamav.keyring<br/> - Update to 0.103.2",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174911",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "clamav",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008638.html\" TARGET=\"_blank\">SUSE-SU-2021:1189-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008638.html\" TARGET=\"_blank\">SUSE-SU-2021:1189-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1189-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1189-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008638.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-9484",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484"

},

{

"ID": "CVE-2021-25122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122"

},

{

"ID": "CVE-2021-24122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122"

},

{

"ID": "CVE-2021-25329",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329"

}

]

},

"DIAGNOSIS": "This update for tomcat fixes the following issues:<br/><br/> - CVE-2021-24122: Fixed an information disclosure if resources are served<br/> from the NTFS file system (bsc#1180947).<br/> - CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)<br/> - CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-07T12:31:55Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-07T12:31:55Z",

"QID": "174912",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "tomcat",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008578.html\" TARGET=\"_blank\">SUSE-SU-2021:1009-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008578.html\" TARGET=\"_blank\">SUSE-SU-2021:1009-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for tomcat (SUSE-SU-2021:1009-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1009-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008578.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

}

]

},

"DIAGNOSIS": "This update for MozillaFirefox fixes the following issues:<br/><br/> - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)<br/> * CVE-2021-23981: Texture upload into an unbound backing buffer resulted<br/> in an out-of-bound read<br/> * CVE-2021-23982: Internal network hosts could have been probed by a<br/> malicious webpage<br/> * CVE-2021-23984: Malicious extensions could have spoofed popup<br/> information<br/> * CVE-2021-23987: Memory safety bugs",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-07T12:31:55Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-07T12:31:55Z",

"QID": "174913",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "firefox",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008579.html\" TARGET=\"_blank\">SUSE-SU-2021:1007-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008579.html\" TARGET=\"_blank\">SUSE-SU-2021:1007-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:1007-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1007-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008579.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"DIAGNOSIS": "This update for OpenIPMI fixes the following issues:<br/><br/> - Fixed an issue where OpenIPMI was creating non-position independent<br/> binaries (bsc#1183178).",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-07T12:31:55Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-07T12:31:55Z",

"QID": "174914",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "suse_enterprise_linux",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008580.html\" TARGET=\"_blank\">SUSE-SU-2021:1010-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008580.html\" TARGET=\"_blank\">SUSE-SU-2021:1010-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for OpenIPMI (SUSE-SU-2021:1010-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1010-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008580.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "SUSE",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3472",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472"

}

},

"DIAGNOSIS": "This update for xorg-x11-server fixes the following issues:<br/><br/> - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege<br/> Escalation (bsc#1180128)",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "174915",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "xorg-x11-server",

"VENDOR": "suse"

}

},

"SOLUTION": "Upgrade to the latest package which contains the patch. To install this SUSE Security,\n \nUpdate use YaST online_update. Alternatively you can run the command listed for your product.\n \nTo install packages using the command line interface, use command &quot;yum update&quot;.\n \nRefer to Suse security advisory: <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008639.html\" TARGET=\"_blank\">SUSE-SU-2021:1187-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.suse.com/pipermail/sle-security-updates/2021-April/008639.html\" TARGET=\"_blank\">SUSE-SU-2021:1187-1: SUSE Enterprise Linux</A>",

"TITLE": "SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1187-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "SUSE-SU-2021:1187-1",

"URL": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008639.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20270",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"

}

},

"DIAGNOSIS": "Debian has released security update for pygments to fix the vulnerabilities.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178484",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00051.html\" TARGET=\"_blank\">DSA 4870-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00051.html\" TARGET=\"_blank\">DSA 4870-1: Debian</A>",

"TITLE": "Debian Security Update for pygments (DSA 4870-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4870-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00051.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-28089",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28089"

},

{

"ID": "CVE-2021-28090",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28090"

}

]

},

"DIAGNOSIS": "Debian has released security update for tor to fix the vulnerabilities.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178485",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00052.html\" TARGET=\"_blank\">DSA 4871-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00052.html\" TARGET=\"_blank\">DSA 4871-1: Debian</A>",

"TITLE": "Debian Security Update for tor (DSA 4871-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4871-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00052.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-27291",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"

}

},

"DIAGNOSIS": "Debian has released security update for pygments to fix the vulnerabilities.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T16:48:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178487",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian LTS Announce <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html\" TARGET=\"_blank\">DLA 2600-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html\" TARGET=\"_blank\">DLA 2600-1: Debian</A>",

"TITLE": "Debian Security Update for pygments (DLA 2600-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2600-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-36277",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36277"

},

{

"ID": "CVE-2020-36278",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36278"

},

{

"ID": "CVE-2020-36279",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36279"

},

{

"ID": "CVE-2020-36281",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36281"

}

]

},

"DIAGNOSIS": "Debian has released security update for leptonlib to fix the vulnerabilities.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T16:48:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178488",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian LTS Announce <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html\" TARGET=\"_blank\">DLA 2612-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html\" TARGET=\"_blank\">DLA 2612-1: Debian</A>",

"TITLE": "Debian Security Update for leptonlib (DLA 2612-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2612-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-27291",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"

}

},

"DIAGNOSIS": "Debian has released security update for pygments to fix the vulnerabilities.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178489",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00059.html\" TARGET=\"_blank\">DSA 4878-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00059.html\" TARGET=\"_blank\">DSA 4878-1: Debian</A>",

"TITLE": "Debian Security Update for pygments (DSA 4878-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4878-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00059.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-28831",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831"

}

},

"DIAGNOSIS": "Debian has released security update for busybox to fix the vulnerabilities.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178490",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian LTS Announce <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html\" TARGET=\"_blank\">DLA 2614-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html\" TARGET=\"_blank\">DLA 2614-1: Debian</A>",

"TITLE": "Debian Security Update for busybox (DLA 2614-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2614-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-10730",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10730"

},

{

"ID": "CVE-2020-27840",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27840"

},

{

"ID": "CVE-2021-20277",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277"

}

]

},

"DIAGNOSIS": "Debian has released security update for ldb to fix the vulnerabilities.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178491",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00065.html\" TARGET=\"_blank\">DSA 4884-1</A> to address this issue and obtain further details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00065.html\" TARGET=\"_blank\">DSA 4884-1: Debian</A>",

"TITLE": "Debian Security Update for ldb (DSA 4884-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4884-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00065.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-24122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122"

},

{

"ID": "CVE-2021-25122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122"

},

{

"ID": "CVE-2021-25329",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329"

},

{

"ID": "CVE-2021-24122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122"

},

{

"ID": "CVE-2021-25122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122"

},

{

"ID": "CVE-2021-25329",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329"

},

{

"ID": "CVE-2020-9494",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9494"

},

{

"ID": "CVE-2020-9484",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484"

},

{

"ID": "CVE-2020-9484",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484"

}

]

},

"DIAGNOSIS": "Debian has released security update for tomcat8\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178492",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html\" TARGET=\"_blank\">DLA 2596-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html\" TARGET=\"_blank\">DLA 2596-1: Debian</A>",

"TITLE": "Debian Security Update for tomcat8 (DLA 2596-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2596-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-13936",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13936"

}

},

"DIAGNOSIS": "Debian has released security update for velocity\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178493",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html\" TARGET=\"_blank\">DLA 2595-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html\" TARGET=\"_blank\">DLA 2595-1: Debian</A>",

"TITLE": "Debian Security Update for velocity (DLA 2595-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2595-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2017-12424",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424"

},

{

"ID": "CVE-2017-20002",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20002"

},

{

"ID": "CVE-2017-20002",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20002"

},

{

"ID": "CVE-2017-12424",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424"

}

]

},

"DIAGNOSIS": "Debian has released security update for shadow\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178494",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "shadow",

"VENDOR": "debian"

},

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html\" TARGET=\"_blank\">DLA 2596-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html\" TARGET=\"_blank\">DLA 2596-1: Debian</A>",

"TITLE": "Debian Security Update for shadow (DLA 2596-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2596-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00020.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-13959",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13959"

}

},

"DIAGNOSIS": "Debian has released security update for velocity-tools\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178495",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00021.html\" TARGET=\"_blank\">DLA 2597-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00021.html\" TARGET=\"_blank\">DLA 2597-1: Debian</A>",

"TITLE": "Debian Security Update for velocity-tools (DLA 2597-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2597-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00021.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-25097",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25097"

}

},

"DIAGNOSIS": "Debian has released security update for squid3\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178496",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00022.html\" TARGET=\"_blank\">DLA 2598-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00022.html\" TARGET=\"_blank\">DLA 2598-1: Debian</A>",

"TITLE": "Debian Security Update for squid3 (DLA 2598-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2598-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00022.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3429",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3429"

}

},

"DIAGNOSIS": "Debian has released security update for cloud-init\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178497",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00025.html\" TARGET=\"_blank\">DLA 2601-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00025.html\" TARGET=\"_blank\">DLA 2601-1: Debian</A>",

"TITLE": "Debian Security Update for cloud-init (DLA 2601-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2601-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00025.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-27135",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135"

}

},

"DIAGNOSIS": "Debian has released security update for xterm\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178498",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00026.html\" TARGET=\"_blank\">DLA 2558-2</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00026.html\" TARGET=\"_blank\">DLA 2558-2: Debian</A>",

"TITLE": "Debian Security Update for xterm (DLA 2558-2)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2558-2",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00026.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-25681",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25681"

},

{

"ID": "CVE-2020-25682",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25682"

},

{

"ID": "CVE-2020-25683",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25683"

},

{

"ID": "CVE-2020-25684",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25684"

},

{

"ID": "CVE-2020-25687",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25687"

}

]

},

"DIAGNOSIS": "Debian has released security update for dnsmasq\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178499",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html\" TARGET=\"_blank\">DLA 2604-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html\" TARGET=\"_blank\">DLA 2604-1: Debian</A>",

"TITLE": "Debian Security Update for dnsmasq (DLA 2604-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2604-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CORRELATION": {

"EXPLOITS": {

"EXPLT_SRC": {

"EXPLT_LIST": {

"EXPLT": {

"DESC": "MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution - The Exploit-DB Ref : 49765",

"LINK": "http://www.exploit-db.com/exploits/49765",

"REF": "CVE-2021-27928"

}

},

"SRC_NAME": "The Exploit-DB"

}

}

},

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-27928",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27928"

}

},

"DIAGNOSIS": "Debian has released security update for mariadb-10.1\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available, Exploit Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178500",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html\" TARGET=\"_blank\">DLA 2605-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html\" TARGET=\"_blank\">DLA 2605-1: Debian</A>",

"TITLE": "Debian Security Update for mariadb-10.1 (DLA 2605-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2605-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2019-11372",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11372"

},

{

"ID": "CVE-2019-11373",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11373"

},

{

"ID": "CVE-2020-15395",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15395"

},

{

"ID": "CVE-2020-26797",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26797"

}

]

},

"DIAGNOSIS": "Debian has released security update for libmediainfo\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178501",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00029.html\" TARGET=\"_blank\">DLA 2603-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00029.html\" TARGET=\"_blank\">DLA 2603-1: Debian</A>",

"TITLE": "Debian Security Update for libmediainfo (DLA 2603-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2603-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00029.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-25666",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25666"

},

{

"ID": "CVE-2020-25675",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25675"

},

{

"ID": "CVE-2020-25676",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25676"

},

{

"ID": "CVE-2020-27754",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27754"

},

{

"ID": "CVE-2020-27757",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27757"

},

{

"ID": "CVE-2020-27758",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27758"

},

{

"ID": "CVE-2020-27759",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27759"

},

{

"ID": "CVE-2020-27761",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27761"

},

{

"ID": "CVE-2020-27762",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27762"

},

{

"ID": "CVE-2020-27764",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27764"

},

{

"ID": "CVE-2020-27766",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27766"

},

{

"ID": "CVE-2020-27767",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27767"

},

{

"ID": "CVE-2020-27768",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27768"

},

{

"ID": "CVE-2020-27769",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27769"

},

{

"ID": "CVE-2020-27770",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27770"

},

{

"ID": "CVE-2020-27771",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27771"

},

{

"ID": "CVE-2020-27772",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27772"

},

{

"ID": "CVE-2020-27774",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27774"

},

{

"ID": "CVE-2020-27775",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27775"

},

{

"ID": "CVE-2021-20176",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20176"

},

{

"ID": "CVE-2021-20241",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20241"

},

{

"ID": "CVE-2021-20244",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20244"

},

{

"ID": "CVE-2021-20246",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20246"

}

]

},

"DIAGNOSIS": "Debian has released security update for imagemagick\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178502",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html\" TARGET=\"_blank\">DLA 2602-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html\" TARGET=\"_blank\">DLA 2602-1: Debian</A>",

"TITLE": "Debian Security Update for imagemagick (DLA 2602-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2602-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-28957",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28957"

}

},

"DIAGNOSIS": "Debian has released security update for lxml\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178503",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html\" TARGET=\"_blank\">DLA 2606-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html\" TARGET=\"_blank\">DLA 2606-1: Debian</A>",

"TITLE": "Debian Security Update for lxml (DLA 2606-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2606-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Debian has released security update for firefox-esr\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178504",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00032.html\" TARGET=\"_blank\">DLA 2607-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00032.html\" TARGET=\"_blank\">DLA 2607-1: Debian</A>",

"TITLE": "Debian Security Update for firefox-esr (DLA 2607-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2607-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00032.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CORRELATION": {

"EXPLOITS": {

"EXPLT_SRC": {

"EXPLT_LIST": {

"EXPLT": [

{

"DESC": "jQuery 1.2 - Cross-Site Scripting (XSS) - The Exploit-DB Ref : 49766",

"LINK": "http://www.exploit-db.com/exploits/49766",

"REF": "CVE-2020-11022"

},

{

"DESC": "jQuery 1.0.3 - Cross-Site Scripting (XSS) - The Exploit-DB Ref : 49767",

"LINK": "http://www.exploit-db.com/exploits/49767",

"REF": "CVE-2020-11023"

}

]

},

"SRC_NAME": "The Exploit-DB"

}

}

},

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-11022",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022"

},

{

"ID": "CVE-2020-11023",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023"

}

]

},

"DIAGNOSIS": "Debian has released security update for jquery\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available, Exploit Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:15Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:15Z",

"QID": "178505",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\" TARGET=\"_blank\">DLA 2608-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\" TARGET=\"_blank\">DLA 2608-1: Debian</A>",

"TITLE": "Debian Security Update for jquery (DLA 2608-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2608-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Debian has released security update for thunderbird\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "178506",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00034.html\" TARGET=\"_blank\">DLA 2609-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00034.html\" TARGET=\"_blank\">DLA 2609-1: Debian</A>",

