From e3b7592694d2a62859ff2f0ed383a3b322b99102 Mon Sep 17 00:00:00 2001 From: jyothi kumar Date: Thu, 2 May 2024 11:13:31 +0530 Subject: [PATCH] Pushed sarif file --- Dockerfile | 7 + trivyExploitable.sarif | 38238 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 38245 insertions(+) create mode 100644 Dockerfile create mode 100644 trivyExploitable.sarif diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..52ea7b7 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM python:3.6 +COPY . /app +WORKDIR /app +RUN pip install -r requirements.txt +EXPOSE 8080 +ENTRYPOINT ["python"] +CMD ["app/app.py"] diff --git a/trivyExploitable.sarif b/trivyExploitable.sarif new file mode 100644 index 0000000..8685711 --- /dev/null +++ b/trivyExploitable.sarif @@ -0,0 +1,38238 @@ +{ + "version": "2.1.0", + "$schema": "https://json.schemastore.org/sarif-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "fullName": "Trivy Premium Vulnerability Scanner", + "informationUri": "https://www.aquasec.com", + "name": "TrivyPremium", + "rules": [ + { + "id": "CVE-2020-7662", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "websocket-extensions npm module prior to 0.1.4 all..." + }, + "fullDescription": { + "text": "websocket-extensions npm module prior to 0.1.4 allows Denial of Service (Do..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-7662", + "help": { + "text": "Vulnerability CVE-2020-7662\nSeverity: high\nPackage: angular.js\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-7662](https://nvd.nist.gov/vuln/detail/CVE-2020-7662)\nwebsocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.", + "markdown": "**Vulnerability CVE-2020-7662**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|angular.js||[]()|CVE-2020-7662|[https://nvd.nist.gov/vuln/detail/CVE-2020-7662](websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-25869", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "All versions of package angular are vulnerable to ..." + }, + "fullDescription": { + "text": "All versions of package angular are vulnerable to Cross-site Scripting (XSS..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-25869", + "help": { + "text": "Vulnerability CVE-2022-25869\nSeverity: medium\nPackage: angular.js\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-25869](https://nvd.nist.gov/vuln/detail/CVE-2022-25869)\nAll versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements.", + "markdown": "**Vulnerability CVE-2022-25869**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|angular.js||[]()|CVE-2022-25869|[https://nvd.nist.gov/vuln/detail/CVE-2022-25869](All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-26116", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Versions of the package angular from 1.2.21 are vu..." + }, + "fullDescription": { + "text": "Versions of the package angular from 1.2.21 are vulnerable to Regular Expre..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-26116", + "help": { + "text": "Vulnerability CVE-2023-26116\nSeverity: medium\nPackage: angular.js\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-26116](https://nvd.nist.gov/vuln/detail/CVE-2023-26116)\nVersions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.", + "markdown": "**Vulnerability CVE-2023-26116**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|angular.js||[]()|CVE-2023-26116|[https://nvd.nist.gov/vuln/detail/CVE-2023-26116](Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-26117", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Versions of the package angular from 1.0.0 are vul..." + }, + "fullDescription": { + "text": "Versions of the package angular from 1.0.0 are vulnerable to Regular Expres..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-26117", + "help": { + "text": "Vulnerability CVE-2023-26117\nSeverity: medium\nPackage: angular.js\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-26117](https://nvd.nist.gov/vuln/detail/CVE-2023-26117)\nVersions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.", + "markdown": "**Vulnerability CVE-2023-26117**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|angular.js||[]()|CVE-2023-26117|[https://nvd.nist.gov/vuln/detail/CVE-2023-26117](Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-26118", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Versions of the package angular from 1.4.9 are vul..." + }, + "fullDescription": { + "text": "Versions of the package angular from 1.4.9 are vulnerable to Regular Expres..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-26118", + "help": { + "text": "Vulnerability CVE-2023-26118\nSeverity: medium\nPackage: angular.js\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-26118](https://nvd.nist.gov/vuln/detail/CVE-2023-26118)\nVersions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the \u003cinput type=\"url\"\u003e element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.", + "markdown": "**Vulnerability CVE-2023-26118**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|angular.js||[]()|CVE-2023-26118|[https://nvd.nist.gov/vuln/detail/CVE-2023-26118](Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the \u003cinput type=\"url\"\u003e element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2019-14863", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "There is a vulnerability in all angular versions b..." + }, + "fullDescription": { + "text": "There is a vulnerability in all angular versions before 1.5.0-beta.0, where..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-14863", + "help": { + "text": "Vulnerability CVE-2019-14863\nSeverity: medium\nPackage: angular.js\nFixed Version: 1.5.0-beta.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14863](https://nvd.nist.gov/vuln/detail/CVE-2019-14863)\nThere is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.", + "markdown": "**Vulnerability CVE-2019-14863**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|angular.js|1.5.0-beta.0|[]()|CVE-2019-14863|[https://nvd.nist.gov/vuln/detail/CVE-2019-14863](There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-7676", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "angular.js prior to 1.8.0 allows cross site script..." + }, + "fullDescription": { + "text": "angular.js prior to 1.8.0 allows cross site scripting. The regex-based inpu..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-7676", + "help": { + "text": "Vulnerability CVE-2020-7676\nSeverity: medium\nPackage: angular.js\nFixed Version: 1.8.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-7676](https://nvd.nist.gov/vuln/detail/CVE-2020-7676)\nangular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"\u003coption\u003e\" elements in \"\u003cselect\u003e\" ones changes parsing behavior, leading to possibly unsanitizing code.", + "markdown": "**Vulnerability CVE-2020-7676**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|angular.js|1.8.0|[]()|CVE-2020-7676|[https://nvd.nist.gov/vuln/detail/CVE-2020-7676](angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"\u003coption\u003e\" elements in \"\u003cselect\u003e\" ones changes parsing behavior, leading to possibly unsanitizing code.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:1113", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The bash packages provide Bash (Bourne-again shell..." + }, + "fullDescription": { + "text": "The bash packages provide Bash (Bourne-again shell), which is the default s..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-9924", + "help": { + "text": "Vulnerability RHSA-2020:1113\nSeverity: medium\nPackage: bash\nFixed Version: 4.2.46-34.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1113](https://access.redhat.com/security/cve/CVE-2019-9924)\nThe bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.", + "markdown": "**Vulnerability RHSA-2020:1113**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bash|4.2.46-34.el7|[]()|RHSA-2020:1113|[https://access.redhat.com/security/cve/CVE-2019-9924](The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:2344", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-8616", + "help": { + "text": "Vulnerability RHSA-2020:2344\nSeverity: high\nPackage: bind-license\nFixed Version: 32:9.11.4-16.P2.el7_8.6\nExploit Available: [http://www.exploit-db.com/exploits/48521](http://www.exploit-db.com/exploits/48521)\nExploit Type: dos\nLink: [RHSA-2020:2344](https://access.redhat.com/security/cve/CVE-2020-8616)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2020:2344**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|32:9.11.4-16.P2.el7_8.6|[http://www.exploit-db.com/exploits/48521](dos)|RHSA-2020:2344|[https://access.redhat.com/security/cve/CVE-2020-8616](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2022:6765", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-38178", + "help": { + "text": "Vulnerability RHSA-2022:6765\nSeverity: high\nPackage: bind-license\nFixed Version: 32:9.11.4-26.P2.el7_9.10\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:6765](https://access.redhat.com/security/cve/CVE-2022-38178)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2022:6765**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|32:9.11.4-26.P2.el7_9.10|[]()|RHSA-2022:6765|[https://access.redhat.com/security/cve/CVE-2022-38178](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2019:1294", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-5743", + "help": { + "text": "Vulnerability RHSA-2019:1294\nSeverity: high\nPackage: bind-license\nFixed Version: 32:9.9.4-74.el7_6.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1294](https://access.redhat.com/security/cve/CVE-2018-5743)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2019:1294**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|32:9.9.4-74.el7_6.1|[]()|RHSA-2019:1294|[https://access.redhat.com/security/cve/CVE-2018-5743](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-50868", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Closest Encloser Proof aspect of the DNS proto..." + }, + "fullDescription": { + "text": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-50868", + "help": { + "text": "Vulnerability CVE-2023-50868\nSeverity: high\nPackage: bind-license\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-50868](https://access.redhat.com/security/cve/CVE-2023-50868)\nThe Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", + "markdown": "**Vulnerability CVE-2023-50868**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|any in centos 7.6.1810|[]()|CVE-2023-50868|[https://access.redhat.com/security/cve/CVE-2023-50868](The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-50387", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Certain DNSSEC aspects of the DNS protocol (in RFC..." + }, + "fullDescription": { + "text": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-50387", + "help": { + "text": "Vulnerability CVE-2023-50387\nSeverity: high\nPackage: bind-license\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-50387](https://access.redhat.com/security/cve/CVE-2023-50387)\nCertain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", + "markdown": "**Vulnerability CVE-2023-50387**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|any in centos 7.6.1810|[]()|CVE-2023-50387|[https://access.redhat.com/security/cve/CVE-2023-50387](Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2021:0671", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-8625", + "help": { + "text": "Vulnerability RHSA-2021:0671\nSeverity: high\nPackage: bind-license\nFixed Version: 32:9.11.4-26.P2.el7_9.4\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:0671](https://access.redhat.com/security/cve/CVE-2020-8625)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2021:0671**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|32:9.11.4-26.P2.el7_9.4|[]()|RHSA-2021:0671|[https://access.redhat.com/security/cve/CVE-2020-8625](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-4408", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The DNS message parsing code in `named` includes a..." + }, + "fullDescription": { + "text": "The DNS message parsing code in `named` includes a section whose computatio..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-4408", + "help": { + "text": "Vulnerability CVE-2023-4408\nSeverity: high\nPackage: bind-license\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-4408](https://access.redhat.com/security/cve/CVE-2023-4408)\nThe DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.", + "markdown": "**Vulnerability CVE-2023-4408**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|any in centos 7.6.1810|[]()|CVE-2023-4408|[https://access.redhat.com/security/cve/CVE-2023-4408](The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2021:1469", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-25215", + "help": { + "text": "Vulnerability RHSA-2021:1469\nSeverity: high\nPackage: bind-license\nFixed Version: 32:9.11.4-26.P2.el7_9.5\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1469](https://access.redhat.com/security/cve/CVE-2021-25215)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2021:1469**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|32:9.11.4-26.P2.el7_9.5|[]()|RHSA-2021:1469|[https://access.redhat.com/security/cve/CVE-2021-25215](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2023:5691", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-3341", + "help": { + "text": "Vulnerability RHSA-2023:5691\nSeverity: high\nPackage: bind-license\nFixed Version: 32:9.11.4-26.P2.el7_9.15\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:5691](https://access.redhat.com/security/cve/CVE-2023-3341)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2023:5691**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|32:9.11.4-26.P2.el7_9.15|[]()|RHSA-2023:5691|[https://access.redhat.com/security/cve/CVE-2023-3341](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2023:4152", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-2828", + "help": { + "text": "Vulnerability RHSA-2023:4152\nSeverity: high\nPackage: bind-license\nFixed Version: 32:9.11.4-26.P2.el7_9.14\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:4152](https://access.redhat.com/security/cve/CVE-2023-2828)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2023:4152**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bind-license|32:9.11.4-26.P2.el7_9.14|[]()|RHSA-2023:4152|[https://access.redhat.com/security/cve/CVE-2023-2828](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:5011", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-8623", + "help": { + "text": "Vulnerability RHSA-2020:5011\nSeverity: medium\nPackage: bind-license\nFixed Version: 32:9.11.4-26.P2.el7_9.2\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5011](https://access.redhat.com/security/cve/CVE-2020-8623)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2020:5011**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bind-license|32:9.11.4-26.P2.el7_9.2|[]()|RHSA-2020:5011|[https://access.redhat.com/security/cve/CVE-2020-8623](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2023:0402", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-25220", + "help": { + "text": "Vulnerability RHSA-2023:0402\nSeverity: medium\nPackage: bind-license\nFixed Version: 32:9.11.4-26.P2.el7_9.13\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:0402](https://access.redhat.com/security/cve/CVE-2021-25220)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2023:0402**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bind-license|32:9.11.4-26.P2.el7_9.13|[]()|RHSA-2023:0402|[https://access.redhat.com/security/cve/CVE-2021-25220](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-25219", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In BIND 9.3.0 -\u0026gt; 9.11.35, 9.12.0 -\u0026gt; 9.16.21, and v..." + }, + "fullDescription": { + "text": "In BIND 9.3.0 -\u0026gt; 9.11.35, 9.12.0 -\u0026gt; 9.16.21, and versions 9.9.3-S1 -\u0026gt; 9.11...." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-25219", + "help": { + "text": "Vulnerability CVE-2021-25219\nSeverity: medium\nPackage: bind-license\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-25219](https://access.redhat.com/security/cve/CVE-2021-25219)\nIn BIND 9.3.0 -\u003e 9.11.35, 9.12.0 -\u003e 9.16.21, and versions 9.9.3-S1 -\u003e 9.11.35-S1 and 9.16.8-S1 -\u003e 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.", + "markdown": "**Vulnerability CVE-2021-25219**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bind-license|any in centos 7.6.1810|[]()|CVE-2021-25219|[https://access.redhat.com/security/cve/CVE-2021-25219](In BIND 9.3.0 -\u003e 9.11.35, 9.12.0 -\u003e 9.16.21, and versions 9.9.3-S1 -\u003e 9.11.35-S1 and 9.16.8-S1 -\u003e 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2021:3325", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-25214", + "help": { + "text": "Vulnerability RHSA-2021:3325\nSeverity: medium\nPackage: bind-license\nFixed Version: 32:9.11.4-26.P2.el7_9.7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3325](https://access.redhat.com/security/cve/CVE-2021-25214)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2021:3325**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bind-license|32:9.11.4-26.P2.el7_9.7|[]()|RHSA-2021:3325|[https://access.redhat.com/security/cve/CVE-2021-25214](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:2057", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-5741", + "help": { + "text": "Vulnerability RHSA-2019:2057\nSeverity: medium\nPackage: bind-license\nFixed Version: 32:9.11.4-9.P2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2057](https://access.redhat.com/security/cve/CVE-2018-5741)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2019:2057**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bind-license|32:9.11.4-9.P2.el7|[]()|RHSA-2019:2057|[https://access.redhat.com/security/cve/CVE-2018-5741](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:1061", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an imp..." + }, + "fullDescription": { + "text": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-6477", + "help": { + "text": "Vulnerability RHSA-2020:1061\nSeverity: medium\nPackage: bind-license\nFixed Version: 32:9.11.4-16.P2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1061](https://access.redhat.com/security/cve/CVE-2019-6477)\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.", + "markdown": "**Vulnerability RHSA-2020:1061**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bind-license|32:9.11.4-16.P2.el7|[]()|RHSA-2020:1061|[https://access.redhat.com/security/cve/CVE-2019-6477](The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:2075", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The binutils packages provide a collection of bina..." + }, + "fullDescription": { + "text": "The binutils packages provide a collection of binary utilities for the mani..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-1000876", + "help": { + "text": "Vulnerability RHSA-2019:2075\nSeverity: medium\nPackage: binutils\nFixed Version: 2.27-41.base.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2075](https://access.redhat.com/security/cve/CVE-2018-1000876)\nThe binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.", + "markdown": "**Vulnerability RHSA-2019:2075**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|binutils|2.27-41.base.el7|[]()|RHSA-2019:2075|[https://access.redhat.com/security/cve/CVE-2018-1000876](The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-16590", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A double free vulnerability exists in the Binary F..." + }, + "fullDescription": { + "text": "A double free vulnerability exists in the Binary File Descriptor (BFD) (aka..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-16590", + "help": { + "text": "Vulnerability CVE-2020-16590\nSeverity: medium\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16590](https://access.redhat.com/security/cve/CVE-2020-16590)\nA double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.", + "markdown": "**Vulnerability CVE-2020-16590**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|binutils|any in centos 7.6.1810|[]()|CVE-2020-16590|[https://access.redhat.com/security/cve/CVE-2020-16590](A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-16592", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A use after free issue exists in the Binary File D..." + }, + "fullDescription": { + "text": "A use after free issue exists in the Binary File Descriptor (BFD) library (..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-16592", + "help": { + "text": "Vulnerability CVE-2020-16592\nSeverity: medium\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16592](https://access.redhat.com/security/cve/CVE-2020-16592)\nA use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.", + "markdown": "**Vulnerability CVE-2020-16592**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|binutils|any in centos 7.6.1810|[]()|CVE-2020-16592|[https://access.redhat.com/security/cve/CVE-2020-16592](A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-20197", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "There is an open race window when writing output i..." + }, + "fullDescription": { + "text": "There is an open race window when writing output in the following utilities..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-20197", + "help": { + "text": "Vulnerability CVE-2021-20197\nSeverity: medium\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20197](https://access.redhat.com/security/cve/CVE-2021-20197)\nThere is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.", + "markdown": "**Vulnerability CVE-2021-20197**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|binutils|any in centos 7.6.1810|[]()|CVE-2021-20197|[https://access.redhat.com/security/cve/CVE-2021-20197](There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-20294", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in binutils readelf 2.35 program...." + }, + "fullDescription": { + "text": "A flaw was found in binutils readelf 2.35 program. An attacker who is able ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-20294", + "help": { + "text": "Vulnerability CVE-2021-20294\nSeverity: medium\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20294](https://access.redhat.com/security/cve/CVE-2021-20294)\nA flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.", + "markdown": "**Vulnerability CVE-2021-20294**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|binutils|any in centos 7.6.1810|[]()|CVE-2021-20294|[https://access.redhat.com/security/cve/CVE-2021-20294](A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-37322", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GCC c++filt v2.26 was discovered to contain a use-..." + }, + "fullDescription": { + "text": "GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-37322", + "help": { + "text": "Vulnerability CVE-2021-37322\nSeverity: medium\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37322](https://access.redhat.com/security/cve/CVE-2021-37322)\nGCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.", + "markdown": "**Vulnerability CVE-2021-37322**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|binutils|any in centos 7.6.1810|[]()|CVE-2021-37322|[https://access.redhat.com/security/cve/CVE-2021-37322](GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2021:4033", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The binutils packages provide a collection of bina..." + }, + "fullDescription": { + "text": "The binutils packages provide a collection of binary utilities for the mani..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-42574", + "help": { + "text": "Vulnerability RHSA-2021:4033\nSeverity: medium\nPackage: binutils\nFixed Version: 2.27-44.base.el7_9.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4033](https://access.redhat.com/security/cve/CVE-2021-42574)\nThe binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.", + "markdown": "**Vulnerability RHSA-2021:4033**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|binutils|2.27-44.base.el7_9.1|[]()|RHSA-2021:4033|[https://access.redhat.com/security/cve/CVE-2021-42574](The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2019-17450", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "find_abstract_instance in dwarf2.c in the Binary F..." + }, + "fullDescription": { + "text": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) libr..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-17450", + "help": { + "text": "Vulnerability CVE-2019-17450\nSeverity: low\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-17450](https://access.redhat.com/security/cve/CVE-2019-17450)\nfind_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", + "markdown": "**Vulnerability CVE-2019-17450**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|binutils|any in centos 7.6.1810|[]()|CVE-2019-17450|[https://access.redhat.com/security/cve/CVE-2019-17450](find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2020-16591", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A Denial of Service vulnerability exists in the Bi..." + }, + "fullDescription": { + "text": "A Denial of Service vulnerability exists in the Binary File Descriptor (BFD..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-16591", + "help": { + "text": "Vulnerability CVE-2020-16591\nSeverity: low\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16591](https://access.redhat.com/security/cve/CVE-2020-16591)\nA Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.", + "markdown": "**Vulnerability CVE-2020-16591**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|binutils|any in centos 7.6.1810|[]()|CVE-2020-16591|[https://access.redhat.com/security/cve/CVE-2020-16591](A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2020-16593", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A Null Pointer Dereference vulnerability exists in..." + }, + "fullDescription": { + "text": "A Null Pointer Dereference vulnerability exists in the Binary File Descript..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-16593", + "help": { + "text": "Vulnerability CVE-2020-16593\nSeverity: low\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16593](https://access.redhat.com/security/cve/CVE-2020-16593)\nA Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.", + "markdown": "**Vulnerability CVE-2020-16593**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|binutils|any in centos 7.6.1810|[]()|CVE-2020-16593|[https://access.redhat.com/security/cve/CVE-2020-16593](A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2020-16599", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A Null Pointer Dereference vulnerability exists in..." + }, + "fullDescription": { + "text": "A Null Pointer Dereference vulnerability exists in the Binary File Descript..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-16599", + "help": { + "text": "Vulnerability CVE-2020-16599\nSeverity: low\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16599](https://access.redhat.com/security/cve/CVE-2020-16599)\nA Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.", + "markdown": "**Vulnerability CVE-2020-16599**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|binutils|any in centos 7.6.1810|[]()|CVE-2020-16599|[https://access.redhat.com/security/cve/CVE-2020-16599](A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2020-35448", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in the Binary File Descrip..." + }, + "fullDescription": { + "text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka li..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-35448", + "help": { + "text": "Vulnerability CVE-2020-35448\nSeverity: low\nPackage: binutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35448](https://access.redhat.com/security/cve/CVE-2020-35448)\nAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.", + "markdown": "**Vulnerability CVE-2020-35448**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|binutils|any in centos 7.6.1810|[]()|CVE-2020-35448|[https://access.redhat.com/security/cve/CVE-2020-35448](An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2020:0203", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libarchive programming library can create and ..." + }, + "fullDescription": { + "text": "The libarchive programming library can create and read several different st..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-18408", + "help": { + "text": "Vulnerability RHSA-2020:0203\nSeverity: high\nPackage: libarchive\nFixed Version: 3.1.2-14.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:0203](https://access.redhat.com/security/cve/CVE-2019-18408)\nThe libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.", + "markdown": "**Vulnerability RHSA-2020:0203**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|libarchive|3.1.2-14.el7_7|[]()|RHSA-2020:0203|[https://access.redhat.com/security/cve/CVE-2019-18408](The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2019:2298", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libarchive programming library can create and ..." + }, + "fullDescription": { + "text": "The libarchive programming library can create and read several different st..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-1000878", + "help": { + "text": "Vulnerability RHSA-2019:2298\nSeverity: medium\nPackage: libarchive\nFixed Version: 3.1.2-12.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2298](https://access.redhat.com/security/cve/CVE-2018-1000878)\nThe libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.", + "markdown": "**Vulnerability RHSA-2019:2298**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libarchive|3.1.2-12.el7|[]()|RHSA-2019:2298|[https://access.redhat.com/security/cve/CVE-2018-1000878](The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-23177", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An improper link resolution flaw while extracting ..." + }, + "fullDescription": { + "text": "An improper link resolution flaw while extracting an archive can lead to ch..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-23177", + "help": { + "text": "Vulnerability CVE-2021-23177\nSeverity: medium\nPackage: libarchive\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-23177](https://access.redhat.com/security/cve/CVE-2021-23177)\nAn improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.", + "markdown": "**Vulnerability CVE-2021-23177**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libarchive|any in centos 7.6.1810|[]()|CVE-2021-23177|[https://access.redhat.com/security/cve/CVE-2021-23177](An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-31566", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An improper link resolution flaw can occur while e..." + }, + "fullDescription": { + "text": "An improper link resolution flaw can occur while extracting an archive lead..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-31566", + "help": { + "text": "Vulnerability CVE-2021-31566\nSeverity: medium\nPackage: libarchive\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-31566](https://access.redhat.com/security/cve/CVE-2021-31566)\nAn improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.", + "markdown": "**Vulnerability CVE-2021-31566**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libarchive|any in centos 7.6.1810|[]()|CVE-2021-31566|[https://access.redhat.com/security/cve/CVE-2021-31566](An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-36227", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In libarchive before 3.6.2, the software does not ..." + }, + "fullDescription": { + "text": "In libarchive before 3.6.2, the software does not check for an error after ..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-36227", + "help": { + "text": "Vulnerability CVE-2022-36227\nSeverity: low\nPackage: libarchive\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-36227](https://access.redhat.com/security/cve/CVE-2022-36227)\nIn libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\"", + "markdown": "**Vulnerability CVE-2022-36227**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libarchive|any in centos 7.6.1810|[]()|CVE-2022-36227|[https://access.redhat.com/security/cve/CVE-2022-36227](In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\")|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-37920", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Certifi is a curated collection of Root Certificat..." + }, + "fullDescription": { + "text": "Certifi is a curated collection of Root Certificates for validating the tru..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-37920", + "help": { + "text": "Vulnerability CVE-2023-37920\nSeverity: low\nPackage: ca-certificates\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-37920](https://access.redhat.com/security/cve/CVE-2023-37920)\nCertifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.", + "markdown": "**Vulnerability CVE-2023-37920**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|ca-certificates|any in centos 7.6.1810|[]()|CVE-2023-37920|[https://access.redhat.com/security/cve/CVE-2023-37920](Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2019-14540", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A Polymorphic Typing issue was discovered in Faste..." + }, + "fullDescription": { + "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind bef..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540", + "help": { + "text": "Vulnerability CVE-2019-14540\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14540](https://nvd.nist.gov/vuln/detail/CVE-2019-14540)\nA Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.", + "markdown": "**Vulnerability CVE-2019-14540**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.3, 2.8.11.5, 2.9.10|[]()|CVE-2019-14540|[https://nvd.nist.gov/vuln/detail/CVE-2019-14540](A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-17531", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A Polymorphic Typing issue was discovered in Faste..." + }, + "fullDescription": { + "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531", + "help": { + "text": "Vulnerability CVE-2019-17531\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-17531](https://nvd.nist.gov/vuln/detail/CVE-2019-17531)\nA Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "markdown": "**Vulnerability CVE-2019-17531**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.3, 2.8.11.5, 2.9.10.1|[]()|CVE-2019-17531|[https://nvd.nist.gov/vuln/detail/CVE-2019-17531](A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2017-17485", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind through 2.8.10 and 2.9...." + }, + "fullDescription": { + "text": "FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows un..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", + "help": { + "text": "Vulnerability CVE-2017-17485\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.7.9.2, 2.8.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-17485](https://nvd.nist.gov/vuln/detail/CVE-2017-17485)\nFasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.", + "markdown": "**Vulnerability CVE-2017-17485**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.7.9.2, 2.8.11|[]()|CVE-2017-17485|[https://nvd.nist.gov/vuln/detail/CVE-2017-17485](FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2020-9547", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.4 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", + "help": { + "text": "Vulnerability CVE-2020-9547\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.7.9.7, 2.8.11.6, 2.9.10.