"TITLE": "Debian Security Update for thunderbird (DLA 2609-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2609-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00034.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-27170",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27170"

},

{

"ID": "CVE-2020-27171",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27171"

},

{

"ID": "CVE-2021-3348",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3348"

},

{

"ID": "CVE-2021-3428",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428"

},

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

},

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

},

{

"ID": "CVE-2021-28038",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28038"

},

{

"ID": "CVE-2021-28660",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660"

},

{

"ID": "CVE-2020-27170",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27170"

},

{

"ID": "CVE-2020-27171",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27171"

},

{

"ID": "CVE-2021-3348",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3348"

},

{

"ID": "CVE-2021-3428",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428"

},

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

},

{

"ID": "CVE-2021-26932",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932"

},

{

"ID": "CVE-2021-28038",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28038"

},

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

},

{

"ID": "CVE-2021-28660",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660"

}

]

},

"DIAGNOSIS": "Debian has released security update for linux-4.19\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "178507",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html\" TARGET=\"_blank\">DLA 2610-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html\" TARGET=\"_blank\">DLA 2610-1: Debian</A>",

"TITLE": "Debian Security Update for linux-4.19 (DLA 2610-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2610-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-27840",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27840"

},

{

"ID": "CVE-2021-20277",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277"

}

]

},

"DIAGNOSIS": "Debian has released security update for ldb\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "178508",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html\" TARGET=\"_blank\">DLA 2611-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html\" TARGET=\"_blank\">DLA 2611-1: Debian</A>",

"TITLE": "Debian Security Update for ldb (DLA 2611-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2611-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-23358",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358"

}

},

"DIAGNOSIS": "Debian has released security update for underscore\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "178509",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\" TARGET=\"_blank\">DLA 2613-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\" TARGET=\"_blank\">DLA 2613-1: Debian</A>",

"TITLE": "Debian Security Update for underscore (DLA 2613-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2613-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-1946",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1946"

}

},

"DIAGNOSIS": "Debian has released security update for spamassassin\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "178510",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html\" TARGET=\"_blank\">DLA 2615-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html\" TARGET=\"_blank\">DLA 2615-1: Debian</A>",

"TITLE": "Debian Security Update for spamassassin (DLA 2615-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2615-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-21341",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21341"

},

{

"ID": "CVE-2021-21342",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21342"

},

{

"ID": "CVE-2021-21343",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21343"

},

{

"ID": "CVE-2021-21344",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21344"

},

{

"ID": "CVE-2021-21345",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21345"

},

{

"ID": "CVE-2021-21346",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21346"

},

{

"ID": "CVE-2021-21347",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21347"

},

{

"ID": "CVE-2021-21348",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21348"

},

{

"ID": "CVE-2021-21349",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21349"

},

{

"ID": "CVE-2021-21350",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21350"

},

{

"ID": "CVE-2021-21351",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21351"

}

]

},

"DIAGNOSIS": "Debian has released security update for libxstream-java\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "178511",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html\" TARGET=\"_blank\">DLA 2616-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html\" TARGET=\"_blank\">DLA 2616-1: Debian</A>",

"TITLE": "Debian Security Update for libxstream-java (DLA 2616-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2616-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-15227",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15227"

}

},

"DIAGNOSIS": "Debian has released security update for php-nette\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "178512",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html\" TARGET=\"_blank\">DLA 2617-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html\" TARGET=\"_blank\">DLA 2617-1: Debian</A>",

"TITLE": "Debian Security Update for php-nette (DLA 2617-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2617-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2018-13982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13982"

},

{

"ID": "CVE-2021-26119",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26119"

},

{

"ID": "CVE-2021-26120",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26120"

},

{

"ID": "CVE-2018-13982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13982"

},

{

"ID": "CVE-2021-26119",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26119"

},

{

"ID": "CVE-2021-26120",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26120"

}

]

},

"DIAGNOSIS": "Debian has released security update for smarty3\n to fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "178513",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html\" TARGET=\"_blank\">DLA 2618-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html\" TARGET=\"_blank\">DLA 2618-1: Debian</A>",

"TITLE": "Debian Security Update for smarty3 (DLA 2618-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DLA 2618-1",

"URL": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Debian has released security update forthunderbird\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178514",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00057.html\" TARGET=\"_blank\">DSA 4876-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00057.html\" TARGET=\"_blank\">DSA 4876-1: Debian</A>",

"TITLE": "Debian Security Update for thunderbird (DSA 4876-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4876-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00057.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-27918",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918"

},

{

"ID": "CVE-2020-29623",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623"

},

{

"ID": "CVE-2021-1765",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765"

},

{

"ID": "CVE-2021-1789",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789"

},

{

"ID": "CVE-2021-1799",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799"

},

{

"ID": "CVE-2021-1801",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801"

},

{

"ID": "CVE-2021-1870",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870"

},

{

"ID": "CVE-2020-27918",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918"

},

{

"ID": "CVE-2020-29623",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623"

},

{

"ID": "CVE-2021-1765",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765"

},

{

"ID": "CVE-2021-1789",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789"

},

{

"ID": "CVE-2021-1799",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799"

},

{

"ID": "CVE-2021-1801",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801"

},

{

"ID": "CVE-2021-1870",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870"

}

]

},

"DIAGNOSIS": "Debian has released security update forwebkit2gtk\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178515",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "None",

"VENDOR": "debian"

},

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00058.html\" TARGET=\"_blank\">DSA 4877-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00058.html\" TARGET=\"_blank\">DSA 4877-1: Debian</A>",

"TITLE": "Debian Security Update for webkit2gtk (DSA 4877-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4877-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00058.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-1946",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1946"

}

},

"DIAGNOSIS": "Debian has released security update forspamassassin\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178516",

"SEVERITY_LEVEL": "5",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00060.html\" TARGET=\"_blank\">DSA 4879-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00060.html\" TARGET=\"_blank\">DSA 4879-1: Debian</A>",

"TITLE": "Debian Security Update for spamassassin (DSA 4879-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4879-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00060.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-6851",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6851"

},

{

"ID": "CVE-2020-8112",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8112"

},

{

"ID": "CVE-2020-15389",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15389"

},

{

"ID": "CVE-2020-27814",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27814"

},

{

"ID": "CVE-2020-27823",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27823"

},

{

"ID": "CVE-2020-27824",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27824"

},

{

"ID": "CVE-2020-27841",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27841"

},

{

"ID": "CVE-2020-27842",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27842"

},

{

"ID": "CVE-2020-27843",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27843"

},

{

"ID": "CVE-2020-27845",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27845"

}

]

},

"DIAGNOSIS": "Debian has released security update foropenjpeg2\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178518",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00063.html\" TARGET=\"_blank\">DSA 4882-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00063.html\" TARGET=\"_blank\">DSA 4882-1: Debian</A>",

"TITLE": "Debian Security Update for openjpeg2 (DSA 4882-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4882-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00063.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-23358",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358"

}

},

"DIAGNOSIS": "Debian has released security update forunderscore\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178519",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00064.html\" TARGET=\"_blank\">DSA 4883-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00064.html\" TARGET=\"_blank\">DSA 4883-1: Debian</A>",

"TITLE": "Debian Security Update for underscore (DSA 4883-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4883-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00064.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-25097",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25097"

}

},

"DIAGNOSIS": "Debian has released security update forsquid\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178520",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00054.html\" TARGET=\"_blank\">DSA 4873-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00054.html\" TARGET=\"_blank\">DSA 4873-1: Debian</A>",

"TITLE": "Debian Security Update for squid (DSA 4873-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4873-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00054.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Debian has released security update forfirefox-esr\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178521",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00055.html\" TARGET=\"_blank\">DSA 4874-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00055.html\" TARGET=\"_blank\">DSA 4874-1: Debian</A>",

"TITLE": "Debian Security Update for firefox-esr (DSA 4874-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4874-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00055.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-8169",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169"

},

{

"ID": "CVE-2020-8177",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177"

},

{

"ID": "CVE-2020-8231",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231"

},

{

"ID": "CVE-2020-8284",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284"

},

{

"ID": "CVE-2020-8285",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285"

},

{

"ID": "CVE-2020-8286",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286"

},

{

"ID": "CVE-2021-22876",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876"

},

{

"ID": "CVE-2021-22890",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890"

},

{

"ID": "CVE-2020-8169",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169"

},

{

"ID": "CVE-2020-8177",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177"

},

{

"ID": "CVE-2020-8231",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231"

},

{

"ID": "CVE-2020-8284",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284"

},

{

"ID": "CVE-2020-8285",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285"

},

{

"ID": "CVE-2020-8286",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286"

},

{

"ID": "CVE-2021-22876",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876"

},

{

"ID": "CVE-2021-22890",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890"

}

]

},

"DIAGNOSIS": "Debian has released security update forcurl\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178522",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "curl",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00062.html\" TARGET=\"_blank\">DSA 4881-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00062.html\" TARGET=\"_blank\">DSA 4881-1: Debian</A>",

"TITLE": "Debian Security Update for curl (DSA 4881-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4881-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00062.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-21381",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21381"

}

},

"DIAGNOSIS": "Debian has released security update forflatpak\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178523",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00049.html\" TARGET=\"_blank\">DSA 4868-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00049.html\" TARGET=\"_blank\">DSA 4868-1: Debian</A>",

"TITLE": "Debian Security Update for flatpak (DSA 4868-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4868-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00049.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-35523",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523"

},

{

"ID": "CVE-2020-35524",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524"

}

]

},

"DIAGNOSIS": "Debian has released security update fortiff\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178524",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00050.html\" TARGET=\"_blank\">DSA 4869-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00050.html\" TARGET=\"_blank\">DSA 4869-1: Debian</A>",

"TITLE": "Debian Security Update for tiff (DSA 4869-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4869-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00050.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2019-20444",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444"

},

{

"ID": "CVE-2019-20445",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445"

},

{

"ID": "CVE-2020-7238",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238"

},

{

"ID": "CVE-2020-11612",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612"

},

{

"ID": "CVE-2021-21290",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290"

},

{

"ID": "CVE-2021-21295",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"

},

{

"ID": "CVE-2021-21409",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409"

}

]

},

"DIAGNOSIS": "Debian has released security update fornetty\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178527",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00066.html\" TARGET=\"_blank\">DSA 4885-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00066.html\" TARGET=\"_blank\">DSA 4885-1: Debian</A>",

"TITLE": "Debian Security Update for netty (DSA 4885-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4885-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00066.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-21159",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21159"

},

{

"ID": "CVE-2021-21160",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21160"

},

{

"ID": "CVE-2021-21161",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21161"

},

{

"ID": "CVE-2021-21162",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21162"

},

{

"ID": "CVE-2021-21163",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21163"

},

{

"ID": "CVE-2021-21165",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21165"

},

{

"ID": "CVE-2021-21166",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166"

},

{

"ID": "CVE-2021-21167",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21167"

},

{

"ID": "CVE-2021-21168",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21168"

},

{

"ID": "CVE-2021-21169",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21169"

},

{

"ID": "CVE-2021-21170",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21170"

},

{

"ID": "CVE-2021-21171",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21171"

},

{

"ID": "CVE-2021-21172",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21172"

},

{

"ID": "CVE-2021-21173",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21173"

},

{

"ID": "CVE-2021-21174",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21174"

},

{

"ID": "CVE-2021-21175",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21175"

},

{

"ID": "CVE-2021-21176",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21176"

},

{

"ID": "CVE-2021-21177",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21177"

},

{

"ID": "CVE-2021-21178",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21178"

},

{

"ID": "CVE-2021-21179",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21179"

},

{

"ID": "CVE-2021-21180",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21180"

},

{

"ID": "CVE-2021-21181",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21181"

},

{

"ID": "CVE-2021-21182",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21182"

},

{

"ID": "CVE-2021-21183",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21183"

},

{

"ID": "CVE-2021-21184",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21184"

},

{

"ID": "CVE-2021-21185",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21185"

},

{

"ID": "CVE-2021-21186",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21186"

},

{

"ID": "CVE-2021-21187",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21187"

},

{

"ID": "CVE-2021-21188",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21188"

},

{

"ID": "CVE-2021-21189",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21189"

},

{

"ID": "CVE-2021-21190",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21190"

},

{

"ID": "CVE-2021-21191",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21191"

},

{

"ID": "CVE-2021-21192",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21192"

},

{

"ID": "CVE-2021-21193",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21193"

},

{

"ID": "CVE-2021-21194",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21194"

},

{

"ID": "CVE-2021-21195",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21195"

},

{

"ID": "CVE-2021-21196",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21196"

},

{

"ID": "CVE-2021-21197",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21197"

},

{

"ID": "CVE-2021-21198",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21198"

},

{

"ID": "CVE-2021-21199",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21199"

},

{

"ID": "CVE-2021-21159",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21159"

},

{

"ID": "CVE-2021-21160",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21160"

},

{

"ID": "CVE-2021-21161",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21161"

},

{

"ID": "CVE-2021-21162",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21162"

},

{

"ID": "CVE-2021-21163",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21163"

},

{

"ID": "CVE-2021-21165",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21165"

},

{

"ID": "CVE-2021-21166",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166"

},

{

"ID": "CVE-2021-21167",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21167"

},

{

"ID": "CVE-2021-21168",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21168"

},

{

"ID": "CVE-2021-21169",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21169"

},

{

"ID": "CVE-2021-21170",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21170"

},

{

"ID": "CVE-2021-21171",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21171"

},

{

"ID": "CVE-2021-21172",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21172"

},

{

"ID": "CVE-2021-21173",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21173"

},

{

"ID": "CVE-2021-21174",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21174"

},

{

"ID": "CVE-2021-21175",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21175"

},

{

"ID": "CVE-2021-21176",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21176"

},

{

"ID": "CVE-2021-21177",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21177"

},

{

"ID": "CVE-2021-21178",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21178"

},

{

"ID": "CVE-2021-21179",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21179"

},

{

"ID": "CVE-2021-21180",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21180"

},

{

"ID": "CVE-2021-21181",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21181"

},

{

"ID": "CVE-2021-21182",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21182"

},

{

"ID": "CVE-2021-21183",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21183"

},

{

"ID": "CVE-2021-21184",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21184"

},

{

"ID": "CVE-2021-21185",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21185"

},

{

"ID": "CVE-2021-21186",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21186"

},

{

"ID": "CVE-2021-21187",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21187"

},

{

"ID": "CVE-2021-21188",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21188"

},

{

"ID": "CVE-2021-21189",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21189"

},

{

"ID": "CVE-2021-21190",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21190"

},

{

"ID": "CVE-2021-21191",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21191"

},

{

"ID": "CVE-2021-21192",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21192"

},

{

"ID": "CVE-2021-21193",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21193"

},

{

"ID": "CVE-2021-21194",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21194"

},

{

"ID": "CVE-2021-21195",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21195"

},

{

"ID": "CVE-2021-21196",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21196"

},

{

"ID": "CVE-2021-21197",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21197"

},

{

"ID": "CVE-2021-21198",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21198"

},

{

"ID": "CVE-2021-21199",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21199"

}

]

},

"DIAGNOSIS": "Debian has released security update forchromium\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178528",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00067.html\" TARGET=\"_blank\">DSA 4886-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00067.html\" TARGET=\"_blank\">DSA 4886-1: Debian</A>",

"TITLE": "Debian Security Update for chromium (DSA 4886-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4886-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00067.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-21772",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21772"

}

},

"DIAGNOSIS": "Debian has released security update forlib3mf\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178529",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00068.html\" TARGET=\"_blank\">DSA 4887-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00068.html\" TARGET=\"_blank\">DSA 4887-1: Debian</A>",

"TITLE": "Debian Security Update for lib3mf (DSA 4887-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4887-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00068.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-26933",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26933"

},

{

"ID": "CVE-2021-27379",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27379"

}

]

},

"DIAGNOSIS": "Debian has released security update forxen\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:39Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:39Z",

"QID": "178530",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00069.html\" TARGET=\"_blank\">DSA 4888-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00069.html\" TARGET=\"_blank\">DSA 4888-1: Debian</A>",

"TITLE": "Debian Security Update for xen (DSA 4888-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4888-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00069.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-20270",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"

},

{

"ID": "CVE-2021-27291",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"

},

{

"ID": "CVE-2021-30152",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"

},

{

"ID": "CVE-2021-30159",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"

},

{

"ID": "CVE-2021-30154",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"

},

{

"ID": "CVE-2021-30155",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"

},

{

"ID": "CVE-2021-30157",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"

},

{

"ID": "CVE-2021-30158",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"

}

]

},

"DIAGNOSIS": "Debian has released security update formediawiki\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "178531",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00070.html\" TARGET=\"_blank\">DSA 4889-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00070.html\" TARGET=\"_blank\">DSA 4889-1: Debian</A>",

"TITLE": "Debian Security Update for mediawiki (DSA 4889-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4889-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00070.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-28834",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28834"

}

},

"DIAGNOSIS": "Debian has released security update forruby-kramdown\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "178532",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00071.html\" TARGET=\"_blank\">DSA 4890-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00071.html\" TARGET=\"_blank\">DSA 4890-1: Debian</A>",

"TITLE": "Debian Security Update for ruby-kramdown (DSA 4890-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4890-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00071.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-25122",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122"

},

{

"ID": "CVE-2021-25329",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329"

}

]

},

"DIAGNOSIS": "Debian has released security update fortomcat9\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "178533",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "debian_linux",

"VENDOR": "debian"

},

{

"PRODUCT": "None",

"VENDOR": "debian"

}

]

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00072.html\" TARGET=\"_blank\">DSA 4891-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00072.html\" TARGET=\"_blank\">DSA 4891-1: Debian</A>",

"TITLE": "Debian Security Update for tomcat9 (DSA 4891-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4891-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00072.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Debian",

"CONSEQUENCE": "Successful exploitation allows attacker to compromise the system.",

"DIAGNOSIS": "Debian has released security update forshibboleth-sp\nto fix the vulnerabilities.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "178534",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "shibboleth-sp",

"VENDOR": "debian"

}

},

"SOLUTION": "Refer to Debian security advisory <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00053.html\" TARGET=\"_blank\">DSA 4872-1</A> for patching details.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.debian.org/debian-security-announce/2021/msg00053.html\" TARGET=\"_blank\">DSA 4872-1: Debian</A>",

"TITLE": "Debian Security Update for shibboleth-sp (DSA 4872-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "DSA 4872-1",

"URL": "https://lists.debian.org/debian-security-announce/2021/msg00053.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "It can cause confidentiality issues.",

"DIAGNOSIS": "<P> The ca-certificates package contained outdated CA certificates.\n<P> This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle.<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "198248",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "ca-certificates",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-February/005874.html\" TARGET=\"_blank\">USN-4719-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/ca-certificates/20210119~18.04.1\" TARGET=\"_blank\">USN-4719-1: 18.04 (bionic) on src (ca-certificates)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/ca-certificates/20210119~20.10.1\" TARGET=\"_blank\">USN-4719-1: 20.10 (groovy) on src (ca-certificates)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/ca-certificates/20210119~20.04.1\" TARGET=\"_blank\">USN-4719-1: 20.04 (focal) on src (ca-certificates)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/ca-certificates/20210119~16.04.1\" TARGET=\"_blank\">USN-4719-1: 16.04 (Xenial) on src (ca-certificates)</A>",

"TITLE": "Ubuntu Security Notification for Ca-certificates Update (USN-4719-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4719-1",

"URL": "https://usn.ubuntu.com/4719-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2021-3444)<P> A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365)<P> A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27171)<P> A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170)<P> A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363)<P> A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364)<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-27170",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27170"

},

{

"ID": "CVE-2020-27171",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27171"

},

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

},

{

"ID": "CVE-2021-3444",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3444"

}

]

},

"DIAGNOSIS": "<P> It was discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0.\n<P> It was discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel.\n<P> It was discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations.\n<P> It was discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types.\n<P> It was discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles.\n<P> It was discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:29Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:29Z",

"QID": "198307",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005943.html\" TARGET=\"_blank\">USN-4887-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-1041-aws)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-1012-gkeop)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-gke-5.4)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.6.0-1052-oem)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.3.0-1038-raspi2)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-1026-gcp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-1040-gcp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-kvm)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-1026-azure)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-gkeop-5.4)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-1040-gcp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-kvm)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-gkeop-5.3)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-generic-64k-hwe-20.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-oracle)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-48-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-oem-osp1)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-1032-raspi)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.3.0-72-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.3.0-72-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-gcp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-raspi2)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-generic-lpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-oem)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-generic-64k)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-70-generic-lpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-raspi-nolpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-gcp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-raspi)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-aws)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-70-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-1041-aws)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-1022-kvm)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-1043-azure)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-raspi)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-raspi2-hwe-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-1012-gkeop)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-1024-oracle)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-70-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-48-generic-lpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-oem)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-generic-lpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-oracle)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-48-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-generic-hwe-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-generic-lpae-hwe-20.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.10.0-1019-oem)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-70-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-1036-kvm)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.3.0-1041-gke)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-raspi-hwe-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.8.0-48-generic-64k)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-1039-gke)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-oem-20.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-azure)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.8.0-48-generic-lpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-gkeop-5.4)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-gkeop)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-1041-oracle)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-oem-osp1)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-1019-raspi-nolpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-generic-hwe-20.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-gke-5.3)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-virtual)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-generic-lpae-hwe-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-70-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-snapdragon-hwe-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.8.0-48-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-1032-raspi)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-oem-20.04b)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-oracle)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-70-generic-lpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-gke)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-48-generic-64k)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-aws)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.8.0-48-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-virtual)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-lowlatency-hwe-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-aws)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-gcp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-virtual-hwe-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-5.4.0-1041-oracle)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-azure)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-1019-raspi)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-lowlatency-hwe-20.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-azure)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-oem-20.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/5.8.0-48.54\" TARGET=\"_blank\">USN-4887-1: 20.10 (groovy) on src (linux-image-5.8.0-1027-aws)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1027.29\" TARGET=\"_blank\">USN-4887-1: 20.04 (focal) on src (linux-image-virtual-hwe-20.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1026.28\" TARGET=\"_blank\">USN-4887-1: 18.04 (bionic) on src (linux-image-5.4.0-1043-azure)</A>",

"TITLE": "Ubuntu Security Notification for Linux, Linux-aws, Linux-aws-5.4, Linux-azure, Linux-azure-5.4, Linux-gcp, (USN-4887-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4887-1",

"URL": "https://usn.ubuntu.com/4887-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27171)<P> A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170)<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-27170",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27170"

},

{

"ID": "CVE-2020-27171",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27171"

}

]

},

"DIAGNOSIS": "<P> It was discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations.\n<P> It was discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:29Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-01T13:01:29Z",

"QID": "198309",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005946.html\" TARGET=\"_blank\">USN-4890-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-aws-hwe)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-generic-lpae-hwe-16.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-powerpc64-emb)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-4.15.0-140-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-1099-snapdragon)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-powerpc-e500mc)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-oracle-lts-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-1097-aws)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-4.15.0-1111-azure)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-4.15.0-140-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-virtual)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-1111-azure)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-140-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-oracle)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-4.15.0-1097-aws)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-virtual-hwe-16.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-generic-lpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-gcp-lts-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-140-generic-lpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-azure-lts-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-snapdragon)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-4.15.0-1068-oracle)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-140-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-powerpc64-smp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-gcp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-azure)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-4.15.0-140-generic-lpae)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-1088-kvm)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-generic)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-4.15.0-1096-gcp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-1096-gcp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-aws-lts-18.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-1068-oracle)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-generic-hwe-16.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-lowlatency-hwe-16.04)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-kvm)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-dell300x)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-oem)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-4.15.0-1015-dell300x)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-powerpc-smp)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux/4.15.0-140.144\" TARGET=\"_blank\">USN-4890-1: 18.04 (bionic) on src (linux-image-lowlatency)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1097.104\" TARGET=\"_blank\">USN-4890-1: 16.04 (Xenial) on src (linux-image-gke)</A>",

"TITLE": "Ubuntu Security Notification for Linux, Linux-aws, Linux-aws-hwe, Linux-azure, Linux-azure-4.15, (USN-4890-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4890-1",

"URL": "https://usn.ubuntu.com/4890-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-23981, CVE-2021-23982, CVE-2021-23983, CVE-2021-23987, CVE-2021-23988)<P> If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spook a website and trick the user into providing credentials. (CVE-2021-23984)<P> If a local attacker could modify the browser configuration, a remote attacker could potentially exploit this to obtain sensitive information. (CVE-2021-23985)<P> If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information. (CVE-2021-23986)<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23983",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23983"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23985",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23985"

},

{

"ID": "CVE-2021-23986",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23986"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

},

{

"ID": "CVE-2021-23988",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23988"

}

]

},

"DIAGNOSIS": "<P> Multiple security issues were discovered in Firefox.\n<P> It was discovered that extensions could open popup windows with control of the window title in some circumstances.\n<P> It was discovered that the DevTools remote debugging feature could be enabled without an indication to the user.\n<P> It was discovered that extensions could read the response of cross origin requests in some circumstances.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "198311",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005950.html\" TARGET=\"_blank\">USN-4893-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/firefox/87.0+build3-0ubuntu0.18.04.2\" TARGET=\"_blank\">USN-4893-1: 18.04 (bionic) on src (firefox)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/firefox/87.0+build3-0ubuntu0.20.10.1\" TARGET=\"_blank\">USN-4893-1: 20.10 (groovy) on src (firefox)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/firefox/87.0+build3-0ubuntu0.20.04.2\" TARGET=\"_blank\">USN-4893-1: 20.04 (focal) on src (firefox)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/firefox/87.0+build3-0ubuntu0.16.04.2\" TARGET=\"_blank\">USN-4893-1: 16.04 (Xenial) on src (firefox)</A>",

"TITLE": "Ubuntu Security Notification for Firefox Vulnerabilities (USN-4893-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4893-1",

"URL": "https://usn.ubuntu.com/4893-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-27918",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918"

},

{

"ID": "CVE-2020-29623",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623"

},

{

"ID": "CVE-2021-1765",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765"

},

{

"ID": "CVE-2021-1789",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789"

},

{

"ID": "CVE-2021-1799",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799"

},

{

"ID": "CVE-2021-1801",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801"

},

{

"ID": "CVE-2021-1870",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870"

}

]

},

"DIAGNOSIS": "<P> A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "198312",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005951.html\" TARGET=\"_blank\">USN-4894-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.04.1\" TARGET=\"_blank\">USN-4894-1: 20.04 (focal) on src (libjavascriptcoregtk-4.0-18)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.18.04.1\" TARGET=\"_blank\">USN-4894-1: 18.04 (bionic) on src (libwebkit2gtk-4.0-37)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.10.1\" TARGET=\"_blank\">USN-4894-1: 20.10 (groovy) on src (libjavascriptcoregtk-4.0-18)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.10.1\" TARGET=\"_blank\">USN-4894-1: 20.10 (groovy) on src (libwebkit2gtk-4.0-37)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.04.1\" TARGET=\"_blank\">USN-4894-1: 20.04 (focal) on src (libwebkit2gtk-4.0-37)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.18.04.1\" TARGET=\"_blank\">USN-4894-1: 18.04 (bionic) on src (libjavascriptcoregtk-4.0-18)</A>",

"TITLE": "Ubuntu Security Notification for Webkit2gtk Vulnerabilities (USN-4894-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4894-1",

"URL": "https://usn.ubuntu.com/4894-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15049)<P> A remote attacker could use this issue to perform HTTP Request Smuggling and possibly access services forbidden by the security controls. (CVE-2020-25097)<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-15049",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15049"

},

{

"ID": "CVE-2020-25097",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25097"

}

]

},

"DIAGNOSIS": "<P> It was discovered that Squid incorrectly handled certain Content-Length headers.\n<P> It was discovered that Squid incorrectly validated certain input.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "198313",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005952.html\" TARGET=\"_blank\">USN-4895-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/squid3/3.5.27-1ubuntu1.10\" TARGET=\"_blank\">USN-4895-1: 18.04 (bionic) on src (squid)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/squid/4.13-1ubuntu2.1\" TARGET=\"_blank\">USN-4895-1: 20.10 (groovy) on src (squid)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.3\" TARGET=\"_blank\">USN-4895-1: 20.04 (focal) on src (squid)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.16\" TARGET=\"_blank\">USN-4895-1: 16.04 (Xenial) on src (squid)</A>",

"TITLE": "Ubuntu Security Notification for Squid, Squid3 Vulnerabilities (USN-4895-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4895-1",

"URL": "https://usn.ubuntu.com/4895-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> A remote attacker could possibly use this issue to perform cross-site scripting (XSS) attacks.<P>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-28957",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28957"