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-9547](https://nvd.nist.gov/vuln/detail/CVE-2020-9547)\nFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).", + "markdown": "**Vulnerability CVE-2020-9547**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.7.9.7, 2.8.11.6, 2.9.10.4|[]()|CVE-2020-9547|[https://nvd.nist.gov/vuln/detail/CVE-2020-9547](FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-16335", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A Polymorphic Typing issue was discovered in Faste..." + }, + "fullDescription": { + "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind bef..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335", + "help": { + "text": "Vulnerability CVE-2019-16335\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-16335](https://nvd.nist.gov/vuln/detail/CVE-2019-16335)\nA Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.", + "markdown": "**Vulnerability CVE-2019-16335**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.3, 2.8.11.5, 2.9.10|[]()|CVE-2019-16335|[https://nvd.nist.gov/vuln/detail/CVE-2019-16335](A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-16943", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A Polymorphic Typing issue was discovered in Faste..." + }, + "fullDescription": { + "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943", + "help": { + "text": "Vulnerability CVE-2019-16943\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-16943](https://nvd.nist.gov/vuln/detail/CVE-2019-16943)\nA Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "markdown": "**Vulnerability CVE-2019-16943**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.3, 2.8.11.5, 2.9.10.1|[]()|CVE-2019-16943|[https://nvd.nist.gov/vuln/detail/CVE-2019-16943](A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2020-9548", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.4 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", + "help": { + "text": "Vulnerability CVE-2020-9548\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.7.9.7, 2.8.11.6, 2.9.10.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-9548](https://nvd.nist.gov/vuln/detail/CVE-2020-9548)\nFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "markdown": "**Vulnerability CVE-2020-9548**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.7.9.7, 2.8.11.6, 2.9.10.4|[]()|CVE-2020-9548|[https://nvd.nist.gov/vuln/detail/CVE-2020-9548](FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2018-14718", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.7 might ..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", + "help": { + "text": "Vulnerability CVE-2018-14718\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.7\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-14718](https://nvd.nist.gov/vuln/detail/CVE-2018-14718)\nFasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.", + "markdown": "**Vulnerability CVE-2018-14718**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.7|[]()|CVE-2018-14718|[https://nvd.nist.gov/vuln/detail/CVE-2018-14718](FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-16942", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A Polymorphic Typing issue was discovered in Faste..." + }, + "fullDescription": { + "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942", + "help": { + "text": "Vulnerability CVE-2019-16942\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-16942](https://nvd.nist.gov/vuln/detail/CVE-2019-16942)\nA Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "markdown": "**Vulnerability CVE-2019-16942**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.3, 2.8.11.5, 2.9.10.1|[]()|CVE-2019-16942|[https://nvd.nist.gov/vuln/detail/CVE-2019-16942](A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-14892", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in jackson-databind in versi..." + }, + "fullDescription": { + "text": "A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892", + "help": { + "text": "Vulnerability CVE-2019-14892\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14892](https://nvd.nist.gov/vuln/detail/CVE-2019-14892)\nA flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.", + "markdown": "**Vulnerability CVE-2019-14892**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.3, 2.8.11.5, 2.9.10|[]()|CVE-2019-14892|[https://nvd.nist.gov/vuln/detail/CVE-2019-14892](A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2018-19362", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.8 might ..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have u..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", + "help": { + "text": "Vulnerability CVE-2018-19362\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-19362](https://nvd.nist.gov/vuln/detail/CVE-2018-19362)\nFasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.", + "markdown": "**Vulnerability CVE-2018-19362**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8|[]()|CVE-2018-19362|[https://nvd.nist.gov/vuln/detail/CVE-2018-19362](FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2018-7489", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x b..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", + "help": { + "text": "Vulnerability CVE-2018-7489\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.7.9.3, 2.8.11.1, 2.9.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-7489](https://nvd.nist.gov/vuln/detail/CVE-2018-7489)\nFasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", + "markdown": "**Vulnerability CVE-2018-7489**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.5, 2.7.9.3, 2.8.11.1, 2.9.5|[]()|CVE-2018-7489|[https://nvd.nist.gov/vuln/detail/CVE-2018-7489](FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-17267", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A Polymorphic Typing issue was discovered in Faste..." + }, + "fullDescription": { + "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind bef..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267", + "help": { + "text": "Vulnerability CVE-2019-17267\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.8.11.5, 2.9.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-17267](https://nvd.nist.gov/vuln/detail/CVE-2019-17267)\nA Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.", + "markdown": "**Vulnerability CVE-2019-17267**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.8.11.5, 2.9.10|[]()|CVE-2019-17267|[https://nvd.nist.gov/vuln/detail/CVE-2019-17267](A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2017-7525", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A deserialization flaw was discovered in the jacks..." + }, + "fullDescription": { + "text": "A deserialization flaw was discovered in the jackson-databind, versions bef..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", + "help": { + "text": "Vulnerability CVE-2017-7525\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.1, 2.7.9.1, 2.8.9\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-7525](https://nvd.nist.gov/vuln/detail/CVE-2017-7525)\nA deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.", + "markdown": "**Vulnerability CVE-2017-7525**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.1, 2.7.9.1, 2.8.9|[]()|CVE-2017-7525|[https://nvd.nist.gov/vuln/detail/CVE-2017-7525](A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2018-14719", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.7 might ..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", + "help": { + "text": "Vulnerability CVE-2018-14719\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.7.9.5, 2.8.11.3, 2.9.7\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-14719](https://nvd.nist.gov/vuln/detail/CVE-2018-14719)\nFasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.", + "markdown": "**Vulnerability CVE-2018-14719**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.7.9.5, 2.8.11.3, 2.9.7|[]()|CVE-2018-14719|[https://nvd.nist.gov/vuln/detail/CVE-2018-14719](FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-20330", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.2 lac..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-20330", + "help": { + "text": "Vulnerability CVE-2019-20330\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-20330](https://nvd.nist.gov/vuln/detail/CVE-2019-20330)\nFasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.", + "markdown": "**Vulnerability CVE-2019-20330**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2|[]()|CVE-2019-20330|[https://nvd.nist.gov/vuln/detail/CVE-2019-20330](FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2018-11307", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in FasterXML jackson-datab..." + }, + "fullDescription": { + "text": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", + "help": { + "text": "Vulnerability CVE-2018-11307\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.7.9.4, 2.8.11.2, 2.9.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-11307](https://nvd.nist.gov/vuln/detail/CVE-2018-11307)\nAn issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.", + "markdown": "**Vulnerability CVE-2018-11307**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.7.9.4, 2.8.11.2, 2.9.6|[]()|CVE-2018-11307|[https://nvd.nist.gov/vuln/detail/CVE-2018-11307](An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2020-8840", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.0.0 through 2.9.10.2 ..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-refle..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", + "help": { + "text": "Vulnerability CVE-2020-8840\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8840](https://nvd.nist.gov/vuln/detail/CVE-2020-8840)\nFasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "markdown": "**Vulnerability CVE-2020-8840**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3|[]()|CVE-2020-8840|[https://nvd.nist.gov/vuln/detail/CVE-2020-8840](FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-14379", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "SubTypeValidator.java in FasterXML jackson-databin..." + }, + "fullDescription": { + "text": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandl..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379", + "help": { + "text": "Vulnerability CVE-2019-14379\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.7.9.6, 2.8.11.4, 2.9.9.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14379](https://nvd.nist.gov/vuln/detail/CVE-2019-14379)\nSubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.", + "markdown": "**Vulnerability CVE-2019-14379**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.7.9.6, 2.8.11.4, 2.9.9.2|[]()|CVE-2019-14379|[https://nvd.nist.gov/vuln/detail/CVE-2019-14379](SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2017-15095", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A deserialization flaw was discovered in the jacks..." + }, + "fullDescription": { + "text": "A deserialization flaw was discovered in the jackson-databind in versions b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", + "help": { + "text": "Vulnerability CVE-2017-15095\nSeverity: critical\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.7.9.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-15095](https://nvd.nist.gov/vuln/detail/CVE-2017-15095)\nA deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", + "markdown": "**Vulnerability CVE-2017-15095**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-databind|2.6.7.3, 2.7.9.2|[]()|CVE-2017-15095|[https://nvd.nist.gov/vuln/detail/CVE-2017-15095](A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2020-24750", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.6 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-24750", + "help": { + "text": "Vulnerability CVE-2020-24750\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.9.10.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-24750](https://nvd.nist.gov/vuln/detail/CVE-2020-24750)\nFasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "markdown": "**Vulnerability CVE-2020-24750**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.5, 2.9.10.6|[]()|CVE-2020-24750|[https://nvd.nist.gov/vuln/detail/CVE-2020-24750](FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2018-5968", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind through 2.8.11 and 2.9...." + }, + "fullDescription": { + "text": "FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows un..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-5968", + "help": { + "text": "Vulnerability CVE-2018-5968\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.7.9.5, 2.8.11.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-5968](https://nvd.nist.gov/vuln/detail/CVE-2018-5968)\nFasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.", + "markdown": "**Vulnerability CVE-2018-5968**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.7.9.5, 2.8.11.1|[]()|CVE-2018-5968|[https://nvd.nist.gov/vuln/detail/CVE-2018-5968](FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36188", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36188", + "help": { + "text": "Vulnerability CVE-2020-36188\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36188](https://nvd.nist.gov/vuln/detail/CVE-2020-36188)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.", + "markdown": "**Vulnerability CVE-2020-36188**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.5, 2.9.10.8|[]()|CVE-2020-36188|[https://nvd.nist.gov/vuln/detail/CVE-2020-36188](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-10650", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A deserialization flaw was discovered in jackson-d..." + }, + "fullDescription": { + "text": "A deserialization flaw was discovered in jackson-databind through 2.9.10.4...." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10650", + "help": { + "text": "Vulnerability CVE-2020-10650\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.9.10.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10650](https://nvd.nist.gov/vuln/detail/CVE-2020-10650)\nA deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.", + "markdown": "**Vulnerability CVE-2020-10650**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.9.10.4|[]()|CVE-2020-10650|[https://nvd.nist.gov/vuln/detail/CVE-2020-10650](A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36186", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36186", + "help": { + "text": "Vulnerability CVE-2020-36186\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36186](https://nvd.nist.gov/vuln/detail/CVE-2020-36186)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.", + "markdown": "**Vulnerability CVE-2020-36186**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.9.10.8|[]()|CVE-2020-36186|[https://nvd.nist.gov/vuln/detail/CVE-2020-36186](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2021-20190", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in jackson-databind before 2.9.10..." + }, + "fullDescription": { + "text": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190", + "help": { + "text": "Vulnerability CVE-2021-20190\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.9.10.7\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20190](https://nvd.nist.gov/vuln/detail/CVE-2021-20190)\nA flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "markdown": "**Vulnerability CVE-2021-20190**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.5, 2.9.10.7|[]()|CVE-2021-20190|[https://nvd.nist.gov/vuln/detail/CVE-2021-20190](A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36182", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36182", + "help": { + "text": "Vulnerability CVE-2020-36182\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36182](https://nvd.nist.gov/vuln/detail/CVE-2020-36182)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "markdown": "**Vulnerability CVE-2020-36182**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.5, 2.9.10.8|[]()|CVE-2020-36182|[https://nvd.nist.gov/vuln/detail/CVE-2020-36182](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36189", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36189", + "help": { + "text": "Vulnerability CVE-2020-36189\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36189](https://nvd.nist.gov/vuln/detail/CVE-2020-36189)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "markdown": "**Vulnerability CVE-2020-36189**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.5, 2.9.10.8|[]()|CVE-2020-36189|[https://nvd.nist.gov/vuln/detail/CVE-2020-36189](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-35490", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-35490", + "help": { + "text": "Vulnerability CVE-2020-35490\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35490](https://nvd.nist.gov/vuln/detail/CVE-2020-35490)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "markdown": "**Vulnerability CVE-2020-35490**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.9.10.8|[]()|CVE-2020-35490|[https://nvd.nist.gov/vuln/detail/CVE-2020-35490](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-24616", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.6 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-24616", + "help": { + "text": "Vulnerability CVE-2020-24616\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.9.10.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-24616](https://nvd.nist.gov/vuln/detail/CVE-2020-24616)\nFasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "markdown": "**Vulnerability CVE-2020-24616**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.9.10.6|[]()|CVE-2020-24616|[https://nvd.nist.gov/vuln/detail/CVE-2020-24616](FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-10673", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.4 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", + "help": { + "text": "Vulnerability CVE-2020-10673\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.4, 2.9.10.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10673](https://nvd.nist.gov/vuln/detail/CVE-2020-10673)\nFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "markdown": "**Vulnerability CVE-2020-10673**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.4, 2.9.10.4|[]()|CVE-2020-10673|[https://nvd.nist.gov/vuln/detail/CVE-2020-10673](FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36184", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36184", + "help": { + "text": "Vulnerability CVE-2020-36184\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36184](https://nvd.nist.gov/vuln/detail/CVE-2020-36184)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "markdown": "**Vulnerability CVE-2020-36184**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.9.10.8|[]()|CVE-2020-36184|[https://nvd.nist.gov/vuln/detail/CVE-2020-36184](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36181", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36181", + "help": { + "text": "Vulnerability CVE-2020-36181\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36181](https://nvd.nist.gov/vuln/detail/CVE-2020-36181)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.", + "markdown": "**Vulnerability CVE-2020-36181**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.5, 2.9.10.8|[]()|CVE-2020-36181|[https://nvd.nist.gov/vuln/detail/CVE-2020-36181](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2018-12022", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in FasterXML jackson-datab..." + }, + "fullDescription": { + "text": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", + "help": { + "text": "Vulnerability CVE-2018-12022\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.7.9.4, 2.8.11.2, 2.9.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-12022](https://nvd.nist.gov/vuln/detail/CVE-2018-12022)\nAn issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.", + "markdown": "**Vulnerability CVE-2018-12022**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.7.9.4, 2.8.11.2, 2.9.6|[]()|CVE-2018-12022|[https://nvd.nist.gov/vuln/detail/CVE-2018-12022](An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36185", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36185", + "help": { + "text": "Vulnerability CVE-2020-36185\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36185](https://nvd.nist.gov/vuln/detail/CVE-2020-36185)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.", + "markdown": "**Vulnerability CVE-2020-36185**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.9.10.8|[]()|CVE-2020-36185|[https://nvd.nist.gov/vuln/detail/CVE-2020-36185](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36179", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36179", + "help": { + "text": "Vulnerability CVE-2020-36179\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36179](https://nvd.nist.gov/vuln/detail/CVE-2020-36179)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.", + "markdown": "**Vulnerability CVE-2020-36179**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.5, 2.9.10.8|[]()|CVE-2020-36179|[https://nvd.nist.gov/vuln/detail/CVE-2020-36179](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-12086", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A Polymorphic Typing issue was discovered in Faste..." + }, + "fullDescription": { + "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-12086", + "help": { + "text": "Vulnerability CVE-2019-12086\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.7.9.6, 2.8.11.4, 2.9.9\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12086](https://nvd.nist.gov/vuln/detail/CVE-2019-12086)\nA Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.", + "markdown": "**Vulnerability CVE-2019-12086**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.3, 2.7.9.6, 2.8.11.4, 2.9.9|[]()|CVE-2019-12086|[https://nvd.nist.gov/vuln/detail/CVE-2019-12086](A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-35491", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-35491", + "help": { + "text": "Vulnerability CVE-2020-35491\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35491](https://nvd.nist.gov/vuln/detail/CVE-2020-35491)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "markdown": "**Vulnerability CVE-2020-35491**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.9.10.8|[]()|CVE-2020-35491|[https://nvd.nist.gov/vuln/detail/CVE-2020-35491](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-35728", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-35728", + "help": { + "text": "Vulnerability CVE-2020-35728\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35728](https://nvd.nist.gov/vuln/detail/CVE-2020-35728)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "markdown": "**Vulnerability CVE-2020-35728**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.9.10.8|[]()|CVE-2020-35728|[https://nvd.nist.gov/vuln/detail/CVE-2020-35728](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36518", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "jackson-databind before 2.13.0 allows a Java Stack..." + }, + "fullDescription": { + "text": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and de..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", + "help": { + "text": "Vulnerability CVE-2020-36518\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.12.6.1, 2.13.2.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518)\njackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.", + "markdown": "**Vulnerability CVE-2020-36518**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.12.6.1, 2.13.2.1|[]()|CVE-2020-36518|[https://nvd.nist.gov/vuln/detail/CVE-2020-36518](jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36187", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36187", + "help": { + "text": "Vulnerability CVE-2020-36187\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36187](https://nvd.nist.gov/vuln/detail/CVE-2020-36187)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "markdown": "**Vulnerability CVE-2020-36187**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.9.10.8|[]()|CVE-2020-36187|[https://nvd.nist.gov/vuln/detail/CVE-2020-36187](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36183", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36183", + "help": { + "text": "Vulnerability CVE-2020-36183\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36183](https://nvd.nist.gov/vuln/detail/CVE-2020-36183)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "markdown": "**Vulnerability CVE-2020-36183**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.5, 2.9.10.8|[]()|CVE-2020-36183|[https://nvd.nist.gov/vuln/detail/CVE-2020-36183](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-36180", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mis..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction b..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180", + "help": { + "text": "Vulnerability CVE-2020-36180\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36180](https://nvd.nist.gov/vuln/detail/CVE-2020-36180)\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "markdown": "**Vulnerability CVE-2020-36180**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.6.7.5, 2.9.10.8|[]()|CVE-2020-36180|[https://nvd.nist.gov/vuln/detail/CVE-2020-36180](FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-42004", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In FasterXML jackson-databind before 2.13.4, resou..." + }, + "fullDescription": { + "text": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", + "help": { + "text": "Vulnerability CVE-2022-42004\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.12.7.1, 2.13.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42004](https://nvd.nist.gov/vuln/detail/CVE-2022-42004)\nIn FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "markdown": "**Vulnerability CVE-2022-42004**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.12.7.1, 2.13.4|[]()|CVE-2022-42004|[https://nvd.nist.gov/vuln/detail/CVE-2022-42004](In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-42003", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In FasterXML jackson-databind before versions 2.13..." + }, + "fullDescription": { + "text": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resou..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", + "help": { + "text": "Vulnerability CVE-2022-42003\nSeverity: high\nPackage: jackson-databind\nFixed Version: 2.12.7.1, 2.13.4.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42003](https://nvd.nist.gov/vuln/detail/CVE-2022-42003)\nIn FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.", + "markdown": "**Vulnerability CVE-2022-42003**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-databind|2.12.7.1, 2.13.4.2|[]()|CVE-2022-42003|[https://nvd.nist.gov/vuln/detail/CVE-2022-42003](In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-12384", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.9.1 migh..." + }, + "fullDescription": { + "text": "FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384", + "help": { + "text": "Vulnerability CVE-2019-12384\nSeverity: medium\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.7.9.6, 2.8.11.4, 2.9.9.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12384](https://nvd.nist.gov/vuln/detail/CVE-2019-12384)\nFasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.", + "markdown": "**Vulnerability CVE-2019-12384**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jackson-databind|2.6.7.3, 2.7.9.6, 2.8.11.4, 2.9.9.1|[]()|CVE-2019-12384|[https://nvd.nist.gov/vuln/detail/CVE-2019-12384](FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2019-12814", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A Polymorphic Typing issue was discovered in Faste..." + }, + "fullDescription": { + "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814", + "help": { + "text": "Vulnerability CVE-2019-12814\nSeverity: medium\nPackage: jackson-databind\nFixed Version: 2.6.7.3, 2.7.9.6, 2.8.11.4, 2.9.9.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12814](https://nvd.nist.gov/vuln/detail/CVE-2019-12814)\nA Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.", + "markdown": "**Vulnerability CVE-2019-12814**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jackson-databind|2.6.7.3, 2.7.9.6, 2.8.11.4, 2.9.9.1|[]()|CVE-2019-12814|[https://nvd.nist.gov/vuln/detail/CVE-2019-12814](A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2018-1000873", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Fasterxml Jackson version Before 2.9.8 contains a ..." + }, + "fullDescription": { + "text": "Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Va..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000873", + "help": { + "text": "Vulnerability CVE-2018-1000873\nSeverity: medium\nPackage: jackson-databind\nFixed Version: 2.9.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1000873](https://nvd.nist.gov/vuln/detail/CVE-2018-1000873)\nFasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.", + "markdown": "**Vulnerability CVE-2018-1000873**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jackson-databind|2.9.8|[]()|CVE-2018-1000873|[https://nvd.nist.gov/vuln/detail/CVE-2018-1000873](Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-2976", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Use of Java\u0026#39;s default temporary directory for file..." + }, + "fullDescription": { + "text": "Use of Java\u0026#39;s default temporary directory for file creation in `FileBackedO..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", + "help": { + "text": "Vulnerability CVE-2023-2976\nSeverity: high\nPackage: guava\nFixed Version: 32.0.0-android\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2976](https://nvd.nist.gov/vuln/detail/CVE-2023-2976)\nUse of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\n\n", + "markdown": "**Vulnerability CVE-2023-2976**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|guava|32.0.0-android|[]()|CVE-2023-2976|[https://nvd.nist.gov/vuln/detail/CVE-2023-2976](Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\n\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2018-10237", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Unbounded memory allocation in Google Guava 11.0 t..." + }, + "fullDescription": { + "text": "Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237", + "help": { + "text": "Vulnerability CVE-2018-10237\nSeverity: medium\nPackage: guava\nFixed Version: 24.1.1-android\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-10237](https://nvd.nist.gov/vuln/detail/CVE-2018-10237)\nUnbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.", + "markdown": "**Vulnerability CVE-2018-10237**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|guava|24.1.1-android|[]()|CVE-2018-10237|[https://nvd.nist.gov/vuln/detail/CVE-2018-10237](Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-8908", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A temp directory creation vulnerability exists in ..." + }, + "fullDescription": { + "text": "A temp directory creation vulnerability exists in all versions of Guava, al..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908", + "help": { + "text": "Vulnerability CVE-2020-8908\nSeverity: low\nPackage: guava\nFixed Version: 32.0.0-android\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8908](https://nvd.nist.gov/vuln/detail/CVE-2020-8908)\nA temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.\n\n", + "markdown": "**Vulnerability CVE-2020-8908**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|guava|32.0.0-android|[]()|CVE-2020-8908|[https://nvd.nist.gov/vuln/detail/CVE-2020-8908](A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.\n\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-42392", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The org.h2.util.JdbcUtils.getConnection method of ..." + }, + "fullDescription": { + "text": "The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", + "help": { + "text": "Vulnerability CVE-2021-42392\nSeverity: critical\nPackage: h2\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-42392](https://nvd.nist.gov/vuln/detail/CVE-2021-42392)\nThe org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.", + "markdown": "**Vulnerability CVE-2021-42392**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|h2||[]()|CVE-2021-42392|[https://nvd.nist.gov/vuln/detail/CVE-2021-42392](The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2022-23221", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "H2 Console before 2.1.210 allows remote attackers ..." + }, + "fullDescription": { + "text": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", + "help": { + "text": "Vulnerability CVE-2022-23221\nSeverity: critical\nPackage: h2\nFixed Version: 2.0.206\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23221](https://nvd.nist.gov/vuln/detail/CVE-2022-23221)\nH2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "markdown": "**Vulnerability CVE-2022-23221**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|h2|2.0.206|[]()|CVE-2022-23221|[https://nvd.nist.gov/vuln/detail/CVE-2022-23221](H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2022-45868", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The web-based admin console in H2 Database Engine ..." + }, + "fullDescription": { + "text": "The web-based admin console in H2 Database Engine before 2.2.220 can be sta..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-45868", + "help": { + "text": "Vulnerability CVE-2022-45868\nSeverity: high\nPackage: h2\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45868](https://nvd.nist.gov/vuln/detail/CVE-2022-45868)\nThe web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states \"This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.\" Nonetheless, the issue was fixed in 2.2.220.", + "markdown": "**Vulnerability CVE-2022-45868**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|h2||[]()|CVE-2022-45868|[https://nvd.nist.gov/vuln/detail/CVE-2022-45868](The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states \"This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.\" Nonetheless, the issue was fixed in 2.2.220.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2014-0114", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Apache Commons BeanUtils, as distributed in lib/co..." + }, + "fullDescription": { + "text": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2014-0114", + "help": { + "text": "Vulnerability CVE-2014-0114\nSeverity: high\nPackage: commons-beanutils-core\nFixed Version: \nExploit Available: [http://www.exploit-db.com/exploits/41690](http://www.exploit-db.com/exploits/41690)\nExploit Type: remote\nLink: [CVE-2014-0114](https://nvd.nist.gov/vuln/detail/CVE-2014-0114)\nApache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.", + "markdown": "**Vulnerability CVE-2014-0114**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|commons-beanutils-core||[http://www.exploit-db.com/exploits/41690](remote)|CVE-2014-0114|[https://nvd.nist.gov/vuln/detail/CVE-2014-0114](Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2015-4852", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The WLS Security component in Oracle WebLogic Serv..." + }, + "fullDescription": { + "text": "The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-4852", + "help": { + "text": "Vulnerability CVE-2015-4852\nSeverity: critical\nPackage: commons-collections\nFixed Version: 3.2.2\nExploit Available: [http://www.exploit-db.com/exploits/42806](http://www.exploit-db.com/exploits/42806)\nExploit Type: remote\nLink: [CVE-2015-4852](https://nvd.nist.gov/vuln/detail/CVE-2015-4852)\nThe WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.", + "markdown": "**Vulnerability CVE-2015-4852**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|commons-collections|3.2.2|[http://www.exploit-db.com/exploits/42806](remote)|CVE-2015-4852|[https://nvd.nist.gov/vuln/detail/CVE-2015-4852](The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2015-7501", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS..." + }, + "fullDescription": { + "text": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-7501", + "help": { + "text": "Vulnerability CVE-2015-7501\nSeverity: critical\nPackage: commons-collections\nFixed Version: 3.2.