}

},

"DIAGNOSIS": "<P> It was discovered that lxml incorrectly handled certain HTML attributes.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "198314",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005954.html\" TARGET=\"_blank\">USN-4896-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/lxml/4.5.0-1ubuntu0.3\" TARGET=\"_blank\">USN-4896-1: 20.04 (focal) on src (python3-lxml)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/lxml/3.5.0-1ubuntu0.4\" TARGET=\"_blank\">USN-4896-1: 16.04 (Xenial) on src (python-lxml)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/lxml/4.5.0-1ubuntu0.3\" TARGET=\"_blank\">USN-4896-1: 20.04 (focal) on src (python-lxml)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/lxml/4.5.2-1ubuntu0.4\" TARGET=\"_blank\">USN-4896-1: 20.10 (groovy) on src (python3-lxml)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/lxml/3.5.0-1ubuntu0.4\" TARGET=\"_blank\">USN-4896-1: 16.04 (Xenial) on src (python3-lxml)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/lxml/4.2.1-1ubuntu0.4\" TARGET=\"_blank\">USN-4896-1: 18.04 (bionic) on src (python-lxml)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/lxml/4.2.1-1ubuntu0.4\" TARGET=\"_blank\">USN-4896-1: 18.04 (bionic) on src (python3-lxml)</A>",

"TITLE": "Ubuntu Security Notification for Lxml Vulnerability (USN-4896-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4896-1",

"URL": "https://usn.ubuntu.com/4896-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service.<P>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-27291",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"

}

},

"DIAGNOSIS": "<P> It was discovered that Pygments incorrectly handled parsing certain files.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "198315",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005953.html\" TARGET=\"_blank\">USN-4897-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/pygments/2.3.1+dfsg-1ubuntu2.2\" TARGET=\"_blank\">USN-4897-1: 20.04 (focal) on src (python3-pygments)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/pygments/2.1+dfsg-1ubuntu0.2\" TARGET=\"_blank\">USN-4897-1: 16.04 (Xenial) on src (python-pygments)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/pygments/2.3.1+dfsg-1ubuntu2.2\" TARGET=\"_blank\">USN-4897-1: 20.04 (focal) on src (python-pygments)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/pygments/2.3.1+dfsg-4ubuntu0.2\" TARGET=\"_blank\">USN-4897-1: 20.10 (groovy) on src (python3-pygments)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/pygments/2.1+dfsg-1ubuntu0.2\" TARGET=\"_blank\">USN-4897-1: 16.04 (Xenial) on src (python3-pygments)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/pygments/2.2.0+dfsg-1ubuntu0.2\" TARGET=\"_blank\">USN-4897-1: 18.04 (bionic) on src (python-pygments)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/pygments/2.2.0+dfsg-1ubuntu0.2\" TARGET=\"_blank\">USN-4897-1: 18.04 (bionic) on src (python3-pygments)</A>",

"TITLE": "Ubuntu Security Notification for Pygments Vulnerability (USN-4897-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4897-1",

"URL": "https://usn.ubuntu.com/4897-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-22876)<P> A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890)<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-22876",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876"

},

{

"ID": "CVE-2021-22890",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890"

}

]

},

"DIAGNOSIS": "<P> It was discovered that curl did not strip off user credentials from referrer header fields.\n<P> It was discovered that curl incorrectly handled session tickets when using an HTTPS proxy.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "198316",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005955.html\" TARGET=\"_blank\">USN-4898-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5\" TARGET=\"_blank\">USN-4898-1: 20.04 (focal) on src (libcurl3-gnutls)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5\" TARGET=\"_blank\">USN-4898-1: 20.04 (focal) on src (curl)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13\" TARGET=\"_blank\">USN-4898-1: 18.04 (bionic) on src (libcurl3-nss)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13\" TARGET=\"_blank\">USN-4898-1: 18.04 (bionic) on src (libcurl4)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3\" TARGET=\"_blank\">USN-4898-1: 20.10 (groovy) on src (libcurl3-nss)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5\" TARGET=\"_blank\">USN-4898-1: 20.04 (focal) on src (libcurl3-nss)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3\" TARGET=\"_blank\">USN-4898-1: 20.10 (groovy) on src (libcurl3-gnutls)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3\" TARGET=\"_blank\">USN-4898-1: 20.10 (groovy) on src (curl)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19\" TARGET=\"_blank\">USN-4898-1: 16.04 (Xenial) on src (libcurl3)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13\" TARGET=\"_blank\">USN-4898-1: 18.04 (bionic) on src (curl)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19\" TARGET=\"_blank\">USN-4898-1: 16.04 (Xenial) on src (libcurl3-nss)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19\" TARGET=\"_blank\">USN-4898-1: 16.04 (Xenial) on src (curl)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5\" TARGET=\"_blank\">USN-4898-1: 20.04 (focal) on src (libcurl4)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3\" TARGET=\"_blank\">USN-4898-1: 20.10 (groovy) on src (libcurl4)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13\" TARGET=\"_blank\">USN-4898-1: 18.04 (bionic) on src (libcurl3-gnutls)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19\" TARGET=\"_blank\">USN-4898-1: 16.04 (Xenial) on src (libcurl3-gnutls)</A>",

"TITLE": "Ubuntu Security Notification for Curl Vulnerabilities (USN-4898-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4898-1",

"URL": "https://usn.ubuntu.com/4898-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code.<P>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-1946",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1946"

}

},

"DIAGNOSIS": "<P> It was discovered that SpamAssassin incorrectly handled certain CF files.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "198317",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "None",

"VENDOR": "ubuntu"

},

{

"PRODUCT": "spamassassin",

"VENDOR": "ubuntu"

}

]

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-April/005956.html\" TARGET=\"_blank\">USN-4899-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.16.04.5\" TARGET=\"_blank\">USN-4899-1: 16.04 (Xenial) on src (spamassassin)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/spamassassin/3.4.4-1ubuntu1.1\" TARGET=\"_blank\">USN-4899-1: 20.04 (focal) on src (spamassassin)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.18.04.5\" TARGET=\"_blank\">USN-4899-1: 18.04 (bionic) on src (spamassassin)</A>",

"TITLE": "Ubuntu Security Notification for Spamassassin Vulnerability (USN-4899-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4899-1",

"URL": "https://usn.ubuntu.com/4899-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-3474",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3474"

},

{

"ID": "CVE-2021-3475",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3475"

},

{

"ID": "CVE-2021-3476",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3476"

},

{

"ID": "CVE-2021-3477",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3477"

},

{

"ID": "CVE-2021-3478",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3478"

},

{

"ID": "CVE-2021-3479",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3479"

}

]

},

"DIAGNOSIS": "<P> It was discovered that OpenEXR incorrectly handled certain malformed EXR image files.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-06T12:45:16Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-06T12:45:16Z",

"QID": "198318",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "None",

"VENDOR": "ubuntu"

},

{

"PRODUCT": "openexr",

"VENDOR": "ubuntu"

}

]

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-April/005957.html\" TARGET=\"_blank\">USN-4900-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.5\" TARGET=\"_blank\">USN-4900-1: 20.04 (focal) on src (libopenexr24)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.6\" TARGET=\"_blank\">USN-4900-1: 18.04 (bionic) on src (openexr)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/openexr/2.5.3-2ubuntu0.2\" TARGET=\"_blank\">USN-4900-1: 20.10 (groovy) on src (openexr)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/openexr/2.5.3-2ubuntu0.2\" TARGET=\"_blank\">USN-4900-1: 20.10 (groovy) on src (libopenexr25)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.6\" TARGET=\"_blank\">USN-4900-1: 16.04 (Xenial) on src (libopenexr22)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.6\" TARGET=\"_blank\">USN-4900-1: 16.04 (Xenial) on src (openexr)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.5\" TARGET=\"_blank\">USN-4900-1: 20.04 (focal) on src (openexr)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.6\" TARGET=\"_blank\">USN-4900-1: 18.04 (bionic) on src (libopenexr22)</A>",

"TITLE": "Ubuntu Security Notification for Openexr Vulnerabilities (USN-4900-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4900-1",

"URL": "https://usn.ubuntu.com/4900-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8161)<P> An attacker could possibly use this issue to forge a secure cookie. (CVE-2020-8184)<P>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-8161",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161"

},

{

"ID": "CVE-2020-8184",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184"

}

]

},

"DIAGNOSIS": "<P> USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10.\n<P> Original advisory details:\n<P> It was discovered that Rack incorrectly handled certain paths.\n<P> It was discovered that Rack incorrectly validated cookies.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "198319",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "ruby-rack",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-April/005958.html\" TARGET=\"_blank\">USN-4561-2</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/ruby-rack/1.6.4-3ubuntu0.2\" TARGET=\"_blank\">USN-4561-2: 16.04 (Xenial) on src (ruby-rack)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/ruby-rack/2.1.1-5ubuntu0.1\" TARGET=\"_blank\">USN-4561-2: 20.10 (groovy) on src (ruby-rack)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/ruby-rack/2.0.7-2ubuntu0.1\" TARGET=\"_blank\">USN-4561-2: 20.04 (focal) on src (ruby-rack)</A>",

"TITLE": "Ubuntu Security Notification for Ruby-rack Vulnerabilities (USN-4561-2)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4561-2",

"URL": "https://usn.ubuntu.com/4561-2/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "<P> A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.<P>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-28658",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28658"

}

},

"DIAGNOSIS": "<P> It was discovered that Django incorrectly handled certain filenames.\n<P>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "198320",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "python-django",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory <A HREF=\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-April/005959.html\" TARGET=\"_blank\">USN-4902-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.12\" TARGET=\"_blank\">USN-4902-1: 18.04 (bionic) on src (python-django)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.15\" TARGET=\"_blank\">USN-4902-1: 16.04 (Xenial) on src (python3-django)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/python-django/2:2.2.16-1ubuntu0.3\" TARGET=\"_blank\">USN-4902-1: 20.10 (groovy) on src (python3-django)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.5\" TARGET=\"_blank\">USN-4902-1: 20.04 (focal) on src (python3-django)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.12\" TARGET=\"_blank\">USN-4902-1: 18.04 (bionic) on src (python3-django)</A><P> <A HREF=\"https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.15\" TARGET=\"_blank\">USN-4902-1: 16.04 (Xenial) on src (python-django)</A>",

"TITLE": "Ubuntu Security Notification for Python-django Vulnerability (USN-4902-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4902-1",

"URL": "https://usn.ubuntu.com/4902-1/"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "A remote attacker could use this issue to cause Nettle to crash, resulting\nin a denial of service, or possibly force invalid signatures<br/><br/>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20305",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305"

}

},

"DIAGNOSIS": "Nettle incorrectly handled signature verification<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-26T12:32:51Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "198322",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "nettle",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory: <A HREF=\"https://usn.ubuntu.com/4906-1\" TARGET=\"_blank\">USN-4906-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://usn.ubuntu.com/4906-1\" TARGET=\"_blank\">USN-4906-1: Ubuntu Linux</A>",

"TITLE": "Ubuntu Security Notification for Nettle vulnerability (USN-4906-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4906-1",

"URL": "https://usn.ubuntu.com/4906-1"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "A\nlocal attacker could use this to cause a denial of service (CVE-2015-1350)<br/> A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code\n(CVE-2017-16644)<br/> A\nlocal attacker could use this to expose sensitive information\n(CVE-2017-5967)<br/> An\nattacker could use this to construct a malicious xfs image that, when\nmounted, could cause a denial of service (system crash) (CVE-2018-13095)<br/> A local attacker could use this to cause a denial\nof service (CVE-2019-16231)<br/> A local attacker could possibly use\nthis to cause a denial of service (CVE-2019-16232)<br/> A local\nattacker could use this to cause a denial of service (memory exhaustion)\n(CVE-2019-19061)<br/> An attacker with access to the floppy device could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code (CVE-2021-20261)<br/> An\nattacker in a guest VM could possibly use this to cause a denial of service\n(host domain crash) (CVE-2021-26930)<br/> An\nattacker in a guest VM could possibly use this to cause a denial of service\n(host domain crash) (CVE-2021-26931)<br/> An\nattacker in a guest VM could possibly use this to cause a denial of service\n(host domain crash) (CVE-2021-28038)",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2017-16644",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16644"

},

{

"ID": "CVE-2019-16231",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16231"

},

{

"ID": "CVE-2021-26930",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930"

},

{

"ID": "CVE-2021-28038",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28038"

},

{

"ID": "CVE-2019-19061",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19061"

},

{

"ID": "CVE-2021-26931",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931"

},

{

"ID": "CVE-2017-5967",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5967"

},

{

"ID": "CVE-2015-1350",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1350"

},

{

"ID": "CVE-2019-16232",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16232"

},

{

"ID": "CVE-2021-20261",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20261"

},

{

"ID": "CVE-2018-13095",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13095"

}

]

},

"DIAGNOSIS": "The linux kernel would strip extended privilege \nattributes of files when performing a failed unprivileged system call<br/>The video4linux driver for hauppauge hd \npvr usb devices in the linux kernel did not properly handle some error \nconditions<br/>The timer stats implementation in the linux kernel \nallowed the discovery of a real pid value while inside a pid namespace<br/>The xfs file system implementation in the linux \nkernel did not properly validate the number of extents in an inode<br/>The fujitsu es network device driver for the linux \nkernel did not properly check for errors in some situations, leading to a \nnull pointer dereference<br/>The marvell 8xxx libertas wlan device driver in the \nlinux kernel did not properly check for errors in certain situations, \nleading to a null pointer dereference<br/>The adis16400 iio imu driver for the linux kernel \ndid not properly deallocate memory in certain error conditions<br/>A race condition existed in the floppy device driver \nin the linux kernel<br/>The xen paravirtualization bckend in the linux kernel did \nnot properly propagate errors to frontend drivers in some situations<br/>Multiple xen backends in the linux kernel did \nnot properly handle certain error conditions under paravirtualization<br/>The xen netback backend in the linux kernel did \nnot properly handle certain error conditions under paravirtualization<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-26T12:32:51Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "198323",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "linux",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory: <A HREF=\"https://usn.ubuntu.com/4904-1\" TARGET=\"_blank\">USN-4904-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://usn.ubuntu.com/4904-1\" TARGET=\"_blank\">USN-4904-1: Ubuntu Linux</A>",

"TITLE": "Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4904-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4904-1",

"URL": "https://usn.ubuntu.com/4904-1"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "A local attacker could\nuse this to cause a denial of service (system crash) (CVE-2020-25639)<br/> An\nattacker in a guest VM could possibly use this to cause a denial of service\n(host domain crash) (CVE-2021-28038)<br/> A local\nattacker could possibly use this to gain elevated privileges\n(CVE-2021-28375)<br/> A\nlocal attacker could possibly use this to cause a denial of service\n(CVE-2021-28950)<br/>",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-25639",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25639"

},

{

"ID": "CVE-2021-28375",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28375"

},

{

"ID": "CVE-2021-28950",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950"

},

{

"ID": "CVE-2021-28038",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28038"

}

]

},

"DIAGNOSIS": "The nouveau gpu driver in the linux kernel did not \nproperly handle error conditions in some situations<br/>The xen netback backend in the linux kernel did \nnot properly handle certain error conditions under paravirtualization<br/>The fastrpc driver in the linux kernel did not \nprevent user space applications from sending kernel rpc messages<br/>The fuse user space file system implementation in \nthe linux kernel did not properly handle bad inodes in some situations<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-26T12:32:51Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "198327",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "linux",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory: <A HREF=\"https://usn.ubuntu.com/4911-1\" TARGET=\"_blank\">USN-4911-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://usn.ubuntu.com/4911-1\" TARGET=\"_blank\">USN-4911-1: Ubuntu Linux</A>",

"TITLE": "Ubuntu Security Notification for Linux kernel (OEM) vulnerabilities (USN-4911-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4911-1",

"URL": "https://usn.ubuntu.com/4911-1"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Ubuntu",

"CONSEQUENCE": "A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code (CVE-2021-29154)<br/> A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code (CVE-2020-0423)<br/> A\nphysically proximate attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code (CVE-2020-0465)<br/> A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code (CVE-2020-0466)<br/> An attacker\nwith access to the perf subsystem could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code (CVE-2020-14351)<br/> A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code (CVE-2020-14390)<br/> A privileged attacker could use this to\ncause a denial of service (system crash) (CVE-2020-25285)<br/> An attacker could use this to expose sensitive information\n(unencrypted network traffic) (CVE-2020-25645)<br/> A local attacker could use this to cause a denial of service\n(system crash) (CVE-2020-27830)<br/> A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code (CVE-2020-36158)<br/> A local\nattacker could possibly use this to cause a denial of service (system\ncrash) (CVE-2021-20194)<br/> A privileged\nattacker could use this to cause a denial of service (system crash) or\npossibly expose sensitive information (CVE-2021-3411)<br/> An attacker could possibly use this to bypass NFS access\nrestrictions (CVE-2021-3178)",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-3178",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3178"

},

{

"ID": "CVE-2020-27830",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27830"

},

{

"ID": "CVE-2020-25285",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25285"

},

{

"ID": "CVE-2021-3411",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3411"

},

{

"ID": "CVE-2020-0423",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0423"

},

{

"ID": "CVE-2020-14390",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14390"

},

{

"ID": "CVE-2020-25645",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25645"

},

{

"ID": "CVE-2021-20194",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20194"

},

{

"ID": "CVE-2020-36158",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36158"

},

{

"ID": "CVE-2020-0465",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0465"

},

{

"ID": "CVE-2020-0466",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0466"

},

{

"ID": "CVE-2020-25669",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25669"

},

{

"ID": "CVE-2021-29154",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154"

},

{

"ID": "CVE-2020-14351",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14351"

}

]

},

"DIAGNOSIS": "The bpf jit compiler for x86 in the linux \nkernel did not properly validate computation of branch displacements in \nsome situations<br/>A race condition existed in the binder ipc \nimplementation in the linux kernel, leading to a use-after-free \nvulnerability<br/>The hid multitouch implementation within the linux \nkernel did not properly validate input events in some situations<br/>The eventpoll (aka epoll) implementation in the \nlinux kernel contained a logic error that could lead to a use after free \nvulnerability<br/>A race condition existed in the perf subsystem of \nthe linux kernel, leading to a use-after-free vulnerability<br/>The frame buffer implementation in the linux kernel \ndid not properly handle some edge cases in software scrollback<br/>A race condition existed in the hugetlb sysctl \nimplementation in the linux kernel<br/>The geneve tunnel implementation in the linux kernel \nwhen combined with ipsec did not properly select ip routes in some \nsituations<br/>Speakup screen reader driver in \nthe linux kernel did not correctly handle setting line discipline in some \nsituations<br/>The marvell wifi-ex device driver in the linux \nkernel did not properly validate ad-hoc ssids<br/>The bpf implementation in the linux kernel did \nnot properly validate attributes in the getsockopt bpf hook<br/>The kprobes subsystem in the linux kernel did \nnot properly detect linker padding in some situations<br/>The nfs implementation in the linux kernel did not \nproperly prevent access outside of an nfs export that is a subdirectory of \na file system<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-26T12:32:51Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "198328",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "linux",

"VENDOR": "ubuntu"

}

},

"SOLUTION": "Refer to Ubuntu advisory: <A HREF=\"https://usn.ubuntu.com/4912-1\" TARGET=\"_blank\">USN-4912-1</A> for affected packages and patching details, or update with your package manager.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://usn.ubuntu.com/4912-1\" TARGET=\"_blank\">USN-4912-1: Ubuntu Linux</A>",

"TITLE": "Ubuntu Security Notification for Linux kernel (OEM) vulnerabilities (USN-4912-1)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "USN-4912-1",

"URL": "https://usn.ubuntu.com/4912-1"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CORRELATION": {

"EXPLOITS": {

"EXPLT_SRC": {

"EXPLT_LIST": {

"EXPLT": {

"DESC": "MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution - The Exploit-DB Ref : 49765",

"LINK": "http://www.exploit-db.com/exploits/49765",

"REF": "CVE-2021-27928"

}

},

"SRC_NAME": "The Exploit-DB"

}

}

},

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-27928",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27928"

}

},

"DIAGNOSIS": "MariaDB is a community developed branch of MySQL.MariaDB is a multi-user, multi-threaded SQL database server.<P>Security Fix(es): writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user (CVE-2021-27928)<P>Affected Products: <br/><br/>Red Hat OpenStack 13 x86_64<br/>Red Hat OpenStack for IBM Power 13 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available, Exploit Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:29Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:29Z",

"QID": "239178",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1039\" TARGET=\"_blank\">RHSA-2021:1039</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1039?language=en\" TARGET=\"_blank\">RHSA-2021:1039: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for mariadb (RHSA-2021:1039)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1039",

"URL": "https://access.redhat.com/errata/RHSA-2021:1039?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-10543",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543"

},

{

"ID": "CVE-2020-10878",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878"

},

{

"ID": "CVE-2020-12723",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12723"

}

]

},

"DIAGNOSIS": "Perl is a high-level programming language that is commonly used for system administration utilities and web programming.<P>Security Fix(es): perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)\n perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)\n perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk()<br/>calls leads to DoS (CVE-2020-12723)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x<br/>Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64<br/>Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64<br/>Red Hat Enterprise Linux Server - AUS 7.7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 7.7 x86_64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:29Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:29Z",

"QID": "239179",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1032\" TARGET=\"_blank\">RHSA-2021:1032</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1032?language=en\" TARGET=\"_blank\">RHSA-2021:1032: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for perl (RHSA-2021:1032)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1032",

"URL": "https://access.redhat.com/errata/RHSA-2021:1032?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-29661",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29661"

}

},

"DIAGNOSIS": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.<P>Security Fix(es): kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64<br/>Red Hat Enterprise Linux Server - AUS 7.7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 7.7 x86_64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239180",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1031\" TARGET=\"_blank\">RHSA-2021:1031</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1031?language=en\" TARGET=\"_blank\">RHSA-2021:1031: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for kpatch-patch (RHSA-2021:1031)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1031",

"URL": "https://access.redhat.com/errata/RHSA-2021:1031?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2019-17563",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563"

},

{

"ID": "CVE-2020-1935",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935"

}

]

},

"DIAGNOSIS": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP)<br/>technologies.<P>Security Fix(es): tomcat: Session fixation when using FORM authentication (CVE-2019-17563)\n tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64<br/>Red Hat Enterprise Linux Server - AUS 7.7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x<br/>Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64<br/>Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 7.7 x86_64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239181",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1030\" TARGET=\"_blank\">RHSA-2021:1030</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1030?language=en\" TARGET=\"_blank\">RHSA-2021:1030: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for tomcat (RHSA-2021:1030)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1030",

"URL": "https://access.redhat.com/errata/RHSA-2021:1030?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-14351",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14351"

},

{

"ID": "CVE-2020-29661",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29661"

}

]

},

"DIAGNOSIS": "The kernel packages contain the Linux kernel, the core of any Linux operating system.<P>Security Fix(es): kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n kernel: performance counters race condition use-after-free (CVE-2020-14351)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64<br/>Red Hat Enterprise Linux Server - AUS 7.7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x<br/>Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64<br/>Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 7.7 x86_64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239182",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "enterprise_linux",

"VENDOR": "redhat"

},

{

"PRODUCT": "None",

"VENDOR": "redhat"

}

]

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1028\" TARGET=\"_blank\">RHSA-2021:1028</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1028?language=en\" TARGET=\"_blank\">RHSA-2021:1028: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for kernel (RHSA-2021:1028)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1028",

"URL": "https://access.redhat.com/errata/RHSA-2021:1028?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2019-5482",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482"

}

},

"DIAGNOSIS": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.<P>Security Fix(es): curl: heap buffer overflow in function tftp_receive_packet()<br/>(CVE-2019-5482)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64<br/>Red Hat Enterprise Linux Server - AUS 7.7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x<br/>Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64<br/>Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 7.7 x86_64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239183",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1027\" TARGET=\"_blank\">RHSA-2021:1027</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1027?language=en\" TARGET=\"_blank\">RHSA-2021:1027: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for curl (RHSA-2021:1027)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1027",

"URL": "https://access.redhat.com/errata/RHSA-2021:1027?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2019-11756",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756"

},

{

"ID": "CVE-2019-17006",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"

},

{

"ID": "CVE-2020-12403",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12403"

}

]

},

"DIAGNOSIS": "The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.<P>Security Fix(es): nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)\n nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)\n nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64<br/>Red Hat Enterprise Linux Server - AUS 7.7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x<br/>Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64<br/>Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 7.7 x86_64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239184",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1026\" TARGET=\"_blank\">RHSA-2021:1026</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1026?language=en\" TARGET=\"_blank\">RHSA-2021:1026: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for nss-softokn (RHSA-2021:1026)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1026",

"URL": "https://access.redhat.com/errata/RHSA-2021:1026?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-3449",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449"

},

{

"ID": "CVE-2021-3450",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450"

}

]

},

"DIAGNOSIS": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)<br/>and Transport Layer Security (TLS)<br/>protocols, as well as a full-strength general-purpose cryptography library.<P>Security Fix(es): openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 8 s390x<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T20:05:45Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239185",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1024\" TARGET=\"_blank\">RHSA-2021:1024</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1024?language=en\" TARGET=\"_blank\">RHSA-2021:1024: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2021:1024)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1024",

"URL": "https://access.redhat.com/errata/RHSA-2021:1024?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-21381",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21381"

}

},

"DIAGNOSIS": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.<P>Security Fix(es): flatpak: &quot;file forwarding&quot; feature can be used to gain unprivileged access to files (CVE-2021-21381)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux Server 7 x86_64<br/>Red Hat Enterprise Linux Workstation 7 x86_64<br/>Red Hat Enterprise Linux Desktop 7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 7 s390x<br/>Red Hat Enterprise Linux for Power, big endian 7 ppc64<br/>Red Hat Enterprise Linux for Scientific Computing 7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian 7 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239186",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1002\" TARGET=\"_blank\">RHSA-2021:1002</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1002?language=en\" TARGET=\"_blank\">RHSA-2021:1002: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for flatpak (RHSA-2021:1002)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1002",

"URL": "https://access.redhat.com/errata/RHSA-2021:1002?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.9.0.<P>Security Fix(es): Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)\n Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)\n Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)\n Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux Server 7 x86_64<br/>Red Hat Enterprise Linux Workstation 7 x86_64<br/>Red Hat Enterprise Linux Desktop 7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian 7 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239187",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0996\" TARGET=\"_blank\">RHSA-2021:0996</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0996?language=en\" TARGET=\"_blank\">RHSA-2021:0996: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for thunderbird (RHSA-2021:0996)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0996",

"URL": "https://access.redhat.com/errata/RHSA-2021:0996?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.9.0.<P>Security Fix(es): Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)\n Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)\n Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)\n Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239188",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0995\" TARGET=\"_blank\">RHSA-2021:0995</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0995?language=en\" TARGET=\"_blank\">RHSA-2021:0995: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for thunderbird (RHSA-2021:0995)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0995",

"URL": "https://access.redhat.com/errata/RHSA-2021:0995?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.9.0.<P>Security Fix(es): Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)\n Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)\n Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)\n Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64<br/>Red Hat Enterprise Linux Server - AUS 8.2 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 8.2 x86_64<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239189",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0994\" TARGET=\"_blank\">RHSA-2021:0994</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0994?language=en\" TARGET=\"_blank\">RHSA-2021:0994: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for thunderbird (RHSA-2021:0994)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0994",

"URL": "https://access.redhat.com/errata/RHSA-2021:0994?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.9.0.<P>Security Fix(es): Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)\n Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)\n Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)\n Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239190",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0993\" TARGET=\"_blank\">RHSA-2021:0993</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0993?language=en\" TARGET=\"_blank\">RHSA-2021:0993: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for thunderbird (RHSA-2021:0993)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0993",

"URL": "https://access.redhat.com/errata/RHSA-2021:0993?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 78.9.0 ESR.<P>Security Fix(es): Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)\n Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)\n Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)\n Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux Server 7 x86_64<br/>Red Hat Enterprise Linux Workstation 7 x86_64<br/>Red Hat Enterprise Linux Desktop 7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 7 s390x<br/>Red Hat Enterprise Linux for Power, big endian 7 ppc64<br/>Red Hat Enterprise Linux for Power, little endian 7 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239191",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0992\" TARGET=\"_blank\">RHSA-2021:0992</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0992?language=en\" TARGET=\"_blank\">RHSA-2021:0992: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for firefox (RHSA-2021:0992)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0992",

"URL": "https://access.redhat.com/errata/RHSA-2021:0992?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 78.9.0 ESR.<P>Security Fix(es): Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)\n Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)\n Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)\n Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239192",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0991\" TARGET=\"_blank\">RHSA-2021:0991</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0991?language=en\" TARGET=\"_blank\">RHSA-2021:0991: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for firefox (RHSA-2021:0991)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0991",

"URL": "https://access.redhat.com/errata/RHSA-2021:0991?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 78.9.0 ESR.<P>Security Fix(es): Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)\n Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)\n Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)\n Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 8 s390x<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239193",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0990\" TARGET=\"_blank\">RHSA-2021:0990</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0990?language=en\" TARGET=\"_blank\">RHSA-2021:0990: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for firefox (RHSA-2021:0990)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0990",

"URL": "https://access.redhat.com/errata/RHSA-2021:0990?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23981",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"

},

{

"ID": "CVE-2021-23982",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"

},

{

"ID": "CVE-2021-23984",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"

},

{

"ID": "CVE-2021-23987",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"

}

]