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-7501](https://nvd.nist.gov/vuln/detail/CVE-2015-7501)\nRed Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.", + "markdown": "**Vulnerability CVE-2015-7501**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|commons-collections|3.2.2|[]()|CVE-2015-7501|[https://nvd.nist.gov/vuln/detail/CVE-2015-7501](Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2017-15708", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In Apache Synapse, by default no authentication is..." + }, + "fullDescription": { + "text": "In Apache Synapse, by default no authentication is required for Java Remote..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-15708", + "help": { + "text": "Vulnerability CVE-2017-15708\nSeverity: critical\nPackage: commons-collections\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-15708](https://nvd.nist.gov/vuln/detail/CVE-2017-15708)\nIn Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.", + "markdown": "**Vulnerability CVE-2017-15708**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|commons-collections||[]()|CVE-2017-15708|[https://nvd.nist.gov/vuln/detail/CVE-2017-15708](In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2015-6420", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Serialized-object interfaces in certain Cisco Coll..." + }, + "fullDescription": { + "text": "Serialized-object interfaces in certain Cisco Collaboration and Social Medi..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-6420", + "help": { + "text": "Vulnerability CVE-2015-6420\nSeverity: high\nPackage: commons-collections\nFixed Version: 3.2.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-6420](https://nvd.nist.gov/vuln/detail/CVE-2015-6420)\nSerialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.", + "markdown": "**Vulnerability CVE-2015-6420**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|commons-collections|3.2.2|[]()|CVE-2015-6420|[https://nvd.nist.gov/vuln/detail/CVE-2015-6420](Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2021-29425", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In Apache Commons IO before 2.7, When invoking the..." + }, + "fullDescription": { + "text": "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.nor..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425", + "help": { + "text": "Vulnerability CVE-2021-29425\nSeverity: medium\nPackage: commons-io\nFixed Version: 2.7\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-29425](https://nvd.nist.gov/vuln/detail/CVE-2021-29425)\nIn Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.", + "markdown": "**Vulnerability CVE-2021-29425**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|commons-io|2.7|[]()|CVE-2021-29425|[https://nvd.nist.gov/vuln/detail/CVE-2021-29425](In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2015-4041", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The keycompare_mb function in sort.c in sort in GN..." + }, + "fullDescription": { + "text": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 ..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2015-4041", + "help": { + "text": "Vulnerability CVE-2015-4041\nSeverity: low\nPackage: coreutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-4041](https://access.redhat.com/security/cve/CVE-2015-4041)\nThe keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", + "markdown": "**Vulnerability CVE-2015-4041**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|coreutils|any in centos 7.6.1810|[]()|CVE-2015-4041|[https://access.redhat.com/security/cve/CVE-2015-4041](The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2015-4042", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Integer overflow in the keycompare_mb function in ..." + }, + "fullDescription": { + "text": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Cor..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2015-4042", + "help": { + "text": "Vulnerability CVE-2015-4042\nSeverity: low\nPackage: coreutils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-4042](https://access.redhat.com/security/cve/CVE-2015-4042)\nInteger overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", + "markdown": "**Vulnerability CVE-2015-4042**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|coreutils|any in centos 7.6.1810|[]()|CVE-2015-4042|[https://access.redhat.com/security/cve/CVE-2015-4042](Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2020:3908", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The cpio packages provide the GNU cpio utility for..." + }, + "fullDescription": { + "text": "The cpio packages provide the GNU cpio utility for creating and extracting ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-14866", + "help": { + "text": "Vulnerability RHSA-2020:3908\nSeverity: medium\nPackage: cpio\nFixed Version: 2.11-28.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3908](https://access.redhat.com/security/cve/CVE-2019-14866)\nThe cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another.", + "markdown": "**Vulnerability RHSA-2020:3908**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|cpio|2.11-28.el7|[]()|RHSA-2020:3908|[https://access.redhat.com/security/cve/CVE-2019-14866](The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-38185", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GNU cpio through 2.13 allows attackers to execute ..." + }, + "fullDescription": { + "text": "GNU cpio through 2.13 allows attackers to execute arbitrary code via a craf..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-38185", + "help": { + "text": "Vulnerability CVE-2021-38185\nSeverity: medium\nPackage: cpio\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-38185](https://access.redhat.com/security/cve/CVE-2021-38185)\nGNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.", + "markdown": "**Vulnerability CVE-2021-38185**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|cpio|any in centos 7.6.1810|[]()|CVE-2021-38185|[https://access.redhat.com/security/cve/CVE-2021-38185](GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-27776", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A insufficiently protected credentials vulnerabili..." + }, + "fullDescription": { + "text": "A insufficiently protected credentials vulnerability in fixed in curl 7.83...." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27776", + "help": { + "text": "Vulnerability CVE-2022-27776\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27776](https://access.redhat.com/security/cve/CVE-2022-27776)\nA insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", + "markdown": "**Vulnerability CVE-2022-27776**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2022-27776|[https://access.redhat.com/security/cve/CVE-2022-27776](A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-27782", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "libcurl would reuse a previously created connectio..." + }, + "fullDescription": { + "text": "libcurl would reuse a previously created connection even when a TLS or SSHr..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27782", + "help": { + "text": "Vulnerability CVE-2022-27782\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27782](https://access.redhat.com/security/cve/CVE-2022-27782)\nlibcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "markdown": "**Vulnerability CVE-2022-27782**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2022-27782|[https://access.redhat.com/security/cve/CVE-2022-27782](libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-22947", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "When curl \u0026gt;= 7.20.0 and \u0026lt;= 7.78.0 connects to an I..." + }, + "fullDescription": { + "text": "When curl \u0026gt;= 7.20.0 and \u0026lt;= 7.78.0 connects to an IMAP or POP3 server to ret..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-22947", + "help": { + "text": "Vulnerability CVE-2021-22947\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22947](https://access.redhat.com/security/cve/CVE-2021-22947)\nWhen curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.", + "markdown": "**Vulnerability CVE-2021-22947**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2021-22947|[https://access.redhat.com/security/cve/CVE-2021-22947](When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:3916", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The curl packages provide the libcurl library and ..." + }, + "fullDescription": { + "text": "The curl packages provide the libcurl library and the curl utility for down..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-5482", + "help": { + "text": "Vulnerability RHSA-2020:3916\nSeverity: medium\nPackage: libcurl\nFixed Version: 7.29.0-59.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3916](https://access.redhat.com/security/cve/CVE-2019-5482)\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.", + "markdown": "**Vulnerability RHSA-2020:3916**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|7.29.0-59.el7|[]()|RHSA-2020:3916|[https://access.redhat.com/security/cve/CVE-2019-5482](The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:5002", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The curl packages provide the libcurl library and ..." + }, + "fullDescription": { + "text": "The curl packages provide the libcurl library and the curl utility for down..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-8177", + "help": { + "text": "Vulnerability RHSA-2020:5002\nSeverity: medium\nPackage: libcurl\nFixed Version: 7.29.0-59.el7_9.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5002](https://access.redhat.com/security/cve/CVE-2020-8177)\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.", + "markdown": "**Vulnerability RHSA-2020:5002**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|7.29.0-59.el7_9.1|[]()|RHSA-2020:5002|[https://access.redhat.com/security/cve/CVE-2020-8177](The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-8284", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A malicious server can use the FTP PASV response t..." + }, + "fullDescription": { + "text": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and e..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-8284", + "help": { + "text": "Vulnerability CVE-2020-8284\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8284](https://access.redhat.com/security/cve/CVE-2020-8284)\nA malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.", + "markdown": "**Vulnerability CVE-2020-8284**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2020-8284|[https://access.redhat.com/security/cve/CVE-2020-8284](A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-8285", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "curl 7.21.0 to and including 7.73.0 is vulnerable ..." + }, + "fullDescription": { + "text": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-8285", + "help": { + "text": "Vulnerability CVE-2020-8285\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8285](https://access.redhat.com/security/cve/CVE-2020-8285)\ncurl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.", + "markdown": "**Vulnerability CVE-2020-8285**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2020-8285|[https://access.redhat.com/security/cve/CVE-2020-8285](curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-22876", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "curl 7.1.1 to and including 7.75.0 is vulnerable t..." + }, + "fullDescription": { + "text": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \u0026#34;Exposure of Private..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-22876", + "help": { + "text": "Vulnerability CVE-2021-22876\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22876](https://access.redhat.com/security/cve/CVE-2021-22876)\ncurl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.", + "markdown": "**Vulnerability CVE-2021-22876**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2021-22876|[https://access.redhat.com/security/cve/CVE-2021-22876](curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-27774", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An insufficiently protected credentials vulnerabil..." + }, + "fullDescription": { + "text": "An insufficiently protected credentials vulnerability exists in curl 4.9 to..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27774", + "help": { + "text": "Vulnerability CVE-2022-27774\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27774](https://access.redhat.com/security/cve/CVE-2022-27774)\nAn insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "markdown": "**Vulnerability CVE-2022-27774**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2022-27774|[https://access.redhat.com/security/cve/CVE-2022-27774](An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-22924", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "libcurl keeps previously used connections in a con..." + }, + "fullDescription": { + "text": "libcurl keeps previously used connections in a connection pool for subseque..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-22924", + "help": { + "text": "Vulnerability CVE-2021-22924\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22924](https://access.redhat.com/security/cve/CVE-2021-22924)\nlibcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.", + "markdown": "**Vulnerability CVE-2021-22924**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2021-22924|[https://access.redhat.com/security/cve/CVE-2021-22924](libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-43551", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability exists in curl \u0026lt;7.87.0 HSTS check ..." + }, + "fullDescription": { + "text": "A vulnerability exists in curl \u0026lt;7.87.0 HSTS check that could be bypassed to..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-43551", + "help": { + "text": "Vulnerability CVE-2022-43551\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-43551](https://access.redhat.com/security/cve/CVE-2022-43551)\nA vulnerability exists in curl \u003c7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.", + "markdown": "**Vulnerability CVE-2022-43551**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2022-43551|[https://access.redhat.com/security/cve/CVE-2022-43551](A vulnerability exists in curl \u003c7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-22946", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A user can tell curl \u0026gt;= 7.20.0 and \u0026lt;= 7.78.0 to re..." + }, + "fullDescription": { + "text": "A user can tell curl \u0026gt;= 7.20.0 and \u0026lt;= 7.78.0 to require a successful upgrad..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-22946", + "help": { + "text": "Vulnerability CVE-2021-22946\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22946](https://access.redhat.com/security/cve/CVE-2021-22946)\nA user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.", + "markdown": "**Vulnerability CVE-2021-22946**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2021-22946|[https://access.redhat.com/security/cve/CVE-2021-22946](A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2024-2398", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "When an application tells libcurl it wants to allo..." + }, + "fullDescription": { + "text": "When an application tells libcurl it wants to allow HTTP/2 server push, and..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-2398", + "help": { + "text": "Vulnerability CVE-2024-2398\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-2398](https://access.redhat.com/security/cve/CVE-2024-2398)\nWhen an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", + "markdown": "**Vulnerability CVE-2024-2398**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2024-2398|[https://access.redhat.com/security/cve/CVE-2024-2398](When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-32208", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "When curl \u0026lt; 7.84.0 does FTP transfers secured by k..." + }, + "fullDescription": { + "text": "When curl \u0026lt; 7.84.0 does FTP transfers secured by krb5, it handles message v..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-32208", + "help": { + "text": "Vulnerability CVE-2022-32208\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-32208](https://access.redhat.com/security/cve/CVE-2022-32208)\nWhen curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "markdown": "**Vulnerability CVE-2022-32208**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2022-32208|[https://access.redhat.com/security/cve/CVE-2022-32208](When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-30115", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Using its HSTS support, curl can be instructed to ..." + }, + "fullDescription": { + "text": "Using its HSTS support, curl can be instructed to use HTTPS directly instea..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-30115", + "help": { + "text": "Vulnerability CVE-2022-30115\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-30115](https://access.redhat.com/security/cve/CVE-2022-30115)\nUsing its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.", + "markdown": "**Vulnerability CVE-2022-30115**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2022-30115|[https://access.redhat.com/security/cve/CVE-2022-30115](Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-27778", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A use of incorrectly resolved name vulnerability f..." + }, + "fullDescription": { + "text": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remo..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27778", + "help": { + "text": "Vulnerability CVE-2022-27778\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27778](https://access.redhat.com/security/cve/CVE-2022-27778)\nA use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.", + "markdown": "**Vulnerability CVE-2022-27778**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2022-27778|[https://access.redhat.com/security/cve/CVE-2022-27778](A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-27779", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "libcurl wrongly allows cookies to be set for Top L..." + }, + "fullDescription": { + "text": "libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if th..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27779", + "help": { + "text": "Vulnerability CVE-2022-27779\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27779](https://access.redhat.com/security/cve/CVE-2022-27779)\nlibcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's \"cookie engine\" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.", + "markdown": "**Vulnerability CVE-2022-27779**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2022-27779|[https://access.redhat.com/security/cve/CVE-2022-27779](libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's \"cookie engine\" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-27780", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The curl URL parser wrongly accepts percent-encode..." + }, + "fullDescription": { + "text": "The curl URL parser wrongly accepts percent-encoded URL separators like \u0026#39;/\u0026#39;..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27780", + "help": { + "text": "Vulnerability CVE-2022-27780\nSeverity: medium\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27780](https://access.redhat.com/security/cve/CVE-2022-27780)\nThe curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.", + "markdown": "**Vulnerability CVE-2022-27780**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcurl|any in centos 7.6.1810|[]()|CVE-2022-27780|[https://access.redhat.com/security/cve/CVE-2022-27780](The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:1880", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The curl packages provide the libcurl library and ..." + }, + "fullDescription": { + "text": "The curl packages provide the libcurl library and the curl utility for down..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-14618", + "help": { + "text": "Vulnerability RHSA-2019:1880\nSeverity: low\nPackage: libcurl\nFixed Version: 7.29.0-51.el7_6.3\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1880](https://access.redhat.com/security/cve/CVE-2018-14618)\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.", + "markdown": "**Vulnerability RHSA-2019:1880**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|7.29.0-51.el7_6.3|[]()|RHSA-2019:1880|[https://access.redhat.com/security/cve/CVE-2018-14618](The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2019:2181", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The curl packages provide the libcurl library and ..." + }, + "fullDescription": { + "text": "The curl packages provide the libcurl library and the curl utility for down..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-16842", + "help": { + "text": "Vulnerability RHSA-2019:2181\nSeverity: low\nPackage: libcurl\nFixed Version: 7.29.0-54.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2181](https://access.redhat.com/security/cve/CVE-2018-16842)\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.", + "markdown": "**Vulnerability RHSA-2019:2181**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|7.29.0-54.el7|[]()|RHSA-2019:2181|[https://access.redhat.com/security/cve/CVE-2018-16842](The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-27781", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "libcurl provides the `CURLOPT_CERTINFO` option to ..." + }, + "fullDescription": { + "text": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequ..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27781", + "help": { + "text": "Vulnerability CVE-2022-27781\nSeverity: low\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27781](https://access.redhat.com/security/cve/CVE-2022-27781)\nlibcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", + "markdown": "**Vulnerability CVE-2022-27781**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|any in centos 7.6.1810|[]()|CVE-2022-27781|[https://access.redhat.com/security/cve/CVE-2022-27781](libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-28322", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An information disclosure vulnerability exists in ..." + }, + "fullDescription": { + "text": "An information disclosure vulnerability exists in curl \u0026lt;v8.1.0 when doing H..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-28322", + "help": { + "text": "Vulnerability CVE-2023-28322\nSeverity: low\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-28322](https://access.redhat.com/security/cve/CVE-2023-28322)\nAn information disclosure vulnerability exists in curl \u003cv8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", + "markdown": "**Vulnerability CVE-2023-28322**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|any in centos 7.6.1810|[]()|CVE-2023-28322|[https://access.redhat.com/security/cve/CVE-2023-28322](An information disclosure vulnerability exists in curl \u003cv8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-35252", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "When curl is used to retrieve and parse cookies fr..." + }, + "fullDescription": { + "text": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itac..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-35252", + "help": { + "text": "Vulnerability CVE-2022-35252\nSeverity: low\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-35252](https://access.redhat.com/security/cve/CVE-2022-35252)\nWhen curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", + "markdown": "**Vulnerability CVE-2022-35252**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|any in centos 7.6.1810|[]()|CVE-2022-35252|[https://access.redhat.com/security/cve/CVE-2022-35252](When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-22925", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "curl supports the `-t` command line option, known ..." + }, + "fullDescription": { + "text": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-22925", + "help": { + "text": "Vulnerability CVE-2021-22925\nSeverity: low\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22925](https://access.redhat.com/security/cve/CVE-2021-22925)\ncurl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.", + "markdown": "**Vulnerability CVE-2021-22925**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|any in centos 7.6.1810|[]()|CVE-2021-22925|[https://access.redhat.com/security/cve/CVE-2021-22925](curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2023:7743", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The curl packages provide the libcurl library and ..." + }, + "fullDescription": { + "text": "The curl packages provide the libcurl library and the curl utility for down..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-43552", + "help": { + "text": "Vulnerability RHSA-2023:7743\nSeverity: low\nPackage: libcurl\nFixed Version: 7.29.0-59.el7_9.2\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:7743](https://access.redhat.com/security/cve/CVE-2022-43552)\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.", + "markdown": "**Vulnerability RHSA-2023:7743**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|7.29.0-59.el7_9.2|[]()|RHSA-2023:7743|[https://access.redhat.com/security/cve/CVE-2022-43552](The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-22898", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "curl 7.7 through 7.76.1 suffers from an informatio..." + }, + "fullDescription": { + "text": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-22898", + "help": { + "text": "Vulnerability CVE-2021-22898\nSeverity: low\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22898](https://access.redhat.com/security/cve/CVE-2021-22898)\ncurl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.", + "markdown": "**Vulnerability CVE-2021-22898**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|any in centos 7.6.1810|[]()|CVE-2021-22898|[https://access.redhat.com/security/cve/CVE-2021-22898](curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-38546", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "This flaw allows an attacker to insert cookies at ..." + }, + "fullDescription": { + "text": "This flaw allows an attacker to insert cookies at will into a running progr..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-38546", + "help": { + "text": "Vulnerability CVE-2023-38546\nSeverity: low\nPackage: libcurl\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-38546](https://access.redhat.com/security/cve/CVE-2023-38546)\nThis flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates 'easy handles' that are the individual handles for single transfers. libcurl provides a function call that duplicates an easy handle called curl_easy_duphandle. If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as none (using the four ASCII letters, no quotes).Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named none - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.", + "markdown": "**Vulnerability CVE-2023-38546**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|any in centos 7.6.1810|[]()|CVE-2023-38546|[https://access.redhat.com/security/cve/CVE-2023-38546](This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates 'easy handles' that are the individual handles for single transfers. libcurl provides a function call that duplicates an easy handle called curl_easy_duphandle. If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as none (using the four ASCII letters, no quotes).Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named none - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2020:1020", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The curl packages provide the libcurl library and ..." + }, + "fullDescription": { + "text": "The curl packages provide the libcurl library and the curl utility for down..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-5436", + "help": { + "text": "Vulnerability RHSA-2020:1020\nSeverity: low\nPackage: libcurl\nFixed Version: 7.29.0-57.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1020](https://access.redhat.com/security/cve/CVE-2019-5436)\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.", + "markdown": "**Vulnerability RHSA-2020:1020**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcurl|7.29.0-57.el7|[]()|RHSA-2020:1020|[https://access.redhat.com/security/cve/CVE-2019-5436](The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2022:0666", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The cyrus-sasl packages contain the Cyrus implemen..." + }, + "fullDescription": { + "text": "The cyrus-sasl packages contain the Cyrus implementation of Simple Authenti..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-24407", + "help": { + "text": "Vulnerability RHSA-2022:0666\nSeverity: high\nPackage: cyrus-sasl-lib\nFixed Version: 2.1.26-24.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0666](https://access.redhat.com/security/cve/CVE-2022-24407)\nThe cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer (SASL). SASL is a method for adding authentication support to connection-based protocols.", + "markdown": "**Vulnerability RHSA-2022:0666**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|cyrus-sasl-lib|2.1.26-24.el7_9|[]()|RHSA-2022:0666|[https://access.redhat.com/security/cve/CVE-2022-24407](The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer (SASL). SASL is a method for adding authentication support to connection-based protocols.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:2894", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "D-Bus is a system for sending messages between app..." + }, + "fullDescription": { + "text": "D-Bus is a system for sending messages between applications. It is used bot..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-12049", + "help": { + "text": "Vulnerability RHSA-2020:2894\nSeverity: high\nPackage: dbus-libs\nFixed Version: 1:1.10.24-14.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:2894](https://access.redhat.com/security/cve/CVE-2020-12049)\nD-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.", + "markdown": "**Vulnerability RHSA-2020:2894**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|dbus-libs|1:1.10.24-14.el7_8|[]()|RHSA-2020:2894|[https://access.redhat.com/security/cve/CVE-2020-12049](D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:4032", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "D-Bus is a system for sending messages between app..." + }, + "fullDescription": { + "text": "D-Bus is a system for sending messages between applications. It is used bot..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-12749", + "help": { + "text": "Vulnerability RHSA-2020:4032\nSeverity: medium\nPackage: dbus-libs\nFixed Version: 1:1.10.24-15.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4032](https://access.redhat.com/security/cve/CVE-2019-12749)\nD-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.", + "markdown": "**Vulnerability RHSA-2020:4032**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|dbus-libs|1:1.10.24-15.el7|[]()|RHSA-2020:4032|[https://access.redhat.com/security/cve/CVE-2019-12749](D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-42010", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in D-Bus before 1.12.24, 1..." + }, + "fullDescription": { + "text": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-42010", + "help": { + "text": "Vulnerability CVE-2022-42010\nSeverity: medium\nPackage: dbus-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42010](https://access.redhat.com/security/cve/CVE-2022-42010)\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", + "markdown": "**Vulnerability CVE-2022-42010**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|dbus-libs|any in centos 7.6.1810|[]()|CVE-2022-42010|[https://access.redhat.com/security/cve/CVE-2022-42010](An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-42011", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in D-Bus before 1.12.24, 1..." + }, + "fullDescription": { + "text": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-42011", + "help": { + "text": "Vulnerability CVE-2022-42011\nSeverity: medium\nPackage: dbus-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42011](https://access.redhat.com/security/cve/CVE-2022-42011)\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.", + "markdown": "**Vulnerability CVE-2022-42011**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|dbus-libs|any in centos 7.6.1810|[]()|CVE-2022-42011|[https://access.redhat.com/security/cve/CVE-2022-42011](An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-42012", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in D-Bus before 1.12.24, 1..." + }, + "fullDescription": { + "text": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-42012", + "help": { + "text": "Vulnerability CVE-2022-42012\nSeverity: medium\nPackage: dbus-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42012](https://access.redhat.com/security/cve/CVE-2022-42012)\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.", + "markdown": "**Vulnerability CVE-2022-42012**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|dbus-libs|any in centos 7.6.1810|[]()|CVE-2022-42012|[https://access.redhat.com/security/cve/CVE-2022-42012](An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-34969", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "D-Bus before 1.15.6 sometimes allows unprivileged ..." + }, + "fullDescription": { + "text": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemo..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-34969", + "help": { + "text": "Vulnerability CVE-2023-34969\nSeverity: medium\nPackage: dbus-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-34969](https://access.redhat.com/security/cve/CVE-2023-34969)\nD-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", + "markdown": "**Vulnerability CVE-2023-34969**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|dbus-libs|any in centos 7.6.1810|[]()|CVE-2023-34969|[https://access.redhat.com/security/cve/CVE-2023-34969](D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2014-3636", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x ..." + }, + "fullDescription": { + "text": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2014-3636", + "help": { + "text": "Vulnerability CVE-2014-3636\nSeverity: low\nPackage: dbus-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3636](https://access.redhat.com/security/cve/CVE-2014-3636)\nD-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", + "markdown": "**Vulnerability CVE-2014-3636**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|dbus-libs|any in centos 7.6.1810|[]()|CVE-2014-3636|[https://access.redhat.com/security/cve/CVE-2014-3636](D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2014-3637", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x ..." + }, + "fullDescription": { + "text": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not pro..