},

"DIAGNOSIS": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 78.9.0 ESR.<P>Security Fix(es): Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)\n Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)\n Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)\n Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64<br/>Red Hat Enterprise Linux Server - AUS 8.2 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 8.2 x86_64<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239194",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0989\" TARGET=\"_blank\">RHSA-2021:0989</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0989?language=en\" TARGET=\"_blank\">RHSA-2021:0989: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for firefox (RHSA-2021:0989)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0989",

"URL": "https://access.redhat.com/errata/RHSA-2021:0989?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2019-10146",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10146"

},

{

"ID": "CVE-2019-10179",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10179"

},

{

"ID": "CVE-2019-10221",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10221"

},

{

"ID": "CVE-2020-1721",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1721"

},

{

"ID": "CVE-2020-25715",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25715"

},

{

"ID": "CVE-2021-20179",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20179"

}

]

},

"DIAGNOSIS": "The Public Key Infrastructure (PKI)<br/>Core contains fundamental packages required by Red Hat Certificate System.<P>Security Fix(es): pki-core: Unprivileged users can renew any certificate (CVE-2021-20179)\n pki-core: XSS in the certificate search results (CVE-2020-25715)\n pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)\n pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)\n pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)\n pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x<br/>Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64<br/>Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64<br/>Red Hat Enterprise Linux Server - AUS 7.7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 7.7 x86_64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239195",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "certificate_system",

"VENDOR": "redhat"

},

{

"PRODUCT": "enterprise_linux",

"VENDOR": "redhat"

},

{

"PRODUCT": "None",

"VENDOR": "redhat"

}

]

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0975\" TARGET=\"_blank\">RHSA-2021:0975</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0975?language=en\" TARGET=\"_blank\">RHSA-2021:0975: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for pki-core (RHSA-2021:0975)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0975",

"URL": "https://access.redhat.com/errata/RHSA-2021:0975?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20179",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20179"

}

},

"DIAGNOSIS": "The Public Key Infrastructure (PKI)<br/>Core contains fundamental packages required by Red Hat Certificate System.<P>Security Fix(es): pki-core: Unprivileged users can renew any certificate (CVE-2021-20179)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 8 s390x<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239196",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "certificate_system",

"VENDOR": "redhat"

},

{

"PRODUCT": "enterprise_linux",

"VENDOR": "redhat"

},

{

"PRODUCT": "None",

"VENDOR": "redhat"

}

]

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0966\" TARGET=\"_blank\">RHSA-2021:0966</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0966?language=en\" TARGET=\"_blank\">RHSA-2021:0966: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for pki-core:10.6 (RHSA-2021:0966)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0966",

"URL": "https://access.redhat.com/errata/RHSA-2021:0966?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3114",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114"

}

},

"DIAGNOSIS": "Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.This advisory contains the RPM packages for Red Hat OpenShift ContainerPlatform 4.7.4. See the following advisory for the container images forthis release:https://access.redhat.com/errata/RHSA-2021:0957 All OpenShift Container Platform 4.7 users are advised to upgrade to theseupdated packages and images when they are available in the appropriaterelease channel. To check for available updates, use the OpenShift Consoleor the CLI oc command. Instructions for upgrading a cluster are availableathttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster between-minor.html#understanding-upgrade-channels_updating-cluster-between minor.\n<P>Security Fix(es): golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n<P>Affected Products: <br/><br/>Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64<br/>Red Hat OpenShift Container Platform 4.7 for RHEL 7 x86_64<br/>Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le<br/>Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239197",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0958\" TARGET=\"_blank\">RHSA-2021:0958</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0958?language=en\" TARGET=\"_blank\">RHSA-2021:0958: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for OpenShift Container Platform 4.7.4 (RHSA-2021:0958)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0958",

"URL": "https://access.redhat.com/errata/RHSA-2021:0958?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-15586",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586"

},

{

"ID": "CVE-2020-16845",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845"

}

]

},

"DIAGNOSIS": "ed Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.This advisory contains the RPM packages for Red Hat OpenShift ContainerPlatform 4.6.23. See the following advisory for the container images forthis release:https://access.redhat.com/errata/RHBA-2021:0952 All OpenShift Container Platform 4.6 users are advised to upgrade to theseupdated packages and images when they are available in the appropriaterelease channel. To check for available updates, use the OpenShift Consoleor the CLI oc command. Instructions for upgrading a cluster are availableathttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster between-minor.html#understanding-upgrade-channels_updating-cluster-between minor.\n<P>Security Fix(es): golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n<P>Affected Products: <br/><br/>Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64<br/>Red Hat OpenShift Container Platform 4.6 for RHEL 7 x86_64<br/>Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le<br/>Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239198",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0956\" TARGET=\"_blank\">RHSA-2021:0956</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0956?language=en\" TARGET=\"_blank\">RHSA-2021:0956: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for OpenShift Container Platform 4.6.23 (RHSA-2021:0956)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0956",

"URL": "https://access.redhat.com/errata/RHSA-2021:0956?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-27813",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27813"

}

},

"DIAGNOSIS": "Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.This advisory contains the RPM packages for Red Hat OpenShift ContainerPlatform 3.11.404. See the following advisory for the container images forthis release:https://access.redhat.com/errata/RHBA-2021:0832 This release fixes the following bugs: Previously, node upgrade playbooks scoped all nodes instead of just the nodes that are filtered by the `openshift_upgrade_nodes_label`. As a result, nodes that were not intended to be upgraded had yum excluders disabled but not reenabled. With this release, the initialization of the variable for filtering nodes to upgrade is moved to earlier in the play, and preconfiguration is scoped to the filtered list of nodes. As a result, only the nodes that are intended for upgrade have yum excluders disabled. (BZ#1917013)\n Previously, node-based facts, such as `l_kubelet_node_name`, were set late in the upgrade cycle, causing the fact to be undefined when referenced. With this release, node-based fact initialization happens earlier in the upgrade cycle so that facts are set prior to being referenced. (BZ#1933090)\n Previously, a bug fix in Ansible 2.9.10 changed the behavior of `delegate_to` for plays using `connection: local` with `hosts: localhost`. This change caused tasks that are intended for remote hosts to be executed locally. With this release, `connection: local` is removed for the affected play, and tasks intended for remote hosts are executed on the remote host. (BZ#1934136)\n<P>Security Fix(es): golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n<P>Affected Products: <br/><br/>Red Hat OpenShift Container Platform 3.11 x86_64<br/>Red Hat OpenShift Container Platform for Power 3.11 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239199",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0833\" TARGET=\"_blank\">RHSA-2021:0833</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0833?language=en\" TARGET=\"_blank\">RHSA-2021:0833: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for OpenShift Container Platform 3.11.404 (RHSA-2021:0833)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0833",

"URL": "https://access.redhat.com/errata/RHSA-2021:0833?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-15586",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586"

},

{

"ID": "CVE-2020-16845",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845"

}

]

},

"DIAGNOSIS": "Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.<P>Security Fix(es): golang: Data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n<P>Affected Products: <br/><br/>Red Hat OpenShift Container Platform 4.5 for RHEL 8 x86_64<br/>Red Hat OpenShift Container Platform 4.5 for RHEL 7 x86_64<br/>Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8 ppc64le<br/>Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7 ppc64le<br/>Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8 s390x<br/>Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7 s390x<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "239200",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0713\" TARGET=\"_blank\">RHSA-2021:0713</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:0713?language=en\" TARGET=\"_blank\">RHSA-2021:0713: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for OpenShift Container Platform 4.5.34 packages and (RHSA-2021:0713)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:0713",

"URL": "https://access.redhat.com/errata/RHSA-2021:0713?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3449",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449"

}

},

"DIAGNOSIS": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)<br/>and Transport Layer Security (TLS)<br/>protocols, as well as a full-strength general-purpose cryptography library.<P>Security Fix(es): openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T20:03:44Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239201",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1131\" TARGET=\"_blank\">RHSA-2021:1131</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1131?language=en\" TARGET=\"_blank\">RHSA-2021:1131: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2021:1131)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1131",

"URL": "https://access.redhat.com/errata/RHSA-2021:1131?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-0466",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0466"

},

{

"ID": "CVE-2020-27152",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27152"

},

{

"ID": "CVE-2020-28374",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374"

},

{

"ID": "CVE-2021-3347",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3347"

},

{

"ID": "CVE-2021-26708",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26708"

},

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

}

]

},

"DIAGNOSIS": "The kernel packages contain the Linux kernel, the core of any Linux operating system.<P>Security Fix(es): kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n kernel: SCSI target (LIO)<br/>write to any block on ILO backstore (CVE-2020-28374)\n kernel: Use after free via PI futex state (CVE-2021-3347)\n kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708)\n kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n Kernel: KVM: host stack overflow due to lazy update IOAPIC (CVE-2020-27152)\n kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 8 s390x<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/>Red Hat CodeReady Linux Builder for x86_64 8 x86_64<br/>Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le<br/>Red Hat CodeReady Linux Builder for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239202",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1093\" TARGET=\"_blank\">RHSA-2021:1093</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1093?language=en\" TARGET=\"_blank\">RHSA-2021:1093: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for kernel (RHSA-2021:1093)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1093",

"URL": "https://access.redhat.com/errata/RHSA-2021:1093?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-35518",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518"

}

},

"DIAGNOSIS": "389 Directory Server is an LDAP version 3 (LDAPv3)<br/>compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP)<br/>server and command-line utilities for server administration. <P>Security Fix(es): 389-ds-base: information disclosure during the binding of a DN (CVE-2020-35518)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 8 s390x<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239203",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "directory_server",

"VENDOR": "redhat"

},

{

"PRODUCT": "389_directory_server",

"VENDOR": "redhat"

},

{

"PRODUCT": "enterprise_linux",

"VENDOR": "redhat"

},

{

"PRODUCT": "None",

"VENDOR": "redhat"

}

]

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1086\" TARGET=\"_blank\">RHSA-2021:1086</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1086?language=en\" TARGET=\"_blank\">RHSA-2021:1086: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for 389-ds:1.4 (RHSA-2021:1086)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1086",

"URL": "https://access.redhat.com/errata/RHSA-2021:1086?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2020-0466",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0466"

},

{

"ID": "CVE-2020-27152",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27152"

},

{

"ID": "CVE-2020-28374",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374"

},

{

"ID": "CVE-2021-3347",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3347"

},

{

"ID": "CVE-2021-26708",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26708"

},

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

}

]

},

"DIAGNOSIS": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.<P>Security Fix(es): kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n kernel: SCSI target (LIO)<br/>write to any block on ILO backstore (CVE-2020-28374)\n kernel: Use after free via PI futex state (CVE-2021-3347)\n kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708)\n kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n Kernel: KVM: host stack overflow due to lazy update IOAPIC (CVE-2020-27152)\n kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for Real Time 8 x86_64<br/>Red Hat Enterprise Linux for Real Time for NFV 8 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239204",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1081\" TARGET=\"_blank\">RHSA-2021:1081</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1081?language=en\" TARGET=\"_blank\">RHSA-2021:1081: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for kernel-rt (RHSA-2021:1081)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1081",

"URL": "https://access.redhat.com/errata/RHSA-2021:1081?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-21381",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21381"

}

},

"DIAGNOSIS": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.<P>Security Fix(es): flatpak: &quot;file forwarding&quot; feature can be used to gain unprivileged access to files (CVE-2021-21381)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239205",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1074\" TARGET=\"_blank\">RHSA-2021:1074</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1074?language=en\" TARGET=\"_blank\">RHSA-2021:1074: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for flatpak (RHSA-2021:1074)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1074",

"URL": "https://access.redhat.com/errata/RHSA-2021:1074?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-21381",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21381"

}

},

"DIAGNOSIS": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.<P>Security Fix(es): flatpak: &quot;file forwarding&quot; feature can be used to gain unprivileged access to files (CVE-2021-21381)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64<br/>Red Hat Enterprise Linux Server - AUS 8.2 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 8.2 x86_64<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239206",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1073\" TARGET=\"_blank\">RHSA-2021:1073</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1073?language=en\" TARGET=\"_blank\">RHSA-2021:1073: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for flatpak (RHSA-2021:1073)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1073",

"URL": "https://access.redhat.com/errata/RHSA-2021:1073?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20277",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277"

}

},

"DIAGNOSIS": "The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases.<P>Security Fix(es): samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux Server 7 x86_64<br/>Red Hat Enterprise Linux Workstation 7 x86_64<br/>Red Hat Enterprise Linux Desktop 7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 7 s390x<br/>Red Hat Enterprise Linux for Power, big endian 7 ppc64<br/>Red Hat Enterprise Linux for Scientific Computing 7 x86_64<br/>Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian 7 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239207",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1072\" TARGET=\"_blank\">RHSA-2021:1072</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1072?language=en\" TARGET=\"_blank\">RHSA-2021:1072: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for libldb (RHSA-2021:1072)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1072",

"URL": "https://access.redhat.com/errata/RHSA-2021:1072?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

}

]

},

"DIAGNOSIS": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.<P>Security Fix(es): kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for Real Time 7 x86_64<br/>Red Hat Enterprise Linux for Real Time for NFV 7 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239208",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1070\" TARGET=\"_blank\">RHSA-2021:1070</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1070?language=en\" TARGET=\"_blank\">RHSA-2021:1070: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for kernel-rt (RHSA-2021:1070)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1070",

"URL": "https://access.redhat.com/errata/RHSA-2021:1070?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

}

]

},

"DIAGNOSIS": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.<P>Security Fix(es): kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux Server 7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian 7 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239209",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1069\" TARGET=\"_blank\">RHSA-2021:1069</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1069?language=en\" TARGET=\"_blank\">RHSA-2021:1069: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for kpatch-patch (RHSA-2021:1069)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1069",

"URL": "https://access.redhat.com/errata/RHSA-2021:1069?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-21381",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21381"

}

},

"DIAGNOSIS": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.<P>Security Fix(es): flatpak: &quot;file forwarding&quot; feature can be used to gain unprivileged access to files (CVE-2021-21381)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 8 s390x<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239210",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1068\" TARGET=\"_blank\">RHSA-2021:1068</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1068?language=en\" TARGET=\"_blank\">RHSA-2021:1068: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for flatpak (RHSA-2021:1068)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1068",

"URL": "https://access.redhat.com/errata/RHSA-2021:1068?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20295",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20295"

}

},

"DIAGNOSIS": "Kernel-based Virtual Machine (KVM)<br/>offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.<P>Security Fix(es): QEMU: Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3 (CVE-2021-20295)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 8 s390x<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/>Red Hat CodeReady Linux Builder for x86_64 8 x86_64<br/>Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le<br/>Red Hat CodeReady Linux Builder for ARM 64 8 aarch64<br/>Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239211",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1064\" TARGET=\"_blank\">RHSA-2021:1064</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1064?language=en\" TARGET=\"_blank\">RHSA-2021:1064: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2021:1064)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1064",

"URL": "https://access.redhat.com/errata/RHSA-2021:1064?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-3121",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121"

}

},

"DIAGNOSIS": "Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.This advisory contains the RPM packages for Red Hat OpenShift ContainerPlatform 4.7.5. See the following advisory for the container images forthis release:https://access.redhat.com/errata/RHSA-2021:1005 All OpenShift Container Platform 4.7 users are advised to upgrade to theseupdated packages and images when they are available in the appropriaterelease channel. To check for available updates, use the OpenShift Consoleor the CLI oc command. Instructions for upgrading a cluster are availableathttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor <P>Security Fix(es): gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n<P>Affected Products: <br/><br/>Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64<br/>Red Hat OpenShift Container Platform 4.7 for RHEL 7 x86_64<br/>Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le<br/>Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "239212",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1006\" TARGET=\"_blank\">RHSA-2021:1006</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1006?language=en\" TARGET=\"_blank\">RHSA-2021:1006: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for OpenShift Container Platform 4.7.5 (RHSA-2021:1006)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1006",

"URL": "https://access.redhat.com/errata/RHSA-2021:1006?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

}

]

},

"DIAGNOSIS": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.<P>Security Fix(es): kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "239213",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1173\" TARGET=\"_blank\">RHSA-2021:1173</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1173?language=en\" TARGET=\"_blank\">RHSA-2021:1173: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for kpatch-patch (RHSA-2021:1173)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1173",

"URL": "https://access.redhat.com/errata/RHSA-2021:1173?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

}

]

},

"DIAGNOSIS": "The kernel packages contain the Linux kernel, the core of any Linux operating system.<P>Security Fix(es): kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64<br/>Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.1 x86_64<br/>Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.1 ppc64le<br/>Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.1 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "239214",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1171\" TARGET=\"_blank\">RHSA-2021:1171</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1171?language=en\" TARGET=\"_blank\">RHSA-2021:1171: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for kernel (RHSA-2021:1171)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1171",

"URL": "https://access.redhat.com/errata/RHSA-2021:1171?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20305",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305"

}

},

"DIAGNOSIS": "Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.<P>Security Fix(es): nettle: Out of bounds memory access in signature verification (CVE-2021-20305)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux Server 7 x86_64<br/>Red Hat Enterprise Linux Workstation 7 x86_64<br/>Red Hat Enterprise Linux Desktop 7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 7 s390x<br/>Red Hat Enterprise Linux for Power, big endian 7 ppc64<br/>Red Hat Enterprise Linux for Scientific Computing 7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian 7 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "239215",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "enterprise_linux",

"VENDOR": "redhat"

},

{

"PRODUCT": "None",

"VENDOR": "redhat"

}

]

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1145\" TARGET=\"_blank\">RHSA-2021:1145</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1145?language=en\" TARGET=\"_blank\">RHSA-2021:1145: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for nettle (RHSA-2021:1145)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1145",

"URL": "https://access.redhat.com/errata/RHSA-2021:1145?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-25097",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25097"

}

},

"DIAGNOSIS": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.<P>Security Fix(es): squid: improper input validation may allow a trusted client to perform HTTP request smuggling (CVE-2020-25097)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux Server 7 x86_64<br/>Red Hat Enterprise Linux Workstation 7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 7 s390x<br/>Red Hat Enterprise Linux for Power, big endian 7 ppc64<br/>Red Hat Enterprise Linux for Power, little endian 7 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "239216",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1135\" TARGET=\"_blank\">RHSA-2021:1135</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1135?language=en\" TARGET=\"_blank\">RHSA-2021:1135: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for squid (RHSA-2021:1135)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1135",

"URL": "https://access.redhat.com/errata/RHSA-2021:1135?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

},

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

}

]

},

"DIAGNOSIS": "The kernel packages contain the Linux kernel, the core of any Linux operating system.<P>Security Fix(es): kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux Server 7 x86_64<br/>Red Hat Enterprise Linux Workstation 7 x86_64<br/>Red Hat Enterprise Linux Desktop 7 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 7 s390x<br/>Red Hat Enterprise Linux for Power, big endian 7 ppc64<br/>Red Hat Enterprise Linux for Scientific Computing 7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian 7 ppc64le<br/>Red Hat Virtualization Host 4 for RHEL 7 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "239217",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1071\" TARGET=\"_blank\">RHSA-2021:1071</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1071?language=en\" TARGET=\"_blank\">RHSA-2021:1071: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for kernel (RHSA-2021:1071)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1071",

"URL": "https://access.redhat.com/errata/RHSA-2021:1071?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20277",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277"

}

},

"DIAGNOSIS": "The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases.<P>Security Fix(es): samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "239218",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1214\" TARGET=\"_blank\">RHSA-2021:1214</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1214?language=en\" TARGET=\"_blank\">RHSA-2021:1214: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for libldb (RHSA-2021:1214)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1214",

"URL": "https://access.redhat.com/errata/RHSA-2021:1214?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20277",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277"

}

},

"DIAGNOSIS": "The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases.<P>Security Fix(es): samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64<br/>Red Hat Enterprise Linux Server - AUS 8.2 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 8.2 x86_64<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "239219",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1213\" TARGET=\"_blank\">RHSA-2021:1213</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1213?language=en\" TARGET=\"_blank\">RHSA-2021:1213: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for libldb (RHSA-2021:1213)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1213",

"URL": "https://access.redhat.com/errata/RHSA-2021:1213?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20305",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305"

}

},

"DIAGNOSIS": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS)<br/>library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.<P>Security Fix(es): nettle: Out of bounds memory access in signature verification (CVE-2021-20305)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 8 s390x<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "239220",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "enterprise_linux",

"VENDOR": "redhat"

},

{

"PRODUCT": "None",

"VENDOR": "redhat"

}

]

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1206\" TARGET=\"_blank\">RHSA-2021:1206</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1206?language=en\" TARGET=\"_blank\">RHSA-2021:1206: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for gnutls and nettle (RHSA-2021:1206)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1206",

"URL": "https://access.redhat.com/errata/RHSA-2021:1206?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23991",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991"

},

{

"ID": "CVE-2021-23992",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992"

},

{

"ID": "CVE-2021-23993",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993"

}

]

},

"DIAGNOSIS": "Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.9.1.<P>Security Fix(es): Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64<br/>Red Hat Enterprise Linux Server - AUS 8.2 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - TUS 8.2 x86_64<br/>Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "239221",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1201\" TARGET=\"_blank\">RHSA-2021:1201</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1201?language=en\" TARGET=\"_blank\">RHSA-2021:1201: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for thunderbird (RHSA-2021:1201)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1201",

"URL": "https://access.redhat.com/errata/RHSA-2021:1201?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20277",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277"

}

},

"DIAGNOSIS": "The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases.<P>Security Fix(es): samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for IBM z Systems 8 s390x<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "239222",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1197\" TARGET=\"_blank\">RHSA-2021:1197</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1197?language=en\" TARGET=\"_blank\">RHSA-2021:1197: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for libldb (RHSA-2021:1197)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1197",

"URL": "https://access.redhat.com/errata/RHSA-2021:1197?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23991",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991"

},

{

"ID": "CVE-2021-23992",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992"

},

{

"ID": "CVE-2021-23993",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993"

}

]

},

"DIAGNOSIS": "Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.9.1.<P>Security Fix(es): Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 8 x86_64<br/>Red Hat Enterprise Linux for Power, little endian 8 ppc64le<br/>Red Hat Enterprise Linux for ARM 64 8 aarch64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "239223",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1193\" TARGET=\"_blank\">RHSA-2021:1193</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1193?language=en\" TARGET=\"_blank\">RHSA-2021:1193: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for thunderbird (RHSA-2021:1193)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1193",

"URL": "https://access.redhat.com/errata/RHSA-2021:1193?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23991",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991"

},

{

"ID": "CVE-2021-23992",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992"

},

{

"ID": "CVE-2021-23993",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993"

}

]

},

"DIAGNOSIS": "Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.9.1.<P>Security Fix(es): Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux Server 7 x86_64<br/>Red Hat Enterprise Linux Workstation 7 x86_64<br/>Red Hat Enterprise Linux Desktop 7 x86_64<br/>Red Hat Enterprise Linux for Power, little endian 7 ppc64le<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "239224",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1192\" TARGET=\"_blank\">RHSA-2021:1192</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1192?language=en\" TARGET=\"_blank\">RHSA-2021:1192: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for thunderbird (RHSA-2021:1192)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1192",

"URL": "https://access.redhat.com/errata/RHSA-2021:1192?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "RedHat",

"CONSEQUENCE": "On successful exploitation, it could allow an attacker to execute code.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-23991",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991"

},

{

"ID": "CVE-2021-23992",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23992"

},

{

"ID": "CVE-2021-23993",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993"

}

]

},

"DIAGNOSIS": "Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.9.1.<P>Security Fix(es): Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n<P>Affected Products: <br/><br/>Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64<br/>Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le<br/>Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le<br/>Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "239225",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "redhat"

}

},

"SOLUTION": "Upgrade to the latest packages which contain a patch. Refer to <A HREF=\"https://access.redhat.com/articles/11258\" TARGET=\"_blank\">Applying Package Updates to RHEL system</A> for details.<P>\n Refer to Red Hat security advisory <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1190\" TARGET=\"_blank\">RHSA-2021:1190</A> to address this issue and obtain more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://access.redhat.com/errata/RHSA-2021:1190?language=en\" TARGET=\"_blank\">RHSA-2021:1190: Red Hat Enterprise Linux</A>",

"TITLE": "Red Hat Update for thunderbird (RHSA-2021:1190)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "RHSA-2021:1190",

"URL": "https://access.redhat.com/errata/RHSA-2021:1190?language=en"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "CentOS",

"CONSEQUENCE": "This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-27364",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364"

},

{

"ID": "CVE-2021-27365",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365"

},

{

"ID": "CVE-2021-27363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363"

}

]

},

"DIAGNOSIS": "CentOS has released security update for kernel security update to fix the vulnerabilities.<P>Affected Products:<br/><br/>centos 7<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "257073",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "linux_kernel",

"VENDOR": "linux"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=\"https://lists.centos.org/pipermail/centos-announce/2021-April/048298.html\" TARGET=\"_blank\">centos 7</A> for updates and patch information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.centos.org/pipermail/centos-announce/2021-April/048298.html\" TARGET=\"_blank\">CESA-2021:1071: centos 7</A>",

"TITLE": "CentOS Security Update for kernel (CESA-2021:1071)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "CESA-2021:1071 centos 7",

"URL": "https://lists.centos.org/pipermail/centos-announce/2021-April/048298.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "CentOS",

"CONSEQUENCE": "This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-20277",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277"

}

},

"DIAGNOSIS": "CentOS has released security update for libldb security update to fix the vulnerabilities.<P>Affected Products:<br/><br/>centos 7<br/><P>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "257074",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "None",

"VENDOR": "centos"

}

},

"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=\"https://lists.centos.org/pipermail/centos-announce/2021-April/048299.html\" TARGET=\"_blank\">centos 7</A> for updates and patch information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://lists.centos.org/pipermail/centos-announce/2021-April/048299.html\" TARGET=\"_blank\">CESA-2021:1072: centos 7</A>",

"TITLE": "CentOS Security Update for libldb (CESA-2021:1072)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "CESA-2021:1072 centos 7",

"URL": "https://lists.centos.org/pipermail/centos-announce/2021-April/048299.html"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2020-3363",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3363"

}

},

"DIAGNOSIS": "<P>A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches <br/>could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\n<P>Affected Products<br/>\nThe following Cisco products are affected if they have version prior to 2.5.5.47:\n250 Series Smart Switches\n350 Series Managed Switches\n350X Series Stackable Managed Switches\n550X Series Stackable Managed Switches\n\nNote: This is a potential check as the device model cannot be confirmed. Also this vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.\n\n<P>QID Detection Logic (Unauthenticated):<br/>The unauthenticated check tries to fetch the Cisco Smart Switch vulnerable version in response to GET request to an API, but not the model number.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "316847",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "small_buisness_switches",

"VENDOR": "cisco"

}

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbss-ipv6-dos-3bLk6vA\" TARGET=\"_blank\">cisco-sa-sbss-ipv6-dos-3bLk6vA</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbss-ipv6-dos-3bLk6vA\" TARGET=\"_blank\">cisco-sa-sbss-ipv6-dos-3bLk6vA</A>",

"TITLE": "Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability(cisco-sa-sbss-ipv6-dos-3bLk6vA)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-sbss-ipv6-dos-3bLk6vA",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbss-ipv6-dos-3bLk6vA"

}

},

"VULN_TYPE": "Potential Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-1450",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1450"

},

{

"ID": "CVE-2021-1428",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1428"

},

{

"ID": "CVE-2021-1429",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1429"

},

{

"ID": "CVE-2021-1519",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1519"

}

]

},

"DIAGNOSIS": "<P>A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client<br/> could allow an authenticated, local attacker to cause a<br/> denial of service (DoS) condition on an affected device. <br/>To exploit this vulnerability, the attacker would need to have <br/>valid credentials on the device.\n\n<P>Affected Products<br/>\nThis vulnerability has affected all versions of the following products:<br/>\nCisco AnyConnect Secure Mobility Client for Windows<br/>\nCisco AnyConnect Secure Mobility Client for MacOS<br/>\nCisco AnyConnect Secure Mobility Client for Linux<br/>\n\n<P>QID Detection Logic (Authenticated):<br/>\nThis checks for vulnerable version of AnyConnect Mobility Client.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": [

"Windows",

"Unix"

]

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-17T09:34:45Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",

"QID": "316883",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "anyconnect_secure_mobility_client",

"VENDOR": "cisco"

}

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-55AYyxYr\" TARGET=\"_blank\">cisco-sa-anyconnect-dos-55AYyxYr</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-55AYyxYr\" TARGET=\"_blank\">cisco-sa-anyconnect-dos-55AYyxYr</A>",

"TITLE": "Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability(cisco-sa-anyconnect-dos-55AYyxYr)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": [

{

"ID": "cisco-sa-anyconnect-dos-55AYyxYr",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-55AYyxYr"

},

{

"ID": "cisco-sa-anyconnect-profile-AggMUCDg",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-profile-AggMUCDg"

}

]

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful <br/>for legitimate hosts, resulting in a denial of service (DoS) condition.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1377",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1377"

}

},

"DIAGNOSIS": "<P>A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software<br/> could allow an unauthenticated, remote attacker to prevent an affected device<br/> from resolving ARP entries for legitimate hosts on the connected subnets.\n\n<P>Affected Products<br/>\nCisco devices if they were running a vulnerable release of Cisco IOS or IOS XE Software.\n\n<P>QID Detection Logic (Authenticated):<br/>The check matches Cisco IOS XE version retrieved via Unix Auth using &quot;show version&quot; command. <br/>QID Detection Logic (Unauthenticated):<br/>The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet. <br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": [

"Unix",

"SNMP"

]

},

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "316912",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "ios",

"VENDOR": "cisco"

},

{

"PRODUCT": "ios_xe",

"VENDOR": "cisco"

}

]

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arp-mtfhBfjE\" TARGET=\"_blank\">cisco-sa-arp-mtfhBfjE</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arp-mtfhBfjE\" TARGET=\"_blank\">cisco-sa-arp-mtfhBfjE</A>",

"TITLE": "Cisco IOS and IOS XE Software ARP Resource Management Exhaustion Denial of Service Vulnerability(cisco-sa-arp-mtfhBfjE)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-arp-mtfhBfjE",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arp-mtfhBfjE"

}

},

"VULN_TYPE": "Vulnerability or Potential Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow the attacker to execute arbitrary script code in the context <br/>of the affected interface or to access sensitive, browser-based information.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1374",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1374"

}

},

"DIAGNOSIS": "<P>A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software<br/> for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct<br/> a cross-site scripting (XSS) attack against another user of the <br/>web-based management interface of an affected device.\n\n<P>Affected Products<br/>\nThe following Cisco products if they were running a vulnerable release of Cisco IOS XE Software:<br/>\nCatalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches\nCatalyst 9800 Series Wireless Controllers\nEmbedded Wireless Controller on Catalyst Access Points\n\n<P>QID Detection Logic (Authenticated):<br/>The check matches Cisco IOS XE version retrieved via Unix Auth using &quot;show version&quot; command. <br/>QID Detection Logic (Unauthenticated):<br/>The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet. <br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available, Not exploitable due to configuration",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": [

"Unix",

"SNMP",

"MS Exchange"

]

},

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",

"QID": "316913",

"SEVERITY_LEVEL": "4",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "ios_xe",

"VENDOR": "cisco"

}

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-xss-cAfMtCzv\" TARGET=\"_blank\">cisco-sa-ewlc-xss-cAfMtCzv</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-xss-cAfMtCzv\" TARGET=\"_blank\">cisco-sa-ewlc-xss-cAfMtCzv</A>",

"TITLE": "Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Stored Cross-Site Scripting Vulnerability(cisco-sa-ewlc-xss-cAfMtCzv)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-ewlc-xss-cAfMtCzv",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-xss-cAfMtCzv"

}

},

"VULN_TYPE": "Vulnerability or Potential Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device.<P>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1390",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1390"

}

},

"DIAGNOSIS": "<P>QID Detection Logic (Authenticated):<br/>The check matches Cisco IOS XE version retrieved via Unix Auth using &quot;show version&quot; command. <br/>QID Detection Logic (Unauthenticated):<br/>The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet. <br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": [

"Unix",

"SNMP"

]

},

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-03T12:30:47Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "316914",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "cisco_ios_xe",

"VENDOR": "cisco"

}

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-OFP-6Nezgn7b\" TARGET=\"_blank\">cisco-sa-XE-OFP-6Nezgn7b</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-OFP-6Nezgn7b\" TARGET=\"_blank\">cisco-sa-XE-OFP-6Nezgn7b</A>",

"TITLE": "Cisco IOS XE Software Local Privilege Escalation Vulnerability(cisco-sa-XE-OFP-6Nezgn7b)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-XE-OFP-6Nezgn7b",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-OFP-6Nezgn7b"

}

},

"VULN_TYPE": "Vulnerability or Potential Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege.<P>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1391",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1391"

}

},

"DIAGNOSIS": "<P>A vulnerability in the dragonite debugger of Cisco IOS Software and Cisco IOS XE Software<br/> could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege.\n\n<P>Affected Products<br/>\nCisco devices if they were running a vulnerable release of Cisco IOS or IOS XE Software.\nCatalyst IE3200 Rugged Series Switches\nCatalyst IE3300 Rugged Series Switches\nCatalyst IE3400 Rugged Series Switches\nCatalyst IE3400 Heavy Duty Series Switches\nEmbedded Services 3300 Series Switches (ESS 3300)\n\nNote: Potential detection, as device is not confirmed.\n<P>QID Detection Logic (Authenticated):<br/>The check matches Cisco IOS XE version retrieved via Unix Auth using &quot;show version&quot; command. <br/>QID Detection Logic (Unauthenticated):<br/>The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet. <br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": [

"Unix",

"SNMP"

]

},

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:00Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "316915",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "None",

"VENDOR": "cisco"

},

{

"PRODUCT": "ios_xe",

"VENDOR": "cisco"

},

{

"PRODUCT": "ios",

"VENDOR": "cisco"

}

]

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc\" TARGET=\"_blank\">cisco-sa-XE-FSM-Yj8qJbJc</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc\" TARGET=\"_blank\">cisco-sa-XE-FSM-Yj8qJbJc</A>",

"TITLE": "Cisco IOS and IOS XE Software Privilege Escalation Vulnerability(cisco-sa-XE-FSM-Yj8qJbJc)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-XE-FSM-Yj8qJbJc",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc"

}

},

"VULN_TYPE": "Potential Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console.<P>",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1381",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1381"

}

},

"DIAGNOSIS": "<P>QID Detection Logic (Authenticated):<br/>The check matches Cisco IOS XE version retrieved via Unix Auth using &quot;show version&quot; command. <br/>QID Detection Logic (Unauthenticated):<br/>The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet. <br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": [

"Unix",

"SNMP"

]

},

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-03T12:30:46Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",

"QID": "316916",

"SEVERITY_LEVEL": "2",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "None",

"VENDOR": "cisco"

},

{

"PRODUCT": "ios_xe",

"VENDOR": "cisco"

}

]

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s\" TARGET=\"_blank\">cisco-sa-XE-BLKH-Ouvrnf2s</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s\" TARGET=\"_blank\">cisco-sa-XE-BLKH-Ouvrnf2s</A>",

"TITLE": "Cisco IOS XE Software Active Debug Code Vulnerability(cisco-sa-XE-BLKH-Ouvrnf2s)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-XE-BLKH-Ouvrnf2s",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s"

}

},

"VULN_TYPE": "Vulnerability or Potential Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow the attacker to cause a system memory leak in the ICMPv6 process on the device.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1229",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1229"

}

},

"DIAGNOSIS": "<P>QID Detection Logic(Authenticated):<br/>It checks for vulnerable version of Cisco NX-OS using show version Command.<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "316917",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "nx-os",

"VENDOR": "cisco"

}

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq\" TARGET=\"_blank\">cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq\" TARGET=\"_blank\">cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq</A>",

"TITLE": "Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability(cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1384",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1384"

}

},

"DIAGNOSIS": "<P>A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software <br/>could allow an authenticated, remote attacker to inject commands <br/>into the underlying operating system as the root user.\n\n<P>Affected Products<br/>\nCisco IOS XE Software releases 16.3.1 and later if they were configured with the<br/> Cisco IOx application hosting infrastructure.<br/>\nNote: The Cisco IOx application hosting infrastructure is not enabled by default.\n\n\n<P>QID Detection Logic (Authenticated):<br/>The check matches Cisco IOS XE version retrieved via Unix Auth using &quot;show version&quot; command. <br/>QID Detection Logic (Unauthenticated):<br/>The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet. <br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": [

"Unix",

"SNMP"

]

},

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "316918",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "ios_xe",

"VENDOR": "cisco"

}

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-cmdinj-RkSURGHG\" TARGET=\"_blank\">cisco-sa-iox-cmdinj-RkSURGHG</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-cmdinj-RkSURGHG\" TARGET=\"_blank\">cisco-sa-iox-cmdinj-RkSURGHG</A>",

"TITLE": "Cisco IOx for IOS XE Software Command Injection Vulnerability(cisco-sa-iox-cmdinj-RkSURGHG)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-iox-cmdinj-RkSURGHG",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-cmdinj-RkSURGHG"

}

},

"VULN_TYPE": "Vulnerability or Potential Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow the attacker to cause the web management interface to become unavailable, resulting in a DoS condition.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1394",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1394"

}

},

"DIAGNOSIS": "<P>A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers<br/> could allow an unauthenticated, remote attacker to cause a denial of service <br/>(DoS) condition in the web management interface of an affected device.\n\n<P>Affected Products<br/>\nCisco NCS 520 Routers if they were running a vulnerable release of Cisco IOS XE Software and had the HTTP server enabled.<br/>\nNote: This vulnerability does not impact traffic that is going through the device or <br/>going to the Management Ethernet interface of the device\n\n<P>QID Detection Logic (Authenticated):<br/>The check matches Cisco IOS XE version retrieved via Unix Auth using &quot;show version&quot; command. <br/>QID Detection Logic (Unauthenticated):<br/>The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet. <br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available, Not exploitable due to configuration",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": [

"Unix",

"SNMP",

"MS Exchange"

]

},

"REMOTE": "1"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "0",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "316920",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "ios_xe",

"VENDOR": "cisco"

}

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs520-tcp-ZpzzOxB\" TARGET=\"_blank\">cisco-sa-ncs520-tcp-ZpzzOxB</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs520-tcp-ZpzzOxB\" TARGET=\"_blank\">cisco-sa-ncs520-tcp-ZpzzOxB</A>",

"TITLE": "Cisco IOS XE Software for Network Convergence System 520 Routers Denial of Service Vulnerability(cisco-sa-ncs520-tcp-ZpzzOxB)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-ncs520-tcp-ZpzzOxB",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs520-tcp-ZpzzOxB"

}

},

"VULN_TYPE": "Vulnerability or Potential Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "Successful exploitation allows attacker to execute arbitrary code on the underlying operating system with root privileges.",

"CVE_LIST": {

"CVE": [

{

"ID": "CVE-2021-1137",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1137"

},

{

"ID": "CVE-2021-1479",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1479"

},

{

"ID": "CVE-2021-1480",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1480"

}

]

},

"DIAGNOSIS": "A remote code execution vulnerability exists in a remote management component of Cisco SD-WAN vManage Software<br/>\nA Privilege Escalation vulnerability exists in the user management function of Cisco SD-WAN Software<br/>\nA Privilege Escalation vulnerability exists in the system file transfer functions of Cisco SD-WAN<P>\n<P>Affected Products<br/>\nCisco SD-WAN vManage Software releases earlier than the following releases:<br/>\nFrom 0.0.0 Prior To 19.2.4<br/>\nVersion 19.3.x all versions<br/>\nFrom 20.0.0 Prior To 20.3.3<br/>\nFrom 20.4.0 Prior To 20.4.1<br/>",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:31Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-08T12:44:31Z",

"QID": "316921",

"SEVERITY_LEVEL": "5",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "sd-wan",

"VENDOR": "cisco"

}

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy\" TARGET=\"_blank\">cisco-sa-vmanage-YuTVWqy</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy\" TARGET=\"_blank\">cisco-sa-vmanage-YuTVWqy</A>",

"TITLE": "Cisco SD-WAN vManage Software Vulnerabilities (cisco-sa-vmanage-YuTVWqy)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-vmanage-YuTVWqy",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1362",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1362"

}

},

"DIAGNOSIS": "<P>A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management<br/> Edition, Cisco Unified Communications Manager IM Presence Service, Cisco Unity Connection<br/>, and Cisco Prime License Manager could allow an authenticated, <br/>remote attacker to execute arbitrary code on an affected device.\n\n<P>Affected Products<br/>\nCisco products if they are running a vulnerable software release:\nUnified Communications Manager (Unified CM)\nUnified Communications Manager Session Management Edition (Unified CM SME)\nUnified Communications Manager IM Presence Service (Unified CM IMP)\nUnity Connection\nPrime License Manager\n\n<P>QID Detection Logic (Authenticated):<br/>The check matches the Cisco Unified Communications Product version retrieved via Unix Auth using &quot; Active Master Version:&quot; command.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",

"QID": "316922",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": [

{

"PRODUCT": "unified_communications_manager",

"VENDOR": "cisco"

},

{

"PRODUCT": "unity_connection",

"VENDOR": "cisco"

}

]

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb\" TARGET=\"_blank\">cisco-sa-cucm-rce-pqVYwyb</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb\" TARGET=\"_blank\">cisco-sa-cucm-rce-pqVYwyb</A>",

"TITLE": "Cisco Unified Communications Products Remote Code Execution Vulnerability(cisco-sa-cucm-rce-pqVYwyb)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-cucm-rce-pqVYwyb",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2021-1362",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1362"

}

},

"DIAGNOSIS": "<P>A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager IM Presence Service<br/>could allow an authenticated, <br/>remote attacker to execute arbitrary code on an affected device.\n\n<P>Affected Products<br/>\nCisco products if they are running a vulnerable software release:\nUnified Communications Manager IM Presence Service (Unified CM IMP)\n\n\n<P>QID Detection Logic (Authenticated):<br/>The check matches the Cisco Unified Communications Product version retrieved via Unix Auth using &quot; Active Master Version:&quot; command.",

"DISCOVERY": {

"ADDITIONAL_INFO": "Patch Available",

"AUTH_TYPE_LIST": {

"AUTH_TYPE": "Unix"

},

"REMOTE": "0"

},

"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-12T13:50:00Z",

"PATCHABLE": "1",

"PCI_FLAG": "1",

"PUBLISHED_DATETIME": "2021-04-12T13:50:00Z",

"QID": "316923",

"SEVERITY_LEVEL": "3",

"SOFTWARE_LIST": {

"SOFTWARE": {

"PRODUCT": "unified_communications_manager_im_and_presence_service",

"VENDOR": "cisco"

}

},

"SOLUTION": "<P>Customers are advised to refer to <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb\" TARGET=\"_blank\">cisco-sa-cucm-rce-pqVYwyb</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb\" TARGET=\"_blank\">cisco-sa-cucm-rce-pqVYwyb</A>",

"TITLE": "Cisco Unified Communications Manager IM and Presence Service Remote Code Execution Vulnerability(cisco-sa-cucm-rce-pqVYwyb)",

"VENDOR_REFERENCE_LIST": {

"VENDOR_REFERENCE": {

"ID": "cisco-sa-cucm-rce-pqVYwyb",

"URL": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb"

}

},

"VULN_TYPE": "Vulnerability"

},

{

"CATEGORY": "Cisco",

"CONSEQUENCE": "A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device.",

"CVE_LIST": {

"CVE": {

"ID": "CVE-2019-1889",

"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1889"

}

},

"DIAGNOSIS": "<P>QID Detection Logic (Authenticated):<br/>The check matches CiscoCis