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2014-3637", + "help": { + "text": "Vulnerability CVE-2014-3637\nSeverity: low\nPackage: dbus-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3637](https://access.redhat.com/security/cve/CVE-2014-3637)\nD-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", + "markdown": "**Vulnerability CVE-2014-3637**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|dbus-libs|any in centos 7.6.1810|[]()|CVE-2014-3637|[https://access.redhat.com/security/cve/CVE-2014-3637](D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2014-3638", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The bus_connections_check_reply function in config..." + }, + "fullDescription": { + "text": "The bus_connections_check_reply function in config-parser.c in D-Bus before..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2014-3638", + "help": { + "text": "Vulnerability CVE-2014-3638\nSeverity: low\nPackage: dbus-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3638](https://access.redhat.com/security/cve/CVE-2014-3638)\nThe bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", + "markdown": "**Vulnerability CVE-2014-3638**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|dbus-libs|any in centos 7.6.1810|[]()|CVE-2014-3638|[https://access.redhat.com/security/cve/CVE-2014-3638](The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2014-3639", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x b..." + }, + "fullDescription": { + "text": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not prop..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2014-3639", + "help": { + "text": "Vulnerability CVE-2014-3639\nSeverity: low\nPackage: dbus-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3639](https://access.redhat.com/security/cve/CVE-2014-3639)\nThe dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", + "markdown": "**Vulnerability CVE-2014-3639**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|dbus-libs|any in centos 7.6.1810|[]()|CVE-2014-3639|[https://access.redhat.com/security/cve/CVE-2014-3639](The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2020-10683", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows e..." + }, + "fullDescription": { + "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", + "help": { + "text": "Vulnerability CVE-2020-10683\nSeverity: critical\nPackage: dom4j\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10683](https://nvd.nist.gov/vuln/detail/CVE-2020-10683)\ndom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", + "markdown": "**Vulnerability CVE-2020-10683**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|dom4j||[]()|CVE-2020-10683|[https://nvd.nist.gov/vuln/detail/CVE-2020-10683](dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2018-1000632", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "dom4j version prior to version 2.1.1 contains a CW..." + }, + "fullDescription": { + "text": "dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulne..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000632", + "help": { + "text": "Vulnerability CVE-2018-1000632\nSeverity: high\nPackage: dom4j\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1000632](https://nvd.nist.gov/vuln/detail/CVE-2018-1000632)\ndom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.", + "markdown": "**Vulnerability CVE-2018-1000632**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|dom4j||[]()|CVE-2018-1000632|[https://nvd.nist.gov/vuln/detail/CVE-2018-1000632](dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2019:2197", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The elfutils packages contain a number of utility ..." + }, + "fullDescription": { + "text": "The elfutils packages contain a number of utility programs and libraries re..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-16402", + "help": { + "text": "Vulnerability RHSA-2019:2197\nSeverity: low\nPackage: elfutils-libs\nFixed Version: 0.176-2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2197](https://access.redhat.com/security/cve/CVE-2018-16402)\nThe elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.", + "markdown": "**Vulnerability RHSA-2019:2197**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|elfutils-libs|0.176-2.el7|[]()|RHSA-2019:2197|[https://access.redhat.com/security/cve/CVE-2018-16402](The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2022:1069", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Expat is a C library for parsing XML documents." + }, + "fullDescription": { + "text": "Expat is a C library for parsing XML documents." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-25315", + "help": { + "text": "Vulnerability RHSA-2022:1069\nSeverity: high\nPackage: expat\nFixed Version: 2.1.0-14.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:1069](https://access.redhat.com/security/cve/CVE-2022-25315)\nExpat is a C library for parsing XML documents.", + "markdown": "**Vulnerability RHSA-2022:1069**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|expat|2.1.0-14.el7_9|[]()|RHSA-2022:1069|[https://access.redhat.com/security/cve/CVE-2022-25315](Expat is a C library for parsing XML documents.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2022:6834", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Expat is a C library for parsing XML documents." + }, + "fullDescription": { + "text": "Expat is a C library for parsing XML documents." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-40674", + "help": { + "text": "Vulnerability RHSA-2022:6834\nSeverity: high\nPackage: expat\nFixed Version: 2.1.0-15.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:6834](https://access.redhat.com/security/cve/CVE-2022-40674)\nExpat is a C library for parsing XML documents.", + "markdown": "**Vulnerability RHSA-2022:6834**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|expat|2.1.0-15.el7_9|[]()|RHSA-2022:6834|[https://access.redhat.com/security/cve/CVE-2022-40674](Expat is a C library for parsing XML documents.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:1011", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Expat is a C library for parsing XML documents." + }, + "fullDescription": { + "text": "Expat is a C library for parsing XML documents." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2015-2716", + "help": { + "text": "Vulnerability RHSA-2020:1011\nSeverity: medium\nPackage: expat\nFixed Version: 2.1.0-11.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1011](https://access.redhat.com/security/cve/CVE-2015-2716)\nExpat is a C library for parsing XML documents.", + "markdown": "**Vulnerability RHSA-2020:1011**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|expat|2.1.0-11.el7|[]()|RHSA-2020:1011|[https://access.redhat.com/security/cve/CVE-2015-2716](Expat is a C library for parsing XML documents.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:3952", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Expat is a C library for parsing XML documents." + }, + "fullDescription": { + "text": "Expat is a C library for parsing XML documents." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-15903", + "help": { + "text": "Vulnerability RHSA-2020:3952\nSeverity: medium\nPackage: expat\nFixed Version: 2.1.0-12.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3952](https://access.redhat.com/security/cve/CVE-2019-15903)\nExpat is a C library for parsing XML documents.", + "markdown": "**Vulnerability RHSA-2020:3952**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|expat|2.1.0-12.el7|[]()|RHSA-2020:3952|[https://access.redhat.com/security/cve/CVE-2019-15903](Expat is a C library for parsing XML documents.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-25313", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In Expat (aka libexpat) before 2.4.5, an attacker ..." + }, + "fullDescription": { + "text": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaust..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-25313", + "help": { + "text": "Vulnerability CVE-2022-25313\nSeverity: medium\nPackage: expat\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-25313](https://access.redhat.com/security/cve/CVE-2022-25313)\nIn Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.", + "markdown": "**Vulnerability CVE-2022-25313**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|expat|any in centos 7.6.1810|[]()|CVE-2022-25313|[https://access.redhat.com/security/cve/CVE-2022-25313](In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-52425", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "libexpat through 2.5.0 allows a denial of service ..." + }, + "fullDescription": { + "text": "libexpat through 2.5.0 allows a denial of service (resource consumption) be..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-52425", + "help": { + "text": "Vulnerability CVE-2023-52425\nSeverity: medium\nPackage: expat\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-52425](https://access.redhat.com/security/cve/CVE-2023-52425)\nlibexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", + "markdown": "**Vulnerability CVE-2023-52425**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|expat|any in centos 7.6.1810|[]()|CVE-2023-52425|[https://access.redhat.com/security/cve/CVE-2023-52425](libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:1022", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The file command is used to identify a particular ..." + }, + "fullDescription": { + "text": "The file command is used to identify a particular file according to the typ..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-10360", + "help": { + "text": "Vulnerability RHSA-2020:1022\nSeverity: low\nPackage: file-libs\nFixed Version: 5.11-36.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1022](https://access.redhat.com/security/cve/CVE-2018-10360)\nThe file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats.", + "markdown": "**Vulnerability RHSA-2020:1022**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|file-libs|5.11-36.el7|[]()|RHSA-2020:1022|[https://access.redhat.com/security/cve/CVE-2018-10360](The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-48554", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "File before 5.43 has an stack-based buffer over-re..." + }, + "fullDescription": { + "text": "File before 5.43 has an stack-based buffer over-read in file_copystr in fun..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-48554", + "help": { + "text": "Vulnerability CVE-2022-48554\nSeverity: low\nPackage: file-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48554](https://access.redhat.com/security/cve/CVE-2022-48554)\nFile before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", + "markdown": "**Vulnerability CVE-2022-48554**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|file-libs|any in centos 7.6.1810|[]()|CVE-2022-48554|[https://access.redhat.com/security/cve/CVE-2022-48554](File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2020:4907", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "FreeType is a free, high-quality, portable font en..." + }, + "fullDescription": { + "text": "FreeType is a free, high-quality, portable font engine that can open and ma..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-15999", + "help": { + "text": "Vulnerability RHSA-2020:4907\nSeverity: high\nPackage: freetype\nFixed Version: 2.8-14.el7_9.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4907](https://access.redhat.com/security/cve/CVE-2020-15999)\nFreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.", + "markdown": "**Vulnerability RHSA-2020:4907**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|freetype|2.8-14.el7_9.1|[]()|RHSA-2020:4907|[https://access.redhat.com/security/cve/CVE-2020-15999](FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-27404", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c3..." + }, + "fullDescription": { + "text": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27404", + "help": { + "text": "Vulnerability CVE-2022-27404\nSeverity: medium\nPackage: freetype\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27404](https://access.redhat.com/security/cve/CVE-2022-27404)\nFreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.", + "markdown": "**Vulnerability CVE-2022-27404**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|freetype|any in centos 7.6.1810|[]()|CVE-2022-27404|[https://access.redhat.com/security/cve/CVE-2022-27404](FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-27405", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "FreeType commit 53dfdcd8198d2b3201a23c4bad9190519b..." + }, + "fullDescription": { + "text": "FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27405", + "help": { + "text": "Vulnerability CVE-2022-27405\nSeverity: medium\nPackage: freetype\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27405](https://access.redhat.com/security/cve/CVE-2022-27405)\nFreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.", + "markdown": "**Vulnerability CVE-2022-27405**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|freetype|any in centos 7.6.1810|[]()|CVE-2022-27405|[https://access.redhat.com/security/cve/CVE-2022-27405](FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-27406", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d..." + }, + "fullDescription": { + "text": "FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-27406", + "help": { + "text": "Vulnerability CVE-2022-27406\nSeverity: medium\nPackage: freetype\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27406](https://access.redhat.com/security/cve/CVE-2022-27406)\nFreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.", + "markdown": "**Vulnerability CVE-2022-27406**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|freetype|any in centos 7.6.1810|[]()|CVE-2022-27406|[https://access.redhat.com/security/cve/CVE-2022-27406](FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-28506", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "There is a heap-buffer-overflow in GIFLIB 5.2.1 fu..." + }, + "fullDescription": { + "text": "There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() i..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-28506", + "help": { + "text": "Vulnerability CVE-2022-28506\nSeverity: medium\nPackage: giflib\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-28506](https://access.redhat.com/security/cve/CVE-2022-28506)\nThere is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.", + "markdown": "**Vulnerability CVE-2022-28506**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|giflib|any in centos 7.6.1810|[]()|CVE-2022-28506|[https://access.redhat.com/security/cve/CVE-2022-28506](There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-23922", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in giflib through 5.1.4. D..." + }, + "fullDescription": { + "text": "An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb...." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-23922", + "help": { + "text": "Vulnerability CVE-2020-23922\nSeverity: low\nPackage: giflib\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-23922](https://access.redhat.com/security/cve/CVE-2020-23922)\nAn issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.", + "markdown": "**Vulnerability CVE-2020-23922**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|giflib|any in centos 7.6.1810|[]()|CVE-2020-23922|[https://access.redhat.com/security/cve/CVE-2020-23922](An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-39742", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "giflib v5.2.1 was discovered to contain a segmenta..." + }, + "fullDescription": { + "text": "giflib v5.2.1 was discovered to contain a segmentation fault via the compon..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-39742", + "help": { + "text": "Vulnerability CVE-2023-39742\nSeverity: low\nPackage: giflib\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-39742](https://access.redhat.com/security/cve/CVE-2023-39742)\ngiflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.", + "markdown": "**Vulnerability CVE-2023-39742**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|giflib|any in centos 7.6.1810|[]()|CVE-2023-39742|[https://access.redhat.com/security/cve/CVE-2023-39742](giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2021:2147", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GLib provides the core application building blocks..." + }, + "fullDescription": { + "text": "GLib provides the core application building blocks for libraries and applic..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-27219", + "help": { + "text": "Vulnerability RHSA-2021:2147\nSeverity: high\nPackage: glib2\nFixed Version: 2.56.1-9.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:2147](https://access.redhat.com/security/cve/CVE-2021-27219)\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.", + "markdown": "**Vulnerability RHSA-2021:2147**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|glib2|2.56.1-9.el7_9|[]()|RHSA-2021:2147|[https://access.redhat.com/security/cve/CVE-2021-27219](GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:3978", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GLib provides the core application building blocks..." + }, + "fullDescription": { + "text": "GLib provides the core application building blocks for libraries and applic..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-12450", + "help": { + "text": "Vulnerability RHSA-2020:3978\nSeverity: medium\nPackage: glib2\nFixed Version: 2.56.1-7.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3978](https://access.redhat.com/security/cve/CVE-2019-12450)\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.", + "markdown": "**Vulnerability RHSA-2020:3978**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glib2|2.56.1-7.el7|[]()|RHSA-2020:3978|[https://access.redhat.com/security/cve/CVE-2019-12450](GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-27218", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in GNOME GLib before 2.66...." + }, + "fullDescription": { + "text": "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67...." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-27218", + "help": { + "text": "Vulnerability CVE-2021-27218\nSeverity: medium\nPackage: glib2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-27218](https://access.redhat.com/security/cve/CVE-2021-27218)\nAn issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.", + "markdown": "**Vulnerability CVE-2021-27218**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glib2|any in centos 7.6.1810|[]()|CVE-2021-27218|[https://access.redhat.com/security/cve/CVE-2021-27218](An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3800", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in glib before version 2.63.6. Du..." + }, + "fullDescription": { + "text": "A flaw was found in glib before version 2.63.6. Due to random charset alias..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3800", + "help": { + "text": "Vulnerability CVE-2021-3800\nSeverity: medium\nPackage: glib2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3800](https://access.redhat.com/security/cve/CVE-2021-3800)\nA flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.", + "markdown": "**Vulnerability CVE-2021-3800**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glib2|any in centos 7.6.1810|[]()|CVE-2021-3800|[https://access.redhat.com/security/cve/CVE-2021-3800](A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHBA-2019:2044", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GNOME is the default desktop environment of Red Ha..." + }, + "fullDescription": { + "text": "GNOME is the default desktop environment of Red Hat Enterprise Linux." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-5819", + "help": { + "text": "Vulnerability RHBA-2019:2044\nSeverity: low\nPackage: glib2\nFixed Version: 2.56.1-5.el7\nExploit Available: []()\nExploit Type: \nLink: [RHBA-2019:2044](https://access.redhat.com/security/cve/CVE-2018-5819)\nGNOME is the default desktop environment of Red Hat Enterprise Linux.", + "markdown": "**Vulnerability RHBA-2019:2044**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glib2|2.56.1-5.el7|[]()|RHBA-2019:2044|[https://access.redhat.com/security/cve/CVE-2018-5819](GNOME is the default desktop environment of Red Hat Enterprise Linux.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-28153", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in GNOME GLib before 2.66...." + }, + "fullDescription": { + "text": "An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() ..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-28153", + "help": { + "text": "Vulnerability CVE-2021-28153\nSeverity: low\nPackage: glib2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-28153](https://access.redhat.com/security/cve/CVE-2021-28153)\nAn issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)", + "markdown": "**Vulnerability CVE-2021-28153**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glib2|any in centos 7.6.1810|[]()|CVE-2021-28153|[https://access.redhat.com/security/cve/CVE-2021-28153](An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.))|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-29499", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in GLib. GVariant deserialization..." + }, + "fullDescription": { + "text": "A flaw was found in GLib. GVariant deserialization fails to validate that t..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-29499", + "help": { + "text": "Vulnerability CVE-2023-29499\nSeverity: low\nPackage: glib2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-29499](https://access.redhat.com/security/cve/CVE-2023-29499)\nA flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", + "markdown": "**Vulnerability CVE-2023-29499**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glib2|any in centos 7.6.1810|[]()|CVE-2023-29499|[https://access.redhat.com/security/cve/CVE-2023-29499](A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-32611", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in GLib. GVariant deserialization..." + }, + "fullDescription": { + "text": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowd..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-32611", + "help": { + "text": "Vulnerability CVE-2023-32611\nSeverity: low\nPackage: glib2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-32611](https://access.redhat.com/security/cve/CVE-2023-32611)\nA flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", + "markdown": "**Vulnerability CVE-2023-32611**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glib2|any in centos 7.6.1810|[]()|CVE-2023-32611|[https://access.redhat.com/security/cve/CVE-2023-32611](A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-32665", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in GLib. GVariant deserialization..." + }, + "fullDescription": { + "text": "A flaw was found in GLib. GVariant deserialization is vulnerable to an expo..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-32665", + "help": { + "text": "Vulnerability CVE-2023-32665\nSeverity: low\nPackage: glib2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-32665](https://access.redhat.com/security/cve/CVE-2023-32665)\nA flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", + "markdown": "**Vulnerability CVE-2023-32665**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glib2|any in centos 7.6.1810|[]()|CVE-2023-32665|[https://access.redhat.com/security/cve/CVE-2023-32665](A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2024-2961", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The iconv() function in the GNU C Library versions..." + }, + "fullDescription": { + "text": "The iconv() function in the GNU C Library versions 2.39 and older may overf..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-2961", + "help": { + "text": "Vulnerability CVE-2024-2961\nSeverity: high\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-2961](https://access.redhat.com/security/cve/CVE-2024-2961)\nThe iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n", + "markdown": "**Vulnerability CVE-2024-2961**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|glibc-common|any in centos 7.6.1810|[]()|CVE-2024-2961|[https://access.redhat.com/security/cve/CVE-2024-2961](The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2024-33599", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A stack-based buffer overflow flaw was found in th..." + }, + "fullDescription": { + "text": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. I..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-33599", + "help": { + "text": "Vulnerability CVE-2024-33599\nSeverity: high\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33599](https://access.redhat.com/security/cve/CVE-2024-33599)\nA stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", + "markdown": "**Vulnerability CVE-2024-33599**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|glibc-common|any in centos 7.6.1810|[]()|CVE-2024-33599|[https://access.redhat.com/security/cve/CVE-2024-33599](A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-5156", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in the GNU C Library. A recent fi..." + }, + "fullDescription": { + "text": "A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 intro..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-5156", + "help": { + "text": "Vulnerability CVE-2023-5156\nSeverity: medium\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5156](https://access.redhat.com/security/cve/CVE-2023-5156)\nA flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.", + "markdown": "**Vulnerability CVE-2023-5156**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glibc-common|any in centos 7.6.1810|[]()|CVE-2023-5156|[https://access.redhat.com/security/cve/CVE-2023-5156](A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-35942", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The wordexp function in the GNU C Library (aka gli..." + }, + "fullDescription": { + "text": "The wordexp function in the GNU C Library (aka glibc) through 2.33 may cras..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-35942", + "help": { + "text": "Vulnerability CVE-2021-35942\nSeverity: medium\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35942](https://access.redhat.com/security/cve/CVE-2021-35942)\nThe wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.", + "markdown": "**Vulnerability CVE-2021-35942**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glibc-common|any in centos 7.6.1810|[]()|CVE-2021-35942|[https://access.redhat.com/security/cve/CVE-2021-35942](The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3999", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in glibc. An off-by-one buffer ov..." + }, + "fullDescription": { + "text": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in g..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3999", + "help": { + "text": "Vulnerability CVE-2021-3999\nSeverity: medium\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3999](https://access.redhat.com/security/cve/CVE-2021-3999)\nA flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", + "markdown": "**Vulnerability CVE-2021-3999**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glibc-common|any in centos 7.6.1810|[]()|CVE-2021-3999|[https://access.redhat.com/security/cve/CVE-2021-3999](A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-23218", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The deprecated compatibility function svcunix_crea..." + }, + "fullDescription": { + "text": "The deprecated compatibility function svcunix_create in the sunrpc module o..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-23218", + "help": { + "text": "Vulnerability CVE-2022-23218\nSeverity: medium\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23218](https://access.redhat.com/security/cve/CVE-2022-23218)\nThe deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", + "markdown": "**Vulnerability CVE-2022-23218**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glibc-common|any in centos 7.6.1810|[]()|CVE-2022-23218|[https://access.redhat.com/security/cve/CVE-2022-23218](The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-23219", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The deprecated compatibility function clnt_create ..." + }, + "fullDescription": { + "text": "The deprecated compatibility function clnt_create in the sunrpc module of t..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-23219", + "help": { + "text": "Vulnerability CVE-2022-23219\nSeverity: medium\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23219](https://access.redhat.com/security/cve/CVE-2022-23219)\nThe deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", + "markdown": "**Vulnerability CVE-2022-23219**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glibc-common|any in centos 7.6.1810|[]()|CVE-2022-23219|[https://access.redhat.com/security/cve/CVE-2022-23219](The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:2118", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The glibc packages provide the standard C librarie..." + }, + "fullDescription": { + "text": "The glibc packages provide the standard C libraries (libc), POSIX thread li..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2016-10739", + "help": { + "text": "Vulnerability RHSA-2019:2118\nSeverity: medium\nPackage: glibc-common\nFixed Version: 2.17-292.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2118](https://access.redhat.com/security/cve/CVE-2016-10739)\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.", + "markdown": "**Vulnerability RHSA-2019:2118**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glibc-common|2.17-292.el7|[]()|RHSA-2019:2118|[https://access.redhat.com/security/cve/CVE-2016-10739](The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2021:0348", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The glibc packages provide the standard C librarie..." + }, + "fullDescription": { + "text": "The glibc packages provide the standard C libraries (libc), POSIX thread li..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-29573", + "help": { + "text": "Vulnerability RHSA-2021:0348\nSeverity: medium\nPackage: glibc-common\nFixed Version: 2.17-322.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:0348](https://access.redhat.com/security/cve/CVE-2020-29573)\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.", + "markdown": "**Vulnerability RHSA-2021:0348**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glibc-common|2.17-322.el7_9|[]()|RHSA-2021:0348|[https://access.redhat.com/security/cve/CVE-2020-29573](The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2024-33600", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in the glibc netgroup cache. Afte..." + }, + "fullDescription": { + "text": "A flaw was found in the glibc netgroup cache. After a failed cache insertio..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-33600", + "help": { + "text": "Vulnerability CVE-2024-33600\nSeverity: medium\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33600](https://access.redhat.com/security/cve/CVE-2024-33600)\nA flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", + "markdown": "**Vulnerability CVE-2024-33600**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|glibc-common|any in centos 7.6.1810|[]()|CVE-2024-33600|[https://access.redhat.com/security/cve/CVE-2024-33600](A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-27618", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The iconv function in the GNU C Library (aka glibc..." + }, + "fullDescription": { + "text": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earli..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-27618", + "help": { + "text": "Vulnerability CVE-2020-27618\nSeverity: low\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-27618](https://access.redhat.com/security/cve/CVE-2020-27618)\nThe iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.", + "markdown": "**Vulnerability CVE-2020-27618**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glibc-common|any in centos 7.6.1810|[]()|CVE-2020-27618|[https://access.redhat.com/security/cve/CVE-2020-27618](The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-33574", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The mq_notify function in the GNU C Library (aka g..." + }, + "fullDescription": { + "text": "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-33574", + "help": { + "text": "Vulnerability CVE-2021-33574\nSeverity: low\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-33574](https://access.redhat.com/security/cve/CVE-2021-33574)\nThe mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.", + "markdown": "**Vulnerability CVE-2021-33574**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glibc-common|any in centos 7.6.1810|[]()|CVE-2021-33574|[https://access.redhat.com/security/cve/CVE-2021-33574](The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2020:3861", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The glibc packages provide the standard C librarie..." + }, + "fullDescription": { + "text": "The glibc packages provide the standard C libraries (libc), POSIX thread li..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-19126", + "help": { + "text": "Vulnerability RHSA-2020:3861\nSeverity: low\nPackage: glibc-common\nFixed Version: 2.17-317.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3861](https://access.redhat.com/security/cve/CVE-2019-19126)\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.", + "markdown": "**Vulnerability RHSA-2020:3861**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glibc-common|2.17-317.el7|[]()|RHSA-2020:3861|[https://access.redhat.com/security/cve/CVE-2019-19126](The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2024-33601", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in the glibc netgroup cache. The ..." + }, + "fullDescription": { + "text": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmall..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-33601", + "help": { + "text": "Vulnerability CVE-2024-33601\nSeverity: low\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33601](https://access.redhat.com/security/cve/CVE-2024-33601)\nA flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", + "markdown": "**Vulnerability CVE-2024-33601**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glibc-common|any in centos 7.6.1810|[]()|CVE-2024-33601|[https://access.redhat.com/security/cve/CVE-2024-33601](A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2024-33602", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in the glibc netgroup cache. The ..." + }, + "fullDescription": { + "text": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in a..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-33602", + "help": { + "text": "Vulnerability CVE-2024-33602\nSeverity: low\nPackage: glibc-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33602](https://access.redhat.com/security/cve/CVE-2024-33602)\nA flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", + "markdown": "**Vulnerability CVE-2024-33602**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|glibc-common|any in centos 7.6.1810|[]()|CVE-2024-33602|[https://access.redhat.com/security/cve/CVE-2024-33602](A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-43618", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GNU Multiple Precision Arithmetic Library (GMP) th..." + }, + "fullDescription": { + "text": "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/in..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-43618", + "help": { + "text": "Vulnerability CVE-2021-43618\nSeverity: medium\nPackage: gmp\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-43618](https://access.redhat.com/security/cve/CVE-2021-43618)\nGNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", + "markdown": "**Vulnerability CVE-2021-43618**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|gmp|any in centos 7.6.1810|[]()|CVE-2021-43618|[https://access.redhat.com/security/cve/CVE-2021-43618](GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-34903", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GnuPG through 2.3.6, in unusual situations where a..." + }, + "fullDescription": { + "text": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-34903", + "help": { + "text": "Vulnerability CVE-2022-34903\nSeverity: medium\nPackage: gnupg2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-34903](https://access.redhat.com/security/cve/CVE-2022-34903)\nGnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.", + "markdown": "**Vulnerability CVE-2022-34903**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|gnupg2|any in centos 7.6.1810|[]()|CVE-2022-34903|[https://access.redhat.com/security/cve/CVE-2022-34903](GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2022:2191", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The gzip packages contain the gzip (GNU zip) data ..." + }, + "fullDescription": { + "text": "The gzip packages contain the gzip (GNU zip) data compression utility. gzip..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-1271", + "help": { + "text": "Vulnerability RHSA-2022:2191\nSeverity: high\nPackage: gzip\nFixed Version: 1.5-11.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:2191](https://access.redhat.com/security/cve/CVE-2022-1271)\nThe gzip packages contain the gzip (GNU zip) data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.", + "markdown": "**Vulnerability RHSA-2022:2191**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|gzip|1.5-11.el7_9|[]()|RHSA-2022:2191|[https://access.redhat.com/security/cve/CVE-2022-1271](The gzip packages contain the gzip (GNU zip) data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-20445", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "HttpObjectDecoder.java in Netty before 4.1.44 allo..." + }, + "fullDescription": { + "text": "HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length heade..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445", + "help": { + "text": "Vulnerability CVE-2019-20445\nSeverity: critical\nPackage: netty-all\nFixed Version: 4.1.44.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-20445](https://nvd.nist.gov/vuln/detail/CVE-2019-20445)\nHttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.", + "markdown": "**Vulnerability CVE-2019-20445**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|netty-all|4.1.44.Final|[]()|CVE-2019-20445|[https://nvd.nist.gov/vuln/detail/CVE-2019-20445](HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-20444", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "HttpObjectDecoder.java in Netty before 4.1.44 allo..." + }, + "fullDescription": { + "text": "HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that la..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444", + "help": { + "text": "Vulnerability CVE-2019-20444\nSeverity: critical\nPackage: netty-all\nFixed Version: 4.1.44.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-20444](https://nvd.nist.gov/vuln/detail/CVE-2019-20444)\nHttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an \"invalid fold.\"", + "markdown": "**Vulnerability CVE-2019-20444**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|netty-all|4.1.44.Final|[]()|CVE-2019-20444|[https://nvd.nist.gov/vuln/detail/CVE-2019-20444](HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an \"invalid fold.\")|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2022-41881", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Netty project is an event-driven asynchronous netw..." + }, + "fullDescription": { + "text": "Netty project is an event-driven asynchronous network application framework..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", + "help": { + "text": "Vulnerability CVE-2022-41881\nSeverity: high\nPackage: netty-all\nFixed Version: 4.1.86\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-41881](https://nvd.nist.gov/vuln/detail/CVE-2022-41881)\nNetty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.", + "markdown": "**Vulnerability CVE-2022-41881**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|netty-all|4.1.86|[]()|CVE-2022-41881|[https://nvd.nist.gov/vuln/detail/CVE-2022-41881](Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-9512", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Some HTTP/2 implementations are vulnerable to ping..." + }, + "fullDescription": { + "text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially lead..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", + "help": { + "text": "Vulnerability CVE-2019-9512\nSeverity: high\nPackage: netty-all\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9512](https://nvd.nist.gov/vuln/detail/CVE-2019-9512)\nSome HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", + "markdown": "**Vulnerability CVE-2019-9512**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|netty-all||[]()|CVE-2019-9512|[https://nvd.nist.gov/vuln/detail/CVE-2019-9512](Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-9518", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Some HTTP/2 implementations are vulnerable to a fl..." + }, + "fullDescription": { + "text": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, pote..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518", + "help": { + "text": "Vulnerability CVE-2019-9518\nSeverity: high\nPackage: netty-all\nFixed Version: 4.1.39.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9518](https://nvd.nist.gov/vuln/detail/CVE-2019-9518)\nSome HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.", + "markdown": "**Vulnerability CVE-2019-9518**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|netty-all|4.1.39.Final|[]()|CVE-2019-9518|[https://nvd.nist.gov/vuln/detail/CVE-2019-9518](Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-4970", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "handler/ssl/OpenSslEngine.java in Netty 4.0.x befo..." + }, + "fullDescription": { + "text": "handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-4970", + "help": { + "text": "Vulnerability CVE-2016-4970\nSeverity: high\nPackage: netty-all\nFixed Version: 4.0.37, 4.1.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-4970](https://nvd.nist.gov/vuln/detail/CVE-2016-4970)\nhandler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).", + "markdown": "**Vulnerability CVE-2016-4970**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|netty-all|4.0.37, 4.1.1|[]()|CVE-2016-4970|[https://nvd.nist.gov/vuln/detail/CVE-2016-4970](handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-9514", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Some HTTP/2 implementations are vulnerable to a re..." + }, + "fullDescription": { + "text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially le..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", + "help": { + "text": "Vulnerability CVE-2019-9514\nSeverity: high\nPackage: netty-all\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9514](https://nvd.nist.gov/vuln/detail/CVE-2019-9514)\nSome HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.", + "markdown": "**Vulnerability CVE-2019-9514**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|netty-all||[]()|CVE-2019-9514|[https://nvd.nist.gov/vuln/detail/CVE-2019-9514](Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-16869", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Netty before 4.1.42.Final mishandles whitespace be..." + }, + "fullDescription": { + "text": "Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP he..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", + "help": { + "text": "Vulnerability CVE-2019-16869\nSeverity: high\nPackage: netty-all\nFixed Version: 4.1.42.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-16869](https://nvd.nist.gov/vuln/detail/CVE-2019-16869)\nNetty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a \"Transfer-Encoding : chunked\" line), which leads to HTTP request smuggling.", + "markdown": "**Vulnerability CVE-2019-16869**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|netty-all|4.1.42.Final|[]()|CVE-2019-16869|[https://nvd.nist.gov/vuln/detail/CVE-2019-16869](Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a \"Transfer-Encoding : chunked\" line), which leads to HTTP request smuggling.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2021-37136", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The Bzip2 decompression decoder function doesn\u0026#39;t a..." + }, + "fullDescription": { + "text": "The Bzip2 decompression decoder function doesn\u0026#39;t allow setting size restric..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", + "help": { + "text": "Vulnerability CVE-2021-37136\nSeverity: high\nPackage: netty-all\nFixed Version: 4.1.68\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37136](https://nvd.nist.gov/vuln/detail/CVE-2021-37136)\nThe Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack", + "markdown": "**Vulnerability CVE-2021-37136**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|netty-all|4.1.68|[]()|CVE-2021-37136|[https://nvd.nist.gov/vuln/detail/CVE-2021-37136](The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-9515", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Some HTTP/2 implementations are vulnerable to a se..." + }, + "fullDescription": { + "text": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", + "help": { + "text": "Vulnerability CVE-2019-9515\nSeverity: high\nPackage: netty-all\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9515](https://nvd.nist.gov/vuln/detail/CVE-2019-9515)\nSome HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", + "markdown": "**Vulnerability CVE-2019-9515**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|netty-all||[]()|CVE-2019-9515|[https://nvd.nist.gov/vuln/detail/CVE-2019-9515](Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-34462", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Netty is an asynchronous event-driven network appl..." + }, + "fullDescription": { + "text": "Netty is an asynchronous event-driven network application framework for rap..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462", + "help": { + "text": "Vulnerability CVE-2023-34462\nSeverity: medium\nPackage: netty-all\nFixed Version: 4.1.94.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-34462](https://nvd.nist.gov/vuln/detail/CVE-2023-34462)\nNetty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.", + "markdown": "**Vulnerability CVE-2023-34462**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|netty-all|4.1.94.Final|[]()|CVE-2023-34462|[https://nvd.nist.gov/vuln/detail/CVE-2023-34462](Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-21409", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Netty is an open-source, asynchronous event-driven..." + }, + "fullDescription": { + "text": "Netty is an open-source, asynchronous event-driven network application fram..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409", + "help": { + "text": "Vulnerability CVE-2021-21409\nSeverity: medium\nPackage: netty-all\nFixed Version: 4.1.61.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-21409](https://nvd.nist.gov/vuln/detail/CVE-2021-21409)\nNetty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.", + "markdown": "**Vulnerability CVE-2021-21409**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|netty-all|4.1.61.Final|[]()|CVE-2021-21409|[https://nvd.nist.gov/vuln/detail/CVE-2021-21409](Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-1745", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A file inclusion vulnerability was found in the AJ..." + }, + "fullDescription": { + "text": "A file inclusion vulnerability was found in the AJP connector enabled with ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745", + "help": { + "text": "Vulnerability CVE-2020-1745\nSeverity: critical\nPackage: undertow-core\nFixed Version: 2.0.30\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1745](https://nvd.nist.gov/vuln/detail/CVE-2020-1745)\nA file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.", + "markdown": "**Vulnerability CVE-2020-1745**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|undertow-core|2.0.30|[]()|CVE-2020-1745|[https://nvd.nist.gov/vuln/detail/CVE-2020-1745](A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-10212", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in, all under 2.0.20, in the Unde..." + }, + "fullDescription": { + "text": "A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.und..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-10212", + "help": { + "text": "Vulnerability CVE-2019-10212\nSeverity: critical\nPackage: undertow-core\nFixed Version: 2.0.20\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10212](https://nvd.nist.gov/vuln/detail/CVE-2019-10212)\nA flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.", + "markdown": "**Vulnerability CVE-2019-10212**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|undertow-core|2.0.20|[]()|CVE-2019-10212|[https://nvd.nist.gov/vuln/detail/CVE-2019-10212](A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-3888", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in Undertow web server b..." + }, + "fullDescription": { + "text": "A vulnerability was found in Undertow web server before 2.0.21. An informat..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888", + "help": { + "text": "Vulnerability CVE-2019-3888\nSeverity: critical\nPackage: undertow-core\nFixed Version: 2.0.21\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-3888](https://nvd.nist.gov/vuln/detail/CVE-2019-3888)\nA vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)", + "markdown": "**Vulnerability CVE-2019-3888**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|undertow-core|2.0.21|[]()|CVE-2019-3888|[https://nvd.nist.gov/vuln/detail/CVE-2019-3888](A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange))|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2017-12165", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "It was discovered that Undertow before 1.4.17, 1.3..." + }, + "fullDescription": { + "text": "It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes h..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-12165", + "help": { + "text": "Vulnerability CVE-2017-12165\nSeverity: high\nPackage: undertow-core\nFixed Version: 1.3.31, 1.4.17, 2.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-12165](https://nvd.nist.gov/vuln/detail/CVE-2017-12165)\nIt was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.", + "markdown": "**Vulnerability CVE-2017-12165**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|1.3.31, 1.4.17, 2.0.0.Beta1|[]()|CVE-2017-12165|[https://nvd.nist.gov/vuln/detail/CVE-2017-12165](It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-27782", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in the Undertow AJP connector. Ma..." + }, + "fullDescription": { + "text": "A flaw was found in the Undertow AJP connector. Malicious requests and abru..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782", + "help": { + "text": "Vulnerability CVE-2020-27782\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.0.33, 2.1.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-27782](https://nvd.nist.gov/vuln/detail/CVE-2020-27782)\nA flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.", + "markdown": "**Vulnerability CVE-2020-27782**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.0.33, 2.1.5|[]()|CVE-2020-27782|[https://nvd.nist.gov/vuln/detail/CVE-2020-27782](A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-1319", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Undertow. For an AJP 400 respo..." + }, + "fullDescription": { + "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", + "help": { + "text": "Vulnerability CVE-2022-1319\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.2.17\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1319](https://nvd.nist.gov/vuln/detail/CVE-2022-1319)\nA flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", + "markdown": "**Vulnerability CVE-2022-1319**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.2.17|[]()|CVE-2022-1319|[https://nvd.nist.gov/vuln/detail/CVE-2022-1319](A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-10184", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "undertow before version 2.0.23.Final is vulnerable..." + }, + "fullDescription": { + "text": "undertow before version 2.0.23.Final is vulnerable to an information leak i..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-10184", + "help": { + "text": "Vulnerability CVE-2019-10184\nSeverity: high\nPackage: undertow-servlet\nFixed Version: 2.0.23\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10184](https://nvd.nist.gov/vuln/detail/CVE-2019-10184)\nundertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.", + "markdown": "**Vulnerability CVE-2019-10184**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-servlet|2.0.23|[]()|CVE-2019-10184|[https://nvd.nist.gov/vuln/detail/CVE-2019-10184](undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2017-2670", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "It was found in Undertow before 1.3.28 that with n..." + }, + "fullDescription": { + "text": "It was found in Undertow before 1.3.28 that with non-clean TCP close, the W..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-2670", + "help": { + "text": "Vulnerability CVE-2017-2670\nSeverity: high\nPackage: undertow-core\nFixed Version: 1.3.28\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-2670](https://nvd.nist.gov/vuln/detail/CVE-2017-2670)\nIt was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.", + "markdown": "**Vulnerability CVE-2017-2670**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|1.3.28|[]()|CVE-2017-2670|[https://nvd.nist.gov/vuln/detail/CVE-2017-2670](It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-3223", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in undertow. Servlets annotated w..." + }, + "fullDescription": { + "text": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", + "help": { + "text": "Vulnerability CVE-2023-3223\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.2.24.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-3223](https://nvd.nist.gov/vuln/detail/CVE-2023-3223)\nA flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", + "markdown": "**Vulnerability CVE-2023-3223**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.2.24.Final|[]()|CVE-2023-3223|[https://nvd.nist.gov/vuln/detail/CVE-2023-3223](A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2021-3859", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Undertow that tripped the clie..." + }, + "fullDescription": { + "text": "A flaw was found in Undertow that tripped the client-side invocation timeou..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", + "help": { + "text": "Vulnerability CVE-2021-3859\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.2.15\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3859](https://nvd.nist.gov/vuln/detail/CVE-2021-3859)\nA flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.", + "markdown": "**Vulnerability CVE-2021-3859**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.2.15|[]()|CVE-2021-3859|[https://nvd.nist.gov/vuln/detail/CVE-2021-3859](A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-5379", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Undertow. When an AJP request ..." + }, + "fullDescription": { + "text": "A flaw was found in Undertow. When an AJP request is sent that exceeds the ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379", + "help": { + "text": "Vulnerability CVE-2023-5379\nSeverity: high\nPackage: undertow-core\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5379](https://nvd.nist.gov/vuln/detail/CVE-2023-5379)\nA flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).", + "markdown": "**Vulnerability CVE-2023-5379**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core||[]()|CVE-2023-5379|[https://nvd.nist.gov/vuln/detail/CVE-2023-5379](A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-14888", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in the Undertow HTTP ser..." + }, + "fullDescription": { + "text": "A vulnerability was found in the Undertow HTTP server in versions before 2...." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888", + "help": { + "text": "Vulnerability CVE-2019-14888\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.0.29.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14888](https://nvd.nist.gov/vuln/detail/CVE-2019-14888)\nA vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.", + "markdown": "**Vulnerability CVE-2019-14888**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.0.29.Final|[]()|CVE-2019-14888|[https://nvd.nist.gov/vuln/detail/CVE-2019-14888](A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-10705", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in Undertow in versions befo..." + }, + "fullDescription": { + "text": "A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final w..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705", + "help": { + "text": "Vulnerability CVE-2020-10705\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.1.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10705](https://nvd.nist.gov/vuln/detail/CVE-2020-10705)\nA flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the \"Expect: 100-continue\" header may cause an out of memory error. This flaw may potentially lead to a denial of service.", + "markdown": "**Vulnerability CVE-2020-10705**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.1.1.Final|[]()|CVE-2020-10705|[https://nvd.nist.gov/vuln/detail/CVE-2020-10705](A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the \"Expect: 100-continue\" header may cause an out of memory error. This flaw may potentially lead to a denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-2053", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "When a POST request comes through AJP and the requ..." + }, + "fullDescription": { + "text": "When a POST request comes through AJP and the request exceeds the max-post-..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053", + "help": { + "text": "Vulnerability CVE-2022-2053\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.2.19.Final, 2.3.0.Alpha2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2053](https://nvd.nist.gov/vuln/detail/CVE-2022-2053)\nWhen a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in \"All workers are in error state\" and mod_cluster responds \"503 Service Unavailable\" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the \"retry\" timeout passes. However, luckily, mod_proxy_balancer has \"forcerecovery\" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding \"503 Service Unavailable\". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.", + "markdown": "**Vulnerability CVE-2022-2053**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.2.19.Final, 2.3.0.Alpha2|[]()|CVE-2022-2053|[https://nvd.nist.gov/vuln/detail/CVE-2022-2053](When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in \"All workers are in error state\" and mod_cluster responds \"503 Service Unavailable\" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the \"retry\" timeout passes. However, luckily, mod_proxy_balancer has \"forcerecovery\" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding \"503 Service Unavailable\". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-1757", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in all undertow-2.x.x SP1 version..." + }, + "fullDescription": { + "text": "A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.3..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", + "help": { + "text": "Vulnerability CVE-2020-1757\nSeverity: high\nPackage: undertow-servlet\nFixed Version: 2.1.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1757](https://nvd.nist.gov/vuln/detail/CVE-2020-1757)\nA flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.", + "markdown": "**Vulnerability CVE-2020-1757**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-servlet|2.1.0.Final|[]()|CVE-2020-1757|[https://nvd.nist.gov/vuln/detail/CVE-2020-1757](A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-1259", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Undertow. A potential security..." + }, + "fullDescription": { + "text": "A flaw was found in Undertow. A potential security issue in flow control ha..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259", + "help": { + "text": "Vulnerability CVE-2022-1259\nSeverity: high\nPackage: undertow-core\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1259](https://nvd.nist.gov/vuln/detail/CVE-2022-1259)\nA flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.", + "markdown": "**Vulnerability CVE-2022-1259**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core||[]()|CVE-2022-1259|[https://nvd.nist.gov/vuln/detail/CVE-2022-1259](A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-1108", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in undertow. This issue makes ach..." + }, + "fullDescription": { + "text": "A flaw was found in undertow. This issue makes achieving a denial of servic..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", + "help": { + "text": "Vulnerability CVE-2023-1108\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.2.24.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-1108](https://nvd.nist.gov/vuln/detail/CVE-2023-1108)\nA flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.", + "markdown": "**Vulnerability CVE-2023-1108**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.2.24.Final|[]()|CVE-2023-1108|[https://nvd.nist.gov/vuln/detail/CVE-2023-1108](A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2018-1048", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "It was found that the AJP connector in undertow, a..." + }, + "fullDescription": { + "text": "It was found that the AJP connector in undertow, as shipped in Jboss EAP 7...." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-1048", + "help": { + "text": "Vulnerability CVE-2018-1048\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1048](https://nvd.nist.gov/vuln/detail/CVE-2018-1048)\nIt was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.", + "markdown": "**Vulnerability CVE-2018-1048**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.0.0.Beta1|[]()|CVE-2018-1048|[https://nvd.nist.gov/vuln/detail/CVE-2018-1048](It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2021-3690", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Undertow. A buffer leak on the..." + }, + "fullDescription": { + "text": "A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690", + "help": { + "text": "Vulnerability CVE-2021-3690\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.0.40, 2.2.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3690](https://nvd.nist.gov/vuln/detail/CVE-2021-3690)\nA flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.", + "markdown": "**Vulnerability CVE-2021-3690**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.0.40, 2.2.10|[]()|CVE-2021-3690|[https://nvd.nist.gov/vuln/detail/CVE-2021-3690](A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-4492", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The undertow client is not checking the server ide..." + }, + "fullDescription": { + "text": "The undertow client is not checking the server identity presented by the se..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", + "help": { + "text": "Vulnerability CVE-2022-4492\nSeverity: high\nPackage: undertow-core\nFixed Version: 2.2.24.Final, 2.3.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-4492](https://nvd.nist.gov/vuln/detail/CVE-2022-4492)\nThe undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.", + "markdown": "**Vulnerability CVE-2022-4492**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|undertow-core|2.2.24.Final, 2.3.5.Final|[]()|CVE-2022-4492|[https://nvd.nist.gov/vuln/detail/CVE-2022-4492](The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2021-20220", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Undertow. A regression in the ..." + }, + "fullDescription": { + "text": "A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 wa..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220", + "help": { + "text": "Vulnerability CVE-2021-20220\nSeverity: medium\nPackage: undertow-core\nFixed Version: 2.0.34, 2.1.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20220](https://nvd.nist.gov/vuln/detail/CVE-2021-20220)\nA flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.", + "markdown": "**Vulnerability CVE-2021-20220**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|2.0.34, 2.1.6|[]()|CVE-2021-20220|[https://nvd.nist.gov/vuln/detail/CVE-2021-20220](A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2018-1067", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In Undertow before versions 7.1.2.CR1, 7.1.2.GA it..." + }, + "fullDescription": { + "text": "In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix f..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067", + "help": { + "text": "Vulnerability CVE-2018-1067\nSeverity: medium\nPackage: undertow-core\nFixed Version: 1.4.25.Final, 2.0.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1067](https://nvd.nist.gov/vuln/detail/CVE-2018-1067)\nIn Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.", + "markdown": "**Vulnerability CVE-2018-1067**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|1.4.25.Final, 2.0.5.Final|[]()|CVE-2018-1067|[https://nvd.nist.gov/vuln/detail/CVE-2018-1067](In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3597", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in undertow. The HTTP2SourceChann..." + }, + "fullDescription": { + "text": "A flaw was found in undertow. The HTTP2SourceChannel fails to write the fin..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597", + "help": { + "text": "Vulnerability CVE-2021-3597\nSeverity: medium\nPackage: undertow-core\nFixed Version: 2.0.39.Final, 2.2.9.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3597](https://nvd.nist.gov/vuln/detail/CVE-2021-3597)\nA flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.", + "markdown": "**Vulnerability CVE-2021-3597**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|2.0.39.Final, 2.2.9.Final|[]()|CVE-2021-3597|[https://nvd.nist.gov/vuln/detail/CVE-2021-3597](A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-4993", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "CRLF injection vulnerability in the Undertow web s..." + }, + "fullDescription": { + "text": "CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-4993", + "help": { + "text": "Vulnerability CVE-2016-4993\nSeverity: medium\nPackage: undertow-core\nFixed Version: 1.3.5.Final, 2.0.0b1, 2.0.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-4993](https://nvd.nist.gov/vuln/detail/CVE-2016-4993)\nCRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.", + "markdown": "**Vulnerability CVE-2016-4993**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|1.3.5.Final, 2.0.0b1, 2.0.1.Final|[]()|CVE-2016-4993|[https://nvd.nist.gov/vuln/detail/CVE-2016-4993](CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2018-1114", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "It was found that URLResource.getLastModified() in..." + }, + "fullDescription": { + "text": "It was found that URLResource.getLastModified() in Undertow closes the file..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114", + "help": { + "text": "Vulnerability CVE-2018-1114\nSeverity: medium\nPackage: undertow-core\nFixed Version: 1.4.25.Final, 2.0.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1114](https://nvd.nist.gov/vuln/detail/CVE-2018-1114)\nIt was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.", + "markdown": "**Vulnerability CVE-2018-1114**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|1.4.25.Final, 2.0.5.Final|[]()|CVE-2018-1114|[https://nvd.nist.gov/vuln/detail/CVE-2018-1114](It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-7046", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Red Hat JBoss Enterprise Application Platform (EAP..." + }, + "fullDescription": { + "text": "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-7046", + "help": { + "text": "Vulnerability CVE-2016-7046\nSeverity: medium\nPackage: undertow-core\nFixed Version: 1.3.25.Final, 1.4.3.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-7046](https://nvd.nist.gov/vuln/detail/CVE-2016-7046)\nRed Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.", + "markdown": "**Vulnerability CVE-2016-7046**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|1.3.25.Final, 1.4.3.Final|[]()|CVE-2016-7046|[https://nvd.nist.gov/vuln/detail/CVE-2016-7046](Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-6311", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Get requests in JBoss Enterprise Application Platf..." + }, + "fullDescription": { + "text": "Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose inte..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-6311", + "help": { + "text": "Vulnerability CVE-2016-6311\nSeverity: medium\nPackage: undertow-core\nFixed Version: 2.0.9.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6311](https://nvd.nist.gov/vuln/detail/CVE-2016-6311)\nGet requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.", + "markdown": "**Vulnerability CVE-2016-6311**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|2.0.9.Final|[]()|CVE-2016-6311|[https://nvd.nist.gov/vuln/detail/CVE-2016-6311](Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2024-1459", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A path traversal vulnerability was found in Undert..." + }, + "fullDescription": { + "text": "A path traversal vulnerability was found in Undertow. This issue may allow ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", + "help": { + "text": "Vulnerability CVE-2024-1459\nSeverity: medium\nPackage: undertow-core\nFixed Version: 2.2.31.Final, 2.3.12.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-1459](https://nvd.nist.gov/vuln/detail/CVE-2024-1459)\nA path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", + "markdown": "**Vulnerability CVE-2024-1459**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|2.2.31.Final, 2.3.12.Final|[]()|CVE-2024-1459|[https://nvd.nist.gov/vuln/detail/CVE-2024-1459](A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2018-14642", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "An information leak vulnerability was found in Und..." + }, + "fullDescription": { + "text": "An information leak vulnerability was found in Undertow. If all headers are..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-14642", + "help": { + "text": "Vulnerability CVE-2018-14642\nSeverity: medium\nPackage: undertow-core\nFixed Version: 2.0.19.FINAL\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-14642](https://nvd.nist.gov/vuln/detail/CVE-2018-14642)\nAn information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.", + "markdown": "**Vulnerability CVE-2018-14642**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|2.0.19.FINAL|[]()|CVE-2018-14642|[https://nvd.nist.gov/vuln/detail/CVE-2018-14642](An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3629", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Undertow. A potential security..." + }, + "fullDescription": { + "text": "A flaw was found in Undertow. A potential security issue in flow control ha..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629", + "help": { + "text": "Vulnerability CVE-2021-3629\nSeverity: medium\nPackage: undertow-core\nFixed Version: 2.0.40.Final, 2.2.11.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3629](https://nvd.nist.gov/vuln/detail/CVE-2021-3629)\nA flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.", + "markdown": "**Vulnerability CVE-2021-3629**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|2.0.40.Final, 2.2.11.Final|[]()|CVE-2021-3629|[https://nvd.nist.gov/vuln/detail/CVE-2021-3629](A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2017-12196", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "undertow before versions 1.4.18.SP1, 2.0.2.Final, ..." + }, + "fullDescription": { + "text": "undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vu..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-12196", + "help": { + "text": "Vulnerability CVE-2017-12196\nSeverity: medium\nPackage: undertow-core\nFixed Version: 1.4.24.Final, 2.0.2.FInal\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-12196](https://nvd.nist.gov/vuln/detail/CVE-2017-12196)\nundertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.", + "markdown": "**Vulnerability CVE-2017-12196**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|1.4.24.Final, 2.0.2.FInal|[]()|CVE-2017-12196|[https://nvd.nist.gov/vuln/detail/CVE-2017-12196](undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-10687", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in all versions of Undertow ..." + }, + "fullDescription": { + "text": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Fin..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", + "help": { + "text": "Vulnerability CVE-2020-10687\nSeverity: medium\nPackage: undertow-core\nFixed Version: 2.2.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10687](https://nvd.nist.gov/vuln/detail/CVE-2020-10687)\nA flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", + "markdown": "**Vulnerability CVE-2020-10687**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|2.2.0.Final|[]()|CVE-2020-10687|[https://nvd.nist.gov/vuln/detail/CVE-2020-10687](A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-10719", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Undertow in versions before 2...." + }, + "fullDescription": { + "text": "A flaw was found in Undertow in versions before 2.1.1.Final, regarding the ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719", + "help": { + "text": "Vulnerability CVE-2020-10719\nSeverity: medium\nPackage: undertow-core\nFixed Version: 2.1.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10719](https://nvd.nist.gov/vuln/detail/CVE-2020-10719)\nA flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.", + "markdown": "**Vulnerability CVE-2020-10719**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|2.1.1.Final|[]()|CVE-2020-10719|[https://nvd.nist.gov/vuln/detail/CVE-2020-10719](A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2017-2666", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "It was discovered in Undertow that the code that p..." + }, + "fullDescription": { + "text": "It was discovered in Undertow that the code that parsed the HTTP request li..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-2666", + "help": { + "text": "Vulnerability CVE-2017-2666\nSeverity: medium\nPackage: undertow-core\nFixed Version: 1.3.31, 1.4.17\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-2666](https://nvd.nist.gov/vuln/detail/CVE-2017-2666)\nIt was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.", + "markdown": "**Vulnerability CVE-2017-2666**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|undertow-core|1.3.31, 1.4.17|[]()|CVE-2017-2666|[https://nvd.nist.gov/vuln/detail/CVE-2017-2666](It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:0775", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-2698", + "help": { + "text": "Vulnerability RHSA-2019:0775\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.212.b04-0.el7_6\nExploit Available: [http://www.exploit-db.com/exploits/46723](http://www.exploit-db.com/exploits/46723)\nExploit Type: dos\nLink: [RHSA-2019:0775](https://access.redhat.com/security/cve/CVE-2019-2698)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2019:0775**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.212.b04-0.el7_6|[http://www.exploit-db.com/exploits/46723](dos)|RHSA-2019:0775|[https://access.redhat.com/security/cve/CVE-2019-2698](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2022:5698", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-34169", + "help": { + "text": "Vulnerability RHSA-2022:5698\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.342.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5698](https://access.redhat.com/security/cve/CVE-2022-34169)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2022:5698**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.342.b07-1.el7_9|[]()|RHSA-2022:5698|[https://access.redhat.com/security/cve/CVE-2022-34169](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:1512", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-2805", + "help": { + "text": "Vulnerability RHSA-2020:1512\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.252.b09-2.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1512](https://access.redhat.com/security/cve/CVE-2020-2805)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2020:1512**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.252.b09-2.el7_8|[]()|RHSA-2020:1512|[https://access.redhat.com/security/cve/CVE-2020-2805](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2021:3889", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-35567", + "help": { + "text": "Vulnerability RHSA-2021:3889\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.312.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3889](https://access.redhat.com/security/cve/CVE-2021-35567)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2021:3889**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.312.b07-1.el7_9|[]()|RHSA-2021:3889|[https://access.redhat.com/security/cve/CVE-2021-35567](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2021:2845", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-2388", + "help": { + "text": "Vulnerability RHSA-2021:2845\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.302.b08-0.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:2845](https://access.redhat.com/security/cve/CVE-2021-2388)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2021:2845**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.302.b08-0.el7_9|[]()|RHSA-2021:2845|[https://access.redhat.com/security/cve/CVE-2021-2388](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2019:3128", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-2949", + "help": { + "text": "Vulnerability RHSA-2019:3128\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.232.b09-0.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:3128](https://access.redhat.com/security/cve/CVE-2019-2949)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2019:3128**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.232.b09-0.el7_7|[]()|RHSA-2019:3128|[https://access.redhat.com/security/cve/CVE-2019-2949](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:2968", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-14583", + "help": { + "text": "Vulnerability RHSA-2020:2968\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.262.b10-0.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:2968](https://access.redhat.com/security/cve/CVE-2020-14583)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2020:2968**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.262.b10-0.el7_8|[]()|RHSA-2020:2968|[https://access.redhat.com/security/cve/CVE-2020-14583](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2024:0223", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-20952", + "help": { + "text": "Vulnerability RHSA-2024:0223\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.402.b06-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2024:0223](https://access.redhat.com/security/cve/CVE-2024-20952)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2024:0223**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.402.b06-1.el7_9|[]()|RHSA-2024:0223|[https://access.redhat.com/security/cve/CVE-2024-20952](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:0196", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-2604", + "help": { + "text": "Vulnerability RHSA-2020:0196\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.242.b08-0.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:0196](https://access.redhat.com/security/cve/CVE-2020-2604)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2020:0196**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.242.b08-0.el7_7|[]()|RHSA-2020:0196|[https://access.redhat.com/security/cve/CVE-2020-2604](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2023:1904", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-21930", + "help": { + "text": "Vulnerability RHSA-2023:1904\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.372.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1904](https://access.redhat.com/security/cve/CVE-2023-21930)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2023:1904**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.372.b07-1.el7_9|[]()|RHSA-2023:1904|[https://access.redhat.com/security/cve/CVE-2023-21930](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2022:1487", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-21476", + "help": { + "text": "Vulnerability RHSA-2022:1487\nSeverity: high\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.332.b09-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:1487](https://access.redhat.com/security/cve/CVE-2022-21476)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2022:1487**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|java-1.8.0-openjdk-headless|1:1.8.0.332.b09-1.el7_9|[]()|RHSA-2022:1487|[https://access.redhat.com/security/cve/CVE-2022-21476](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2017-10176", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Vulnerability in the Java SE, Java SE Embedded, JR..." + }, + "fullDescription": { + "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2017-10176", + "help": { + "text": "Vulnerability CVE-2017-10176\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-10176](https://access.redhat.com/security/cve/CVE-2017-10176)\nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", + "markdown": "**Vulnerability CVE-2017-10176**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|any in centos 7.6.1810|[]()|CVE-2017-10176|[https://access.redhat.com/security/cve/CVE-2017-10176](Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:0435", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-2422", + "help": { + "text": "Vulnerability RHSA-2019:0435\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.201.b09-0.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0435](https://access.redhat.com/security/cve/CVE-2019-2422)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2019:0435**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.201.b09-0.el7_6|[]()|RHSA-2019:0435|[https://access.redhat.com/security/cve/CVE-2019-2422](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2024:1817", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-21094", + "help": { + "text": "Vulnerability RHSA-2024:1817\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.412.b08-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2024:1817](https://access.redhat.com/security/cve/CVE-2024-21094)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2024:1817**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.412.b08-1.el7_9|[]()|RHSA-2024:1817|[https://access.redhat.com/security/cve/CVE-2024-21094](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2021:1298", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-2163", + "help": { + "text": "Vulnerability RHSA-2021:1298\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.292.b10-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1298](https://access.redhat.com/security/cve/CVE-2021-2163)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2021:1298**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.292.b10-1.el7_9|[]()|RHSA-2021:1298|[https://access.redhat.com/security/cve/CVE-2021-2163](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2017-10118", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Vulnerability in the Java SE, Java SE Embedded, JR..." + }, + "fullDescription": { + "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2017-10118", + "help": { + "text": "Vulnerability CVE-2017-10118\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-10118](https://access.redhat.com/security/cve/CVE-2017-10118)\nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", + "markdown": "**Vulnerability CVE-2017-10118**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|any in centos 7.6.1810|[]()|CVE-2017-10118|[https://access.redhat.com/security/cve/CVE-2017-10118](Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2022:7002", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-21628", + "help": { + "text": "Vulnerability RHSA-2022:7002\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.352.b08-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:7002](https://access.redhat.com/security/cve/CVE-2022-21628)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2022:7002**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.352.b08-2.el7_9|[]()|RHSA-2022:7002|[https://access.redhat.com/security/cve/CVE-2022-21628](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2023:0203", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-21830", + "help": { + "text": "Vulnerability RHSA-2023:0203\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.362.b08-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:0203](https://access.redhat.com/security/cve/CVE-2023-21830)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2023:0203**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.362.b08-1.el7_9|[]()|RHSA-2023:0203|[https://access.redhat.com/security/cve/CVE-2023-21830](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2022:0306", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-21365", + "help": { + "text": "Vulnerability RHSA-2022:0306\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.322.b06-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0306](https://access.redhat.com/security/cve/CVE-2022-21365)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2022:0306**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.322.b06-1.el7_9|[]()|RHSA-2022:0306|[https://access.redhat.com/security/cve/CVE-2022-21365](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2023:4166", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-22049", + "help": { + "text": "Vulnerability RHSA-2023:4166\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.382.b05-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:4166](https://access.redhat.com/security/cve/CVE-2023-22049)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2023:4166**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.382.b05-1.el7_9|[]()|RHSA-2023:4166|[https://access.redhat.com/security/cve/CVE-2023-22049](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2023:5761", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-22081", + "help": { + "text": "Vulnerability RHSA-2023:5761\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.392.b08-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:5761](https://access.redhat.com/security/cve/CVE-2023-22081)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2023:5761**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.392.b08-2.el7_9|[]()|RHSA-2023:5761|[https://access.redhat.com/security/cve/CVE-2023-22081](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:4350", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-14803", + "help": { + "text": "Vulnerability RHSA-2020:4350\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.272.b10-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4350](https://access.redhat.com/security/cve/CVE-2020-14803)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2020:4350**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.272.b10-1.el7_9|[]()|RHSA-2020:4350|[https://access.redhat.com/security/cve/CVE-2020-14803](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:1815", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJD..." + }, + "fullDescription": { + "text": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-2769", + "help": { + "text": "Vulnerability RHSA-2019:1815\nSeverity: medium\nPackage: java-1.8.0-openjdk-headless\nFixed Version: 1:1.8.0.222.b10-0.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1815](https://access.redhat.com/security/cve/CVE-2019-2769)\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.", + "markdown": "**Vulnerability RHSA-2019:1815**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|java-1.8.0-openjdk-headless|1:1.8.0.222.b10-0.el7_6|[]()|RHSA-2019:1815|[https://access.redhat.com/security/cve/CVE-2019-2769](The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-11022", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In jQuery versions greater than or equal to 1.2 an..." + }, + "fullDescription": { + "text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing H..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", + "help": { + "text": "Vulnerability CVE-2020-11022\nSeverity: medium\nPackage: jquery\nFixed Version: 3.5.0\nExploit Available: [http://www.exploit-db.com/exploits/49766](http://www.exploit-db.com/exploits/49766)\nExploit Type: webapps\nLink: [CVE-2020-11022](https://nvd.nist.gov/vuln/detail/CVE-2020-11022)\nIn jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", + "markdown": "**Vulnerability CVE-2020-11022**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jquery|3.5.0|[http://www.exploit-db.com/exploits/49766](webapps)|CVE-2020-11022|[https://nvd.nist.gov/vuln/detail/CVE-2020-11022](In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-11023", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In jQuery versions greater than or equal to 1.0.3 ..." + }, + "fullDescription": { + "text": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", + "help": { + "text": "Vulnerability CVE-2020-11023\nSeverity: medium\nPackage: jquery\nFixed Version: 3.5.0\nExploit Available: [http://www.exploit-db.com/exploits/49767](http://www.exploit-db.com/exploits/49767)\nExploit Type: webapps\nLink: [CVE-2020-11023](https://nvd.nist.gov/vuln/detail/CVE-2020-11023)\nIn jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", + "markdown": "**Vulnerability CVE-2020-11023**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jquery|3.5.0|[http://www.exploit-db.com/exploits/49767](webapps)|CVE-2020-11023|[https://nvd.nist.gov/vuln/detail/CVE-2020-11023](In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2015-9251", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "jQuery before 3.0.0 is vulnerable to Cross-site Sc..." + }, + "fullDescription": { + "text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks whe..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", + "help": { + "text": "Vulnerability CVE-2015-9251\nSeverity: medium\nPackage: jquery\nFixed Version: 1.12.2, 3.0.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-9251](https://nvd.nist.gov/vuln/detail/CVE-2015-9251)\njQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", + "markdown": "**Vulnerability CVE-2015-9251**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jquery|1.12.2, 3.0.0|[]()|CVE-2015-9251|[https://nvd.nist.gov/vuln/detail/CVE-2015-9251](jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2019-11358", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "jQuery before 3.4.0, as used in Drupal, Backdrop C..." + }, + "fullDescription": { + "text": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, m..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", + "help": { + "text": "Vulnerability CVE-2019-11358\nSeverity: medium\nPackage: jquery\nFixed Version: 3.4.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-11358](https://nvd.nist.gov/vuln/detail/CVE-2019-11358)\njQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", + "markdown": "**Vulnerability CVE-2019-11358**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jquery|3.4.0|[]()|CVE-2019-11358|[https://nvd.nist.gov/vuln/detail/CVE-2019-11358](jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-23064", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Cross Site Scripting vulnerability in jQuery 2.2.0..." + }, + "fullDescription": { + "text": "Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-23064", + "help": { + "text": "Vulnerability CVE-2020-23064\nSeverity: medium\nPackage: jquery\nFixed Version: 3.5.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-23064](https://nvd.nist.gov/vuln/detail/CVE-2020-23064)\nCross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the \u003coptions\u003e element.", + "markdown": "**Vulnerability CVE-2020-23064**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jquery|3.5.0|[]()|CVE-2020-23064|[https://nvd.nist.gov/vuln/detail/CVE-2020-23064](Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the \u003coptions\u003e element.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2022:8640", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Kerberos is a network authentication system, which..." + }, + "fullDescription": { + "text": "Kerberos is a network authentication system, which can improve the security..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-42898", + "help": { + "text": "Vulnerability RHSA-2022:8640\nSeverity: high\nPackage: krb5-libs\nFixed Version: 1.15.1-55.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:8640](https://access.redhat.com/security/cve/CVE-2022-42898)\nKerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).", + "markdown": "**Vulnerability RHSA-2022:8640**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|krb5-libs|1.15.1-55.el7_9|[]()|RHSA-2022:8640|[https://access.redhat.com/security/cve/CVE-2022-42898](Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHBA-2019:2599", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Kerberos is a network authentication system, which..." + }, + "fullDescription": { + "text": "Kerberos is a network authentication system, which can improve the security..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-20217", + "help": { + "text": "Vulnerability RHBA-2019:2599\nSeverity: medium\nPackage: krb5-libs\nFixed Version: 1.15.1-37.el7_7.2\nExploit Available: []()\nExploit Type: \nLink: [RHBA-2019:2599](https://access.redhat.com/security/cve/CVE-2018-20217)\nKerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).", + "markdown": "**Vulnerability RHBA-2019:2599**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|krb5-libs|1.15.1-37.el7_7.2|[]()|RHBA-2019:2599|[https://access.redhat.com/security/cve/CVE-2018-20217](Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-28196", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x..." + }, + "fullDescription": { + "text": "MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unb..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-28196", + "help": { + "text": "Vulnerability CVE-2020-28196\nSeverity: medium\nPackage: krb5-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28196](https://access.redhat.com/security/cve/CVE-2020-28196)\nMIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.", + "markdown": "**Vulnerability CVE-2020-28196**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|krb5-libs|any in centos 7.6.1810|[]()|CVE-2020-28196|[https://access.redhat.com/security/cve/CVE-2020-28196](MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-36222", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distr..." + }, + "fullDescription": { + "text": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in M..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-36222", + "help": { + "text": "Vulnerability CVE-2021-36222\nSeverity: medium\nPackage: krb5-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36222](https://access.redhat.com/security/cve/CVE-2021-36222)\nec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", + "markdown": "**Vulnerability CVE-2021-36222**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|krb5-libs|any in centos 7.6.1810|[]()|CVE-2021-36222|[https://access.redhat.com/security/cve/CVE-2021-36222](ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2021:4788", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Kerberos is a network authentication system, which..." + }, + "fullDescription": { + "text": "Kerberos is a network authentication system, which can improve the security..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-37750", + "help": { + "text": "Vulnerability RHSA-2021:4788\nSeverity: medium\nPackage: krb5-libs\nFixed Version: 1.15.1-51.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4788](https://access.redhat.com/security/cve/CVE-2021-37750)\nKerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).", + "markdown": "**Vulnerability RHSA-2021:4788**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|krb5-libs|1.15.1-51.el7_9|[]()|RHSA-2021:4788|[https://access.redhat.com/security/cve/CVE-2021-37750](Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2024-26462", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Kerberos 5 (aka krb5) 1.21.2 contains a memory lea..." + }, + "fullDescription": { + "text": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-26462", + "help": { + "text": "Vulnerability CVE-2024-26462\nSeverity: medium\nPackage: krb5-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-26462](https://access.redhat.com/security/cve/CVE-2024-26462)\nKerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", + "markdown": "**Vulnerability CVE-2024-26462**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|krb5-libs|any in centos 7.6.1810|[]()|CVE-2024-26462|[https://access.redhat.com/security/cve/CVE-2024-26462](Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2024-26458", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Kerberos 5 (aka krb5) 1.21.2 contains a memory lea..." + }, + "fullDescription": { + "text": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pm..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-26458", + "help": { + "text": "Vulnerability CVE-2024-26458\nSeverity: low\nPackage: krb5-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-26458](https://access.redhat.com/security/cve/CVE-2024-26458)\nKerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "markdown": "**Vulnerability CVE-2024-26458**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|krb5-libs|any in centos 7.6.1810|[]()|CVE-2024-26458|[https://access.redhat.com/security/cve/CVE-2024-26458](Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2024-26461", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Kerberos 5 (aka krb5) 1.21.2 contains a memory lea..." + }, + "fullDescription": { + "text": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-26461", + "help": { + "text": "Vulnerability CVE-2024-26461\nSeverity: low\nPackage: krb5-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-26461](https://access.redhat.com/security/cve/CVE-2024-26461)\nKerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "markdown": "**Vulnerability CVE-2024-26461**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|krb5-libs|any in centos 7.6.1810|[]()|CVE-2024-26461|[https://access.redhat.com/security/cve/CVE-2024-26461](Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2020:4908", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libX11 packages contain the core X11 protocol ..." + }, + "fullDescription": { + "text": "The libX11 packages contain the core X11 protocol client library." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-14363", + "help": { + "text": "Vulnerability RHSA-2020:4908\nSeverity: high\nPackage: libX11-common\nFixed Version: 1.6.7-3.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4908](https://access.redhat.com/security/cve/CVE-2020-14363)\nThe libX11 packages contain the core X11 protocol client library.", + "markdown": "**Vulnerability RHSA-2020:4908**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|libX11-common|1.6.7-3.el7_9|[]()|RHSA-2020:4908|[https://access.redhat.com/security/cve/CVE-2020-14363](The libX11 packages contain the core X11 protocol client library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2021:3296", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libX11 packages contain the core X11 protocol ..." + }, + "fullDescription": { + "text": "The libX11 packages contain the core X11 protocol client library." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-31535", + "help": { + "text": "Vulnerability RHSA-2021:3296\nSeverity: high\nPackage: libX11-common\nFixed Version: 1.6.7-4.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3296](https://access.redhat.com/security/cve/CVE-2021-31535)\nThe libX11 packages contain the core X11 protocol client library.", + "markdown": "**Vulnerability RHSA-2021:3296**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|libX11-common|1.6.7-4.el7_9|[]()|RHSA-2021:3296|[https://access.redhat.com/security/cve/CVE-2021-31535](The libX11 packages contain the core X11 protocol client library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2019:2079", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "X.Org is an open-source implementation of the X Wi..." + }, + "fullDescription": { + "text": "X.Org is an open-source implementation of the X Window System. It provides ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-14600", + "help": { + "text": "Vulnerability RHSA-2019:2079\nSeverity: medium\nPackage: libX11-common\nFixed Version: 1.6.7-2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2079](https://access.redhat.com/security/cve/CVE-2018-14600)\nX.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.", + "markdown": "**Vulnerability RHSA-2019:2079**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libX11-common|1.6.7-2.el7|[]()|RHSA-2019:2079|[https://access.redhat.com/security/cve/CVE-2018-14600](X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-3138", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in libX11. The security ..." + }, + "fullDescription": { + "text": "A vulnerability was found in libX11. The security flaw occurs because the f..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-3138", + "help": { + "text": "Vulnerability CVE-2023-3138\nSeverity: medium\nPackage: libX11-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-3138](https://access.redhat.com/security/cve/CVE-2023-3138)\nA vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", + "markdown": "**Vulnerability CVE-2023-3138**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libX11-common|any in centos 7.6.1810|[]()|CVE-2023-3138|[https://access.redhat.com/security/cve/CVE-2023-3138](A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-43785", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in libX11 due to a bound..." + }, + "fullDescription": { + "text": "A vulnerability was found in libX11 due to a boundary condition within the ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-43785", + "help": { + "text": "Vulnerability CVE-2023-43785\nSeverity: medium\nPackage: libX11-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-43785](https://access.redhat.com/security/cve/CVE-2023-43785)\nA vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", + "markdown": "**Vulnerability CVE-2023-43785**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libX11-common|any in centos 7.6.1810|[]()|CVE-2023-43785|[https://access.redhat.com/security/cve/CVE-2023-43785](A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-43786", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in libX11 due to an infi..." + }, + "fullDescription": { + "text": "A vulnerability was found in libX11 due to an infinite loop within the PutS..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-43786", + "help": { + "text": "Vulnerability CVE-2023-43786\nSeverity: medium\nPackage: libX11-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-43786](https://access.redhat.com/security/cve/CVE-2023-43786)\nA vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", + "markdown": "**Vulnerability CVE-2023-43786**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libX11-common|any in centos 7.6.1810|[]()|CVE-2023-43786|[https://access.redhat.com/security/cve/CVE-2023-43786](A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-43787", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in libX11 due to an inte..." + }, + "fullDescription": { + "text": "A vulnerability was found in libX11 due to an integer overflow within the X..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-43787", + "help": { + "text": "Vulnerability CVE-2023-43787\nSeverity: medium\nPackage: libX11-common\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-43787](https://access.redhat.com/security/cve/CVE-2023-43787)\nA vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", + "markdown": "**Vulnerability CVE-2023-43787**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libX11-common|any in centos 7.6.1810|[]()|CVE-2023-43787|[https://access.redhat.com/security/cve/CVE-2023-43787](A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-21583", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in hwclock.13-v2.27 allows..." + }, + "fullDescription": { + "text": "An issue was discovered in hwclock.13-v2.27 allows attackers to gain escala..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-21583", + "help": { + "text": "Vulnerability CVE-2020-21583\nSeverity: medium\nPackage: util-linux\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-21583](https://access.redhat.com/security/cve/CVE-2020-21583)\nAn issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.", + "markdown": "**Vulnerability CVE-2020-21583**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|util-linux|any in centos 7.6.1810|[]()|CVE-2020-21583|[https://access.redhat.com/security/cve/CVE-2020-21583](An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-0563", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in the util-linux chfn and chsh u..." + }, + "fullDescription": { + "text": "A flaw was found in the util-linux chfn and chsh utilities when compiled wi..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-0563", + "help": { + "text": "Vulnerability CVE-2022-0563\nSeverity: medium\nPackage: util-linux\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0563](https://access.redhat.com/security/cve/CVE-2022-0563)\nA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|util-linux|any in centos 7.6.1810|[]()|CVE-2022-0563|[https://access.redhat.com/security/cve/CVE-2022-0563](A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-37600", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An integer overflow in util-linux through 2.37.1 c..." + }, + "fullDescription": { + "text": "An integer overflow in util-linux through 2.37.1 can potentially cause a bu..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-37600", + "help": { + "text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: util-linux\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37600](https://access.redhat.com/security/cve/CVE-2021-37600)\nAn integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", + "markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|util-linux|any in centos 7.6.1810|[]()|CVE-2021-37600|[https://access.redhat.com/security/cve/CVE-2021-37600](An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-2603", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in libcap. This issue oc..." + }, + "fullDescription": { + "text": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdu..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-2603", + "help": { + "text": "Vulnerability CVE-2023-2603\nSeverity: medium\nPackage: libcap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2603](https://access.redhat.com/security/cve/CVE-2023-2603)\nA vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", + "markdown": "**Vulnerability CVE-2023-2603**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcap|any in centos 7.6.1810|[]()|CVE-2023-2603|[https://access.redhat.com/security/cve/CVE-2023-2603](A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-2602", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in the pthread_create() ..." + }, + "fullDescription": { + "text": "A vulnerability was found in the pthread_create() function in libcap. This ..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-2602", + "help": { + "text": "Vulnerability CVE-2023-2602\nSeverity: low\nPackage: libcap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2602](https://access.redhat.com/security/cve/CVE-2023-2602)\nA vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", + "markdown": "**Vulnerability CVE-2023-2602**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libcap|any in centos 7.6.1810|[]()|CVE-2023-2602|[https://access.redhat.com/security/cve/CVE-2023-2602](A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2020:4011", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The e2fsprogs packages provide a number of utiliti..." + }, + "fullDescription": { + "text": "The e2fsprogs packages provide a number of utilities for creating, checking..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-5188", + "help": { + "text": "Vulnerability RHSA-2020:4011\nSeverity: medium\nPackage: libcom_err\nFixed Version: 1.42.9-19.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4011](https://access.redhat.com/security/cve/CVE-2019-5188)\nThe e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems.", + "markdown": "**Vulnerability RHSA-2020:4011**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcom_err|1.42.9-19.el7|[]()|RHSA-2020:4011|[https://access.redhat.com/security/cve/CVE-2019-5188](The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-1304", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An out-of-bounds read/write vulnerability was foun..." + }, + "fullDescription": { + "text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. Th..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-1304", + "help": { + "text": "Vulnerability CVE-2022-1304\nSeverity: medium\nPackage: libcom_err\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1304](https://access.redhat.com/security/cve/CVE-2022-1304)\nAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", + "markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libcom_err|any in centos 7.6.1810|[]()|CVE-2022-1304|[https://access.redhat.com/security/cve/CVE-2022-1304](An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-28362", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Go before 1.14.12 and 1.15.x before 1.15.4 allows ..." + }, + "fullDescription": { + "text": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-28362", + "help": { + "text": "Vulnerability CVE-2020-28362\nSeverity: medium\nPackage: libstdc++\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28362](https://access.redhat.com/security/cve/CVE-2020-28362)\nGo before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.", + "markdown": "**Vulnerability CVE-2020-28362**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libstdc++|any in centos 7.6.1810|[]()|CVE-2020-28362|[https://access.redhat.com/security/cve/CVE-2020-28362](Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-28366", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Code injection in the go command with cgo before G..." + }, + "fullDescription": { + "text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 a..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-28366", + "help": { + "text": "Vulnerability CVE-2020-28366\nSeverity: medium\nPackage: libstdc++\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28366](https://access.redhat.com/security/cve/CVE-2020-28366)\nCode injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.", + "markdown": "**Vulnerability CVE-2020-28366**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libstdc++|any in centos 7.6.1810|[]()|CVE-2020-28366|[https://access.redhat.com/security/cve/CVE-2020-28366](Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-28367", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Code injection in the go command with cgo before G..." + }, + "fullDescription": { + "text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 a..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-28367", + "help": { + "text": "Vulnerability CVE-2020-28367\nSeverity: medium\nPackage: libstdc++\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28367](https://access.redhat.com/security/cve/CVE-2020-28367)\nCode injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.", + "markdown": "**Vulnerability CVE-2020-28367**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libstdc++|any in centos 7.6.1810|[]()|CVE-2020-28367|[https://access.redhat.com/security/cve/CVE-2020-28367](Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-27918", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "encoding/xml in Go before 1.15.9 and 1.16.x before..." + }, + "fullDescription": { + "text": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite l..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-27918", + "help": { + "text": "Vulnerability CVE-2021-27918\nSeverity: medium\nPackage: libstdc++\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-27918](https://access.redhat.com/security/cve/CVE-2021-27918)\nencoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.", + "markdown": "**Vulnerability CVE-2021-27918**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libstdc++|any in centos 7.6.1810|[]()|CVE-2021-27918|[https://access.redhat.com/security/cve/CVE-2021-27918](encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3826", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Heap/stack buffer overflow in the dlang_lname func..." + }, + "fullDescription": { + "text": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in l..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3826", + "help": { + "text": "Vulnerability CVE-2021-3826\nSeverity: low\nPackage: libstdc++\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3826](https://access.redhat.com/security/cve/CVE-2021-3826)\nHeap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", + "markdown": "**Vulnerability CVE-2021-3826**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libstdc++|any in centos 7.6.1810|[]()|CVE-2021-3826|[https://access.redhat.com/security/cve/CVE-2021-3826](Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-46195", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GCC v12.0 was discovered to contain an uncontrolle..." + }, + "fullDescription": { + "text": "GCC v12.0 was discovered to contain an uncontrolled recursion via the compo..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-46195", + "help": { + "text": "Vulnerability CVE-2021-46195\nSeverity: low\nPackage: libstdc++\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-46195](https://access.redhat.com/security/cve/CVE-2021-46195)\nGCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", + "markdown": "**Vulnerability CVE-2021-46195**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libstdc++|any in centos 7.6.1810|[]()|CVE-2021-46195|[https://access.redhat.com/security/cve/CVE-2021-46195](GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-33560", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mish..." + }, + "fullDescription": { + "text": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-33560", + "help": { + "text": "Vulnerability CVE-2021-33560\nSeverity: medium\nPackage: libgcrypt\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-33560](https://access.redhat.com/security/cve/CVE-2021-33560)\nLibgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", + "markdown": "**Vulnerability CVE-2021-33560**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libgcrypt|any in centos 7.6.1810|[]()|CVE-2021-33560|[https://access.redhat.com/security/cve/CVE-2021-33560](Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-40528", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The ElGamal implementation in Libgcrypt before 1.9..." + }, + "fullDescription": { + "text": "The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recov..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-40528", + "help": { + "text": "Vulnerability CVE-2021-40528\nSeverity: medium\nPackage: libgcrypt\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-40528](https://access.redhat.com/security/cve/CVE-2021-40528)\nThe ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.", + "markdown": "**Vulnerability CVE-2021-40528**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libgcrypt|any in centos 7.6.1810|[]()|CVE-2021-40528|[https://access.redhat.com/security/cve/CVE-2021-40528](The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2024-2236", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A timing-based side-channel flaw was found in libg..." + }, + "fullDescription": { + "text": "A timing-based side-channel flaw was found in libgcrypt\u0026#39;s RSA implementatio..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-2236", + "help": { + "text": "Vulnerability CVE-2024-2236\nSeverity: medium\nPackage: libgcrypt\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-2236](https://access.redhat.com/security/cve/CVE-2024-2236)\nA timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "markdown": "**Vulnerability CVE-2024-2236**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libgcrypt|any in centos 7.6.1810|[]()|CVE-2024-2236|[https://access.redhat.com/security/cve/CVE-2024-2236](A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:2052", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libjpeg-turbo packages contain a library of fu..." + }, + "fullDescription": { + "text": "The libjpeg-turbo packages contain a library of functions for manipulating ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2016-3616", + "help": { + "text": "Vulnerability RHSA-2019:2052\nSeverity: medium\nPackage: libjpeg-turbo\nFixed Version: 1.2.90-8.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2052](https://access.redhat.com/security/cve/CVE-2016-3616)\nThe libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance.", + "markdown": "**Vulnerability RHSA-2019:2052**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libjpeg-turbo|1.2.90-8.el7|[]()|RHSA-2019:2052|[https://access.redhat.com/security/cve/CVE-2016-3616](The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-17541", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Libjpeg-turbo all version have a stack-based buffe..." + }, + "fullDescription": { + "text": "Libjpeg-turbo all version have a stack-based buffer overflow in the \u0026#34;transf..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-17541", + "help": { + "text": "Vulnerability CVE-2020-17541\nSeverity: medium\nPackage: libjpeg-turbo\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-17541](https://access.redhat.com/security/cve/CVE-2020-17541)\nLibjpeg-turbo all version have a stack-based buffer overflow in the \"transform\" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.", + "markdown": "**Vulnerability CVE-2020-17541**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libjpeg-turbo|any in centos 7.6.1810|[]()|CVE-2020-17541|[https://access.redhat.com/security/cve/CVE-2020-17541](Libjpeg-turbo all version have a stack-based buffer overflow in the \"transform\" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-29390", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "libjpeg-turbo version 2.0.90 has a heap-based buff..." + }, + "fullDescription": { + "text": "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-29390", + "help": { + "text": "Vulnerability CVE-2021-29390\nSeverity: medium\nPackage: libjpeg-turbo\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-29390](https://access.redhat.com/security/cve/CVE-2021-29390)\nlibjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", + "markdown": "**Vulnerability CVE-2021-29390**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libjpeg-turbo|any in centos 7.6.1810|[]()|CVE-2021-29390|[https://access.redhat.com/security/cve/CVE-2021-29390](libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:3901", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libpng packages contain a library of functions..." + }, + "fullDescription": { + "text": "The libpng packages contain a library of functions for creating and manipul..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2017-12652", + "help": { + "text": "Vulnerability RHSA-2020:3901\nSeverity: low\nPackage: libpng\nFixed Version: 2:1.5.13-8.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3901](https://access.redhat.com/security/cve/CVE-2017-12652)\nThe libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.", + "markdown": "**Vulnerability RHSA-2020:3901**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libpng|2:1.5.13-8.el7|[]()|RHSA-2020:3901|[https://access.redhat.com/security/cve/CVE-2017-12652](The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-36084", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The CIL compiler in SELinux 3.2 has a use-after-fr..." + }, + "fullDescription": { + "text": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classp..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-36084", + "help": { + "text": "Vulnerability CVE-2021-36084\nSeverity: medium\nPackage: libsepol\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36084](https://access.redhat.com/security/cve/CVE-2021-36084)\nThe CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).", + "markdown": "**Vulnerability CVE-2021-36084**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libsepol|any in centos 7.6.1810|[]()|CVE-2021-36084|[https://access.redhat.com/security/cve/CVE-2021-36084](The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-36085", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The CIL compiler in SELinux 3.2 has a use-after-fr..." + }, + "fullDescription": { + "text": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classp..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-36085", + "help": { + "text": "Vulnerability CVE-2021-36085\nSeverity: medium\nPackage: libsepol\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36085](https://access.redhat.com/security/cve/CVE-2021-36085)\nThe CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).", + "markdown": "**Vulnerability CVE-2021-36085**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libsepol|any in centos 7.6.1810|[]()|CVE-2021-36085|[https://access.redhat.com/security/cve/CVE-2021-36085](The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-36086", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The CIL compiler in SELinux 3.2 has a use-after-fr..." + }, + "fullDescription": { + "text": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classperm..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-36086", + "help": { + "text": "Vulnerability CVE-2021-36086\nSeverity: medium\nPackage: libsepol\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36086](https://access.redhat.com/security/cve/CVE-2021-36086)\nThe CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).", + "markdown": "**Vulnerability CVE-2021-36086**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libsepol|any in centos 7.6.1810|[]()|CVE-2021-36086|[https://access.redhat.com/security/cve/CVE-2021-36086](The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-36087", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The CIL compiler in SELinux 3.2 has a heap-based b..." + }, + "fullDescription": { + "text": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitma..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-36087", + "help": { + "text": "Vulnerability CVE-2021-36087\nSeverity: medium\nPackage: libsepol\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36087](https://access.redhat.com/security/cve/CVE-2021-36087)\nThe CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.", + "markdown": "**Vulnerability CVE-2021-36087**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libsepol|any in centos 7.6.1810|[]()|CVE-2021-36087|[https://access.redhat.com/security/cve/CVE-2021-36087](The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:0679", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libssh2 packages provide a library that implem..." + }, + "fullDescription": { + "text": "The libssh2 packages provide a library that implements the SSH2 protocol." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-3863", + "help": { + "text": "Vulnerability RHSA-2019:0679\nSeverity: high\nPackage: libssh2\nFixed Version: 1.4.3-12.el7_6.2\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0679](https://access.redhat.com/security/cve/CVE-2019-3863)\nThe libssh2 packages provide a library that implements the SSH2 protocol.", + "markdown": "**Vulnerability RHSA-2019:0679**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|libssh2|1.4.3-12.el7_6.2|[]()|RHSA-2019:0679|[https://access.redhat.com/security/cve/CVE-2019-3863](The libssh2 packages provide a library that implements the SSH2 protocol.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:3915", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libssh2 packages provide a library that implem..." + }, + "fullDescription": { + "text": "The libssh2 packages provide a library that implements the SSH2 protocol." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-17498", + "help": { + "text": "Vulnerability RHSA-2020:3915\nSeverity: medium\nPackage: libssh2\nFixed Version: 1.8.0-4.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3915](https://access.redhat.com/security/cve/CVE-2019-17498)\nThe libssh2 packages provide a library that implements the SSH2 protocol.", + "markdown": "**Vulnerability RHSA-2020:3915**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libssh2|1.8.0-4.el7|[]()|RHSA-2020:3915|[https://access.redhat.com/security/cve/CVE-2019-17498](The libssh2 packages provide a library that implements the SSH2 protocol.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:2136", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libssh2 packages provide a library that implem..." + }, + "fullDescription": { + "text": "The libssh2 packages provide a library that implements the SSH2 protocol." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-3861", + "help": { + "text": "Vulnerability RHSA-2019:2136\nSeverity: medium\nPackage: libssh2\nFixed Version: 1.8.0-3.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2136](https://access.redhat.com/security/cve/CVE-2019-3861)\nThe libssh2 packages provide a library that implements the SSH2 protocol.", + "markdown": "**Vulnerability RHSA-2019:2136**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libssh2|1.8.0-3.el7|[]()|RHSA-2019:2136|[https://access.redhat.com/security/cve/CVE-2019-3861](The libssh2 packages provide a library that implements the SSH2 protocol.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:1884", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libssh2 packages provide a library that implem..." + }, + "fullDescription": { + "text": "The libssh2 packages provide a library that implements the SSH2 protocol." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-3862", + "help": { + "text": "Vulnerability RHSA-2019:1884\nSeverity: medium\nPackage: libssh2\nFixed Version: 1.4.3-12.el7_6.3\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1884](https://access.redhat.com/security/cve/CVE-2019-3862)\nThe libssh2 packages provide a library that implements the SSH2 protocol.", + "markdown": "**Vulnerability RHSA-2019:1884**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libssh2|1.4.3-12.el7_6.3|[]()|RHSA-2019:1884|[https://access.redhat.com/security/cve/CVE-2019-3862](The libssh2 packages provide a library that implements the SSH2 protocol.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2023:5615", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libssh2 packages provide a library that implem..." + }, + "fullDescription": { + "text": "The libssh2 packages provide a library that implements the SSH2 protocol." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-22218", + "help": { + "text": "Vulnerability RHSA-2023:5615\nSeverity: medium\nPackage: libssh2\nFixed Version: 1.8.0-4.el7_9.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:5615](https://access.redhat.com/security/cve/CVE-2020-22218)\nThe libssh2 packages provide a library that implements the SSH2 protocol.", + "markdown": "**Vulnerability RHSA-2023:5615**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libssh2|1.8.0-4.el7_9.1|[]()|RHSA-2023:5615|[https://access.redhat.com/security/cve/CVE-2020-22218](The libssh2 packages provide a library that implements the SSH2 protocol.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-2283", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in libssh, where the aut..." + }, + "fullDescription": { + "text": "A vulnerability was found in libssh, where the authentication check of the ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-2283", + "help": { + "text": "Vulnerability CVE-2023-2283\nSeverity: medium\nPackage: libssh2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2283](https://access.redhat.com/security/cve/CVE-2023-2283)\nA vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.", + "markdown": "**Vulnerability CVE-2023-2283**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libssh2|any in centos 7.6.1810|[]()|CVE-2023-2283|[https://access.redhat.com/security/cve/CVE-2023-2283](A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-48795", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The SSH transport protocol with certain OpenSSH ex..." + }, + "fullDescription": { + "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSS..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-48795", + "help": { + "text": "Vulnerability CVE-2023-48795\nSeverity: medium\nPackage: libssh2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-48795](https://access.redhat.com/security/cve/CVE-2023-48795)\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", + "markdown": "**Vulnerability CVE-2023-48795**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libssh2|any in centos 7.6.1810|[]()|CVE-2023-48795|[https://access.redhat.com/security/cve/CVE-2023-48795](The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-6918", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in the libssh implements abstract..." + }, + "fullDescription": { + "text": "A flaw was found in the libssh implements abstract layer for message digest..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-6918", + "help": { + "text": "Vulnerability CVE-2023-6918\nSeverity: low\nPackage: libssh2\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-6918](https://access.redhat.com/security/cve/CVE-2023-6918)\nA flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", + "markdown": "**Vulnerability CVE-2023-6918**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|libssh2|any in centos 7.6.1810|[]()|CVE-2023-6918|[https://access.redhat.com/security/cve/CVE-2023-6918](A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-46848", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-..." + }, + "fullDescription": { + "text": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-46848", + "help": { + "text": "Vulnerability CVE-2021-46848\nSeverity: medium\nPackage: libtasn1\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-46848](https://access.redhat.com/security/cve/CVE-2021-46848)\nGNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", + "markdown": "**Vulnerability CVE-2021-46848**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libtasn1|any in centos 7.6.1810|[]()|CVE-2021-46848|[https://access.redhat.com/security/cve/CVE-2021-46848](GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:1190", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libxml2 library is a development toolbox provi..." + }, + "fullDescription": { + "text": "The libxml2 library is a development toolbox providing the implementation o..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2017-15412", + "help": { + "text": "Vulnerability RHSA-2020:1190\nSeverity: medium\nPackage: libxml2-python\nFixed Version: 2.9.1-6.el7.4\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1190](https://access.redhat.com/security/cve/CVE-2017-15412)\nThe libxml2 library is a development toolbox providing the implementation of various XML standards.", + "markdown": "**Vulnerability RHSA-2020:1190**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|2.9.1-6.el7.4|[]()|RHSA-2020:1190|[https://access.redhat.com/security/cve/CVE-2017-15412](The libxml2 library is a development toolbox providing the implementation of various XML standards.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-3709", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Possible cross-site scripting vulnerability in lib..." + }, + "fullDescription": { + "text": "Possible cross-site scripting vulnerability in libxml after commit 960f0e2." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2016-3709", + "help": { + "text": "Vulnerability CVE-2016-3709\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-3709](https://access.redhat.com/security/cve/CVE-2016-3709)\nPossible cross-site scripting vulnerability in libxml after commit 960f0e2.", + "markdown": "**Vulnerability CVE-2016-3709**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2016-3709|[https://access.redhat.com/security/cve/CVE-2016-3709](Possible cross-site scripting vulnerability in libxml after commit 960f0e2.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2021:3810", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libxml2 library is a development toolbox provi..." + }, + "fullDescription": { + "text": "The libxml2 library is a development toolbox providing the implementation o..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2016-4658", + "help": { + "text": "Vulnerability RHSA-2021:3810\nSeverity: medium\nPackage: libxml2-python\nFixed Version: 2.9.1-6.el7_9.6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3810](https://access.redhat.com/security/cve/CVE-2016-4658)\nThe libxml2 library is a development toolbox providing the implementation of various XML standards.", + "markdown": "**Vulnerability RHSA-2021:3810**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|2.9.1-6.el7_9.6|[]()|RHSA-2021:3810|[https://access.redhat.com/security/cve/CVE-2016-4658](The libxml2 library is a development toolbox providing the implementation of various XML standards.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:3996", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The libxml2 library is a development toolbox provi..." + }, + "fullDescription": { + "text": "The libxml2 library is a development toolbox providing the implementation o..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-7595", + "help": { + "text": "Vulnerability RHSA-2020:3996\nSeverity: medium\nPackage: libxml2-python\nFixed Version: 2.9.1-6.el7.5\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3996](https://access.redhat.com/security/cve/CVE-2020-7595)\nThe libxml2 library is a development toolbox providing the implementation of various XML standards.", + "markdown": "**Vulnerability RHSA-2020:3996**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|2.9.1-6.el7.5|[]()|RHSA-2020:3996|[https://access.redhat.com/security/cve/CVE-2020-7595](The libxml2 library is a development toolbox providing the implementation of various XML standards.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3516", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "There\u0026#39;s a flaw in libxml2\u0026#39;s xmllint in versions be..." + }, + "fullDescription": { + "text": "There\u0026#39;s a flaw in libxml2\u0026#39;s xmllint in versions before 2.9.11. An attacker ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3516", + "help": { + "text": "Vulnerability CVE-2021-3516\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3516](https://access.redhat.com/security/cve/CVE-2021-3516)\nThere's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", + "markdown": "**Vulnerability CVE-2021-3516**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2021-3516|[https://access.redhat.com/security/cve/CVE-2021-3516](There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3517", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "There is a flaw in the xml entity encoding functio..." + }, + "fullDescription": { + "text": "There is a flaw in the xml entity encoding functionality of libxml2 in vers..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3517", + "help": { + "text": "Vulnerability CVE-2021-3517\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3517](https://access.redhat.com/security/cve/CVE-2021-3517)\nThere is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", + "markdown": "**Vulnerability CVE-2021-3517**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2021-3517|[https://access.redhat.com/security/cve/CVE-2021-3517](There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3518", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "There\u0026#39;s a flaw in libxml2 in versions before 2.9.1..." + }, + "fullDescription": { + "text": "There\u0026#39;s a flaw in libxml2 in versions before 2.9.11. An attacker who is abl..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3518", + "help": { + "text": "Vulnerability CVE-2021-3518\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3518](https://access.redhat.com/security/cve/CVE-2021-3518)\nThere's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", + "markdown": "**Vulnerability CVE-2021-3518**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2021-3518|[https://access.redhat.com/security/cve/CVE-2021-3518](There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3537", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability found in libxml2 in versions befor..." + }, + "fullDescription": { + "text": "A vulnerability found in libxml2 in versions before 2.9.11 shows that it di..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3537", + "help": { + "text": "Vulnerability CVE-2021-3537\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3537](https://access.redhat.com/security/cve/CVE-2021-3537)\nA vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", + "markdown": "**Vulnerability CVE-2021-3537**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2021-3537|[https://access.redhat.com/security/cve/CVE-2021-3537](A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-23308", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "valid.c in libxml2 before 2.9.13 has a use-after-f..." + }, + "fullDescription": { + "text": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attri..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-23308", + "help": { + "text": "Vulnerability CVE-2022-23308\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23308](https://access.redhat.com/security/cve/CVE-2022-23308)\nvalid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", + "markdown": "**Vulnerability CVE-2022-23308**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2022-23308|[https://access.redhat.com/security/cve/CVE-2022-23308](valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-40303", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in libxml2 before 2.10.3. ..." + }, + "fullDescription": { + "text": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-giga..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-40303", + "help": { + "text": "Vulnerability CVE-2022-40303\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40303](https://access.redhat.com/security/cve/CVE-2022-40303)\nAn issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.", + "markdown": "**Vulnerability CVE-2022-40303**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2022-40303|[https://access.redhat.com/security/cve/CVE-2022-40303](An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-40304", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in libxml2 before 2.10.3. ..." + }, + "fullDescription": { + "text": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entit..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-40304", + "help": { + "text": "Vulnerability CVE-2022-40304\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40304](https://access.redhat.com/security/cve/CVE-2022-40304)\nAn issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.", + "markdown": "**Vulnerability CVE-2022-40304**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2022-40304|[https://access.redhat.com/security/cve/CVE-2022-40304](An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-28484", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In libxml2 before 2.10.4, parsing of certain inval..." + }, + "fullDescription": { + "text": "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead t..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-28484", + "help": { + "text": "Vulnerability CVE-2023-28484\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-28484](https://access.redhat.com/security/cve/CVE-2023-28484)\nIn libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", + "markdown": "**Vulnerability CVE-2023-28484**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2023-28484|[https://access.redhat.com/security/cve/CVE-2023-28484](In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-29469", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in libxml2 before 2.10.4. ..." + }, + "fullDescription": { + "text": "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict s..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-29469", + "help": { + "text": "Vulnerability CVE-2023-29469\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-29469](https://access.redhat.com/security/cve/CVE-2023-29469)\nAn issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", + "markdown": "**Vulnerability CVE-2023-29469**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2023-29469|[https://access.redhat.com/security/cve/CVE-2023-29469](An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-39615", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Xmlsoft Libxml2 v2.11.0 was discovered to contain ..." + }, + "fullDescription": { + "text": "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-39615", + "help": { + "text": "Vulnerability CVE-2023-39615\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-39615](https://access.redhat.com/security/cve/CVE-2023-39615)\nXmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.", + "markdown": "**Vulnerability CVE-2023-39615**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2023-39615|[https://access.redhat.com/security/cve/CVE-2023-39615](Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2024-25062", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in libxml2 before 2.11.7 a..." + }, + "fullDescription": { + "text": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-25062", + "help": { + "text": "Vulnerability CVE-2024-25062\nSeverity: medium\nPackage: libxml2-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-25062](https://access.redhat.com/security/cve/CVE-2024-25062)\nAn issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", + "markdown": "**Vulnerability CVE-2024-25062**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxml2-python|any in centos 7.6.1810|[]()|CVE-2024-25062|[https://access.redhat.com/security/cve/CVE-2024-25062](An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:4005", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "libxslt is a library for transforming XML files in..." + }, + "fullDescription": { + "text": "libxslt is a library for transforming XML files into other textual formats ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-18197", + "help": { + "text": "Vulnerability RHSA-2020:4005\nSeverity: medium\nPackage: libxslt\nFixed Version: 1.1.28-6.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4005](https://access.redhat.com/security/cve/CVE-2019-18197)\nlibxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. ", + "markdown": "**Vulnerability RHSA-2020:4005**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|libxslt|1.1.28-6.el7|[]()|RHSA-2020:4005|[https://access.redhat.com/security/cve/CVE-2019-18197](libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. )|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-43519", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Stack overflow in lua_resume of ldo.c in Lua Inter..." + }, + "fullDescription": { + "text": "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-43519", + "help": { + "text": "Vulnerability CVE-2021-43519\nSeverity: medium\nPackage: lua\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-43519](https://access.redhat.com/security/cve/CVE-2021-43519)\nStack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", + "markdown": "**Vulnerability CVE-2021-43519**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|lua|any in centos 7.6.1810|[]()|CVE-2021-43519|[https://access.redhat.com/security/cve/CVE-2021-43519](Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3520", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "There\u0026#39;s a flaw in lz4. An attacker who submits a c..." + }, + "fullDescription": { + "text": "There\u0026#39;s a flaw in lz4. An attacker who submits a crafted file to an applica..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3520", + "help": { + "text": "Vulnerability CVE-2021-3520\nSeverity: medium\nPackage: lz4\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3520](https://access.redhat.com/security/cve/CVE-2021-3520)\nThere's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", + "markdown": "**Vulnerability CVE-2021-3520**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|lz4|any in centos 7.6.1810|[]()|CVE-2021-3520|[https://access.redhat.com/security/cve/CVE-2021-3520](There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-29491", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "ncurses before 6.4 20230408, when used by a setuid..." + }, + "fullDescription": { + "text": "ncurses before 6.4 20230408, when used by a setuid application, allows loca..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-29491", + "help": { + "text": "Vulnerability CVE-2023-29491\nSeverity: medium\nPackage: ncurses-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-29491](https://access.redhat.com/security/cve/CVE-2023-29491)\nncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "markdown": "**Vulnerability CVE-2023-29491**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|ncurses-libs|any in centos 7.6.1810|[]()|CVE-2023-29491|[https://access.redhat.com/security/cve/CVE-2023-29491](ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-19188", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Buffer Overflow vulnerability in fmt_entry functio..." + }, + "fullDescription": { + "text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-19188", + "help": { + "text": "Vulnerability CVE-2020-19188\nSeverity: low\nPackage: ncurses-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-19188](https://access.redhat.com/security/cve/CVE-2020-19188)\nBuffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.", + "markdown": "**Vulnerability CVE-2020-19188**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|ncurses-libs|any in centos 7.6.1810|[]()|CVE-2020-19188|[https://access.redhat.com/security/cve/CVE-2020-19188](Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-39537", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in ncurses through v6.2-1...." + }, + "fullDescription": { + "text": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoin..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-39537", + "help": { + "text": "Vulnerability CVE-2021-39537\nSeverity: low\nPackage: ncurses-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-39537](https://access.redhat.com/security/cve/CVE-2021-39537)\nAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.", + "markdown": "**Vulnerability CVE-2021-39537**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|ncurses-libs|any in centos 7.6.1810|[]()|CVE-2021-39537|[https://access.redhat.com/security/cve/CVE-2021-39537](An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2019:2237", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Network Security Services (NSS) is a set of librar..." + }, + "fullDescription": { + "text": "Network Security Services (NSS) is a set of libraries designed to support t..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-17007", + "help": { + "text": "Vulnerability RHSA-2019:2237\nSeverity: medium\nPackage: nss-util\nFixed Version: 3.44.0-3.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2237](https://access.redhat.com/security/cve/CVE-2019-17007)\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.", + "markdown": "**Vulnerability RHSA-2019:2237**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|nss-util|3.44.0-3.el7|[]()|RHSA-2019:2237|[https://access.redhat.com/security/cve/CVE-2019-17007](Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:4076", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Network Security Services (NSS) is a set of librar..." + }, + "fullDescription": { + "text": "Network Security Services (NSS) is a set of libraries designed to support t..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-17006", + "help": { + "text": "Vulnerability RHSA-2020:4076\nSeverity: medium\nPackage: nss-util\nFixed Version: 3.53.1-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4076](https://access.redhat.com/security/cve/CVE-2019-17006)\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.", + "markdown": "**Vulnerability RHSA-2020:4076**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|nss-util|3.53.1-1.el7_9|[]()|RHSA-2020:4076|[https://access.redhat.com/security/cve/CVE-2019-17006](Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2021:4904", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Network Security Services (NSS) is a set of librar..." + }, + "fullDescription": { + "text": "Network Security Services (NSS) is a set of libraries designed to support t..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-43527", + "help": { + "text": "Vulnerability RHSA-2021:4904\nSeverity: critical\nPackage: nss-tools\nFixed Version: 3.67.0-4.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4904](https://access.redhat.com/security/cve/CVE-2021-43527)\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.", + "markdown": "**Vulnerability RHSA-2021:4904**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|nss-tools|3.67.0-4.el7_9|[]()|RHSA-2021:4904|[https://access.redhat.com/security/cve/CVE-2021-43527](Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2014-3566", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The SSL protocol 3.0, as used in OpenSSL through 1..." + }, + "fullDescription": { + "text": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products,..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2014-3566", + "help": { + "text": "Vulnerability CVE-2014-3566\nSeverity: high\nPackage: nss-tools\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3566](https://access.redhat.com/security/cve/CVE-2014-3566)\nThe SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.", + "markdown": "**Vulnerability CVE-2014-3566**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|nss-tools|any in centos 7.6.1810|[]()|CVE-2014-3566|[https://access.redhat.com/security/cve/CVE-2014-3566](The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2019:4190", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Network Security Services (NSS) is a set of librar..." + }, + "fullDescription": { + "text": "Network Security Services (NSS) is a set of libraries designed to support t..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-11745", + "help": { + "text": "Vulnerability RHSA-2019:4190\nSeverity: high\nPackage: nss-util\nFixed Version: 3.44.0-4.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:4190](https://access.redhat.com/security/cve/CVE-2019-11745)\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.", + "markdown": "**Vulnerability RHSA-2019:4190**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|nss-util|3.44.0-4.el7_7|[]()|RHSA-2019:4190|[https://access.redhat.com/security/cve/CVE-2019-11745](Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2023:1332", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Network Security Services (NSS) is a set of librar..." + }, + "fullDescription": { + "text": "Network Security Services (NSS) is a set of libraries designed to support t..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-0767", + "help": { + "text": "Vulnerability RHSA-2023:1332\nSeverity: high\nPackage: nss-tools\nFixed Version: 3.79.0-5.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1332](https://access.redhat.com/security/cve/CVE-2023-0767)\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.", + "markdown": "**Vulnerability RHSA-2023:1332**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|nss-tools|3.79.0-5.el7_9|[]()|RHSA-2023:1332|[https://access.redhat.com/security/cve/CVE-2023-0767](Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2021:1384", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Network Security Services (NSS) is a set of librar..." + }, + "fullDescription": { + "text": "Network Security Services (NSS) is a set of libraries designed to support t..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-25648", + "help": { + "text": "Vulnerability RHSA-2021:1384\nSeverity: medium\nPackage: nss-tools\nFixed Version: 3.53.1-7.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1384](https://access.redhat.com/security/cve/CVE-2020-25648)\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.", + "markdown": "**Vulnerability RHSA-2021:1384**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|nss-tools|3.53.1-7.el7_9|[]()|RHSA-2021:1384|[https://access.redhat.com/security/cve/CVE-2020-25648](Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-5388", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "NSS was susceptible to a timing side-channel attac..." + }, + "fullDescription": { + "text": "NSS was susceptible to a timing side-channel attack when performing RSA dec..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-5388", + "help": { + "text": "Vulnerability CVE-2023-5388\nSeverity: medium\nPackage: nss-tools\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5388](https://access.redhat.com/security/cve/CVE-2023-5388)\nNSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.", + "markdown": "**Vulnerability CVE-2023-5388**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|nss-tools|any in centos 7.6.1810|[]()|CVE-2023-5388|[https://access.redhat.com/security/cve/CVE-2023-5388](NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:4041", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenLDAP is an open-source suite of Lightweight Di..." + }, + "fullDescription": { + "text": "OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-12243", + "help": { + "text": "Vulnerability RHSA-2020:4041\nSeverity: medium\nPackage: openldap\nFixed Version: 2.4.44-22.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4041](https://access.redhat.com/security/cve/CVE-2020-12243)\nOpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP.", + "markdown": "**Vulnerability RHSA-2020:4041**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|2.4.44-22.el7|[]()|RHSA-2020:4041|[https://access.redhat.com/security/cve/CVE-2020-12243](OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2021:1389", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenLDAP is an open-source suite of Lightweight Di..." + }, + "fullDescription": { + "text": "OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-25692", + "help": { + "text": "Vulnerability RHSA-2021:1389\nSeverity: medium\nPackage: openldap\nFixed Version: 2.4.44-23.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1389](https://access.redhat.com/security/cve/CVE-2020-25692)\nOpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. ", + "markdown": "**Vulnerability RHSA-2021:1389**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|2.4.44-23.el7_9|[]()|RHSA-2021:1389|[https://access.redhat.com/security/cve/CVE-2020-25692](OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. )|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2022:0621", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenLDAP is an open-source suite of Lightweight Di..." + }, + "fullDescription": { + "text": "OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-25710", + "help": { + "text": "Vulnerability RHSA-2022:0621\nSeverity: medium\nPackage: openldap\nFixed Version: 2.4.44-25.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0621](https://access.redhat.com/security/cve/CVE-2020-25710)\nOpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. ", + "markdown": "**Vulnerability RHSA-2022:0621**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|2.4.44-25.el7_9|[]()|RHSA-2022:0621|[https://access.redhat.com/security/cve/CVE-2020-25710](OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. )|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36221", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An integer underflow was discovered in OpenLDAP be..." + }, + "fullDescription": { + "text": "An integer underflow was discovered in OpenLDAP before 2.4.57 leading to sl..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36221", + "help": { + "text": "Vulnerability CVE-2020-36221\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36221](https://access.redhat.com/security/cve/CVE-2020-36221)\nAn integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).", + "markdown": "**Vulnerability CVE-2020-36221**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36221|[https://access.redhat.com/security/cve/CVE-2020-36221](An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36222", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 le..." + }, + "fullDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion fai..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36222", + "help": { + "text": "Vulnerability CVE-2020-36222\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36222](https://access.redhat.com/security/cve/CVE-2020-36222)\nA flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.", + "markdown": "**Vulnerability CVE-2020-36222**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36222|[https://access.redhat.com/security/cve/CVE-2020-36222](A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36223", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 le..." + }, + "fullDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36223", + "help": { + "text": "Vulnerability CVE-2020-36223\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36223](https://access.redhat.com/security/cve/CVE-2020-36223)\nA flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).", + "markdown": "**Vulnerability CVE-2020-36223**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36223|[https://access.redhat.com/security/cve/CVE-2020-36223](A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36224", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 le..." + }, + "fullDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid point..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36224", + "help": { + "text": "Vulnerability CVE-2020-36224\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36224](https://access.redhat.com/security/cve/CVE-2020-36224)\nA flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.", + "markdown": "**Vulnerability CVE-2020-36224**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36224|[https://access.redhat.com/security/cve/CVE-2020-36224](A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36225", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 le..." + }, + "fullDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free an..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36225", + "help": { + "text": "Vulnerability CVE-2020-36225\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36225](https://access.redhat.com/security/cve/CVE-2020-36225)\nA flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.", + "markdown": "**Vulnerability CVE-2020-36225**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36225|[https://access.redhat.com/security/cve/CVE-2020-36225](A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36226", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 le..." + }, + "fullDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-\u0026gt;bv_len ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36226", + "help": { + "text": "Vulnerability CVE-2020-36226\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36226](https://access.redhat.com/security/cve/CVE-2020-36226)\nA flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-\u003ebv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.", + "markdown": "**Vulnerability CVE-2020-36226**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36226|[https://access.redhat.com/security/cve/CVE-2020-36226](A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-\u003ebv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36227", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 le..." + }, + "fullDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36227", + "help": { + "text": "Vulnerability CVE-2020-36227\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36227](https://access.redhat.com/security/cve/CVE-2020-36227)\nA flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.", + "markdown": "**Vulnerability CVE-2020-36227**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36227|[https://access.redhat.com/security/cve/CVE-2020-36227](A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36228", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An integer underflow was discovered in OpenLDAP be..." + }, + "fullDescription": { + "text": "An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36228", + "help": { + "text": "Vulnerability CVE-2020-36228\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36228](https://access.redhat.com/security/cve/CVE-2020-36228)\nAn integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.", + "markdown": "**Vulnerability CVE-2020-36228**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36228|[https://access.redhat.com/security/cve/CVE-2020-36228](An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36229", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in ldap_X509dn2bv in OpenLDA..." + }, + "fullDescription": { + "text": "A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading t..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36229", + "help": { + "text": "Vulnerability CVE-2020-36229\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36229](https://access.redhat.com/security/cve/CVE-2020-36229)\nA flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.", + "markdown": "**Vulnerability CVE-2020-36229**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36229|[https://access.redhat.com/security/cve/CVE-2020-36229](A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-36230", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 le..." + }, + "fullDescription": { + "text": "A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion fai..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-36230", + "help": { + "text": "Vulnerability CVE-2020-36230\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36230](https://access.redhat.com/security/cve/CVE-2020-36230)\nA flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.", + "markdown": "**Vulnerability CVE-2020-36230**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2020-36230|[https://access.redhat.com/security/cve/CVE-2020-36230](A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-27212", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1..." + }, + "fullDescription": { + "text": "In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failu..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-27212", + "help": { + "text": "Vulnerability CVE-2021-27212\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-27212](https://access.redhat.com/security/cve/CVE-2021-27212)\nIn OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.", + "markdown": "**Vulnerability CVE-2021-27212**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2021-27212|[https://access.redhat.com/security/cve/CVE-2021-27212](In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-29155", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6..." + }, + "fullDescription": { + "text": "In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulne..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-29155", + "help": { + "text": "Vulnerability CVE-2022-29155\nSeverity: medium\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-29155](https://access.redhat.com/security/cve/CVE-2022-29155)\nIn OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.", + "markdown": "**Vulnerability CVE-2022-29155**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openldap|any in centos 7.6.1810|[]()|CVE-2022-29155|[https://access.redhat.com/security/cve/CVE-2022-29155](In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-2953", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in openldap. This securi..." + }, + "fullDescription": { + "text": "A vulnerability was found in openldap. This security flaw causes a null poi..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-2953", + "help": { + "text": "Vulnerability CVE-2023-2953\nSeverity: low\nPackage: openldap\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2953](https://access.redhat.com/security/cve/CVE-2023-2953)\nA vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "markdown": "**Vulnerability CVE-2023-2953**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|openldap|any in centos 7.6.1810|[]()|CVE-2023-2953|[https://access.redhat.com/security/cve/CVE-2023-2953](A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2019:0483", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenSSL is a toolkit that implements the Secure So..." + }, + "fullDescription": { + "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Tra..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-0735", + "help": { + "text": "Vulnerability RHSA-2019:0483\nSeverity: medium\nPackage: openssl-libs\nFixed Version: 1:1.0.2k-16.el7_6.1\nExploit Available: [http://www.exploit-db.com/exploits/45785](http://www.exploit-db.com/exploits/45785)\nExploit Type: local\nLink: [RHSA-2019:0483](https://access.redhat.com/security/cve/CVE-2018-0735)\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.", + "markdown": "**Vulnerability RHSA-2019:0483**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openssl-libs|1:1.0.2k-16.el7_6.1|[http://www.exploit-db.com/exploits/45785](local)|RHSA-2019:0483|[https://access.redhat.com/security/cve/CVE-2018-0735](OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2022:1066", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenSSL is a toolkit that implements the Secure So..." + }, + "fullDescription": { + "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Tra..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-0778", + "help": { + "text": "Vulnerability RHSA-2022:1066\nSeverity: high\nPackage: openssl-libs\nFixed Version: 1:1.0.2k-25.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:1066](https://access.redhat.com/security/cve/CVE-2022-0778)\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.", + "markdown": "**Vulnerability RHSA-2022:1066**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|openssl-libs|1:1.0.2k-25.el7_9|[]()|RHSA-2022:1066|[https://access.redhat.com/security/cve/CVE-2022-0778](OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2020:5566", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenSSL is a toolkit that implements the Secure So..." + }, + "fullDescription": { + "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Tra..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-1971", + "help": { + "text": "Vulnerability RHSA-2020:5566\nSeverity: high\nPackage: openssl-libs\nFixed Version: 1:1.0.2k-21.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5566](https://access.redhat.com/security/cve/CVE-2020-1971)\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.", + "markdown": "**Vulnerability RHSA-2020:5566**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|openssl-libs|1:1.0.2k-21.el7_9|[]()|RHSA-2020:5566|[https://access.redhat.com/security/cve/CVE-2020-1971](OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2023:1335", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenSSL is a toolkit that implements the Secure So..." + }, + "fullDescription": { + "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Tra..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-0286", + "help": { + "text": "Vulnerability RHSA-2023:1335\nSeverity: high\nPackage: openssl-libs\nFixed Version: 1:1.0.2k-26.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1335](https://access.redhat.com/security/cve/CVE-2023-0286)\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.", + "markdown": "**Vulnerability RHSA-2023:1335**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|openssl-libs|1:1.0.2k-26.el7_9|[]()|RHSA-2023:1335|[https://access.redhat.com/security/cve/CVE-2023-0286](OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2021:3798", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenSSL is a toolkit that implements the Secure So..." + }, + "fullDescription": { + "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Tra..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-23840", + "help": { + "text": "Vulnerability RHSA-2021:3798\nSeverity: medium\nPackage: openssl-libs\nFixed Version: 1:1.0.2k-22.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3798](https://access.redhat.com/security/cve/CVE-2021-23840)\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.", + "markdown": "**Vulnerability RHSA-2021:3798**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openssl-libs|1:1.0.2k-22.el7_9|[]()|RHSA-2021:3798|[https://access.redhat.com/security/cve/CVE-2021-23840](OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2022:0064", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenSSL is a toolkit that implements the Secure So..." + }, + "fullDescription": { + "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Tra..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3712", + "help": { + "text": "Vulnerability RHSA-2022:0064\nSeverity: medium\nPackage: openssl-libs\nFixed Version: 1:1.0.2k-23.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0064](https://access.redhat.com/security/cve/CVE-2021-3712)\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.", + "markdown": "**Vulnerability RHSA-2022:0064**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openssl-libs|1:1.0.2k-23.el7_9|[]()|RHSA-2022:0064|[https://access.redhat.com/security/cve/CVE-2021-3712](OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-1292", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The c_rehash script does not properly sanitise she..." + }, + "fullDescription": { + "text": "The c_rehash script does not properly sanitise shell metacharacters to prev..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-1292", + "help": { + "text": "Vulnerability CVE-2022-1292\nSeverity: medium\nPackage: openssl-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1292](https://access.redhat.com/security/cve/CVE-2022-1292)\nThe c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).", + "markdown": "**Vulnerability CVE-2022-1292**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openssl-libs|any in centos 7.6.1810|[]()|CVE-2022-1292|[https://access.redhat.com/security/cve/CVE-2022-1292](The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-2068", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In addition to the c_rehash shell command injectio..." + }, + "fullDescription": { + "text": "In addition to the c_rehash shell command injection identified in CVE-2022-..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2068", + "help": { + "text": "Vulnerability CVE-2022-2068\nSeverity: medium\nPackage: openssl-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2068](https://access.redhat.com/security/cve/CVE-2022-2068)\nIn addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).", + "markdown": "**Vulnerability CVE-2022-2068**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openssl-libs|any in centos 7.6.1810|[]()|CVE-2022-2068|[https://access.redhat.com/security/cve/CVE-2022-2068](In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-4304", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A timing based side channel exists in the OpenSSL ..." + }, + "fullDescription": { + "text": "A timing based side channel exists in the OpenSSL RSA Decryption implementa..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-4304", + "help": { + "text": "Vulnerability CVE-2022-4304\nSeverity: medium\nPackage: openssl-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-4304](https://access.redhat.com/security/cve/CVE-2022-4304)\nA timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.\n\n", + "markdown": "**Vulnerability CVE-2022-4304**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openssl-libs|any in centos 7.6.1810|[]()|CVE-2022-4304|[https://access.redhat.com/security/cve/CVE-2022-4304](A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.\n\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-0215", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The public API function BIO_new_NDEF is a helper f..." + }, + "fullDescription": { + "text": "The public API function BIO_new_NDEF is a helper function used for streamin..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-0215", + "help": { + "text": "Vulnerability CVE-2023-0215\nSeverity: medium\nPackage: openssl-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-0215](https://access.redhat.com/security/cve/CVE-2023-0215)\nThe public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n", + "markdown": "**Vulnerability CVE-2023-0215**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openssl-libs|any in centos 7.6.1810|[]()|CVE-2023-0215|[https://access.redhat.com/security/cve/CVE-2023-0215](The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:2304", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenSSL is a toolkit that implements the Secure So..." + }, + "fullDescription": { + "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Tra..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-1559", + "help": { + "text": "Vulnerability RHSA-2019:2304\nSeverity: medium\nPackage: openssl-libs\nFixed Version: 1:1.0.2k-19.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2304](https://access.redhat.com/security/cve/CVE-2019-1559)\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.", + "markdown": "**Vulnerability RHSA-2019:2304**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|openssl-libs|1:1.0.2k-19.el7|[]()|RHSA-2019:2304|[https://access.redhat.com/security/cve/CVE-2019-1559](OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3601", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER...." + }, + "fullDescription": { + "text": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3601", + "help": { + "text": "Vulnerability CVE-2021-3601\nSeverity: low\nPackage: openssl-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3601](https://access.redhat.com/security/cve/CVE-2021-3601)\nRejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes: https://github.com/openssl/openssl/issues/5236#issuecomment-119646061", + "markdown": "**Vulnerability CVE-2021-3601**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|openssl-libs|any in centos 7.6.1810|[]()|CVE-2021-3601|[https://access.redhat.com/security/cve/CVE-2021-3601](Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes: https://github.com/openssl/openssl/issues/5236#issuecomment-119646061)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-3358", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "OpenSSL supports creating a custom cipher via the ..." + }, + "fullDescription": { + "text": "OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_ne..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-3358", + "help": { + "text": "Vulnerability CVE-2022-3358\nSeverity: low\nPackage: openssl-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-3358](https://access.redhat.com/security/cve/CVE-2022-3358)\nOpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).", + "markdown": "**Vulnerability CVE-2022-3358**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|openssl-libs|any in centos 7.6.1810|[]()|CVE-2022-3358|[https://access.redhat.com/security/cve/CVE-2022-3358](OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-6129", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Issue summary: The POLY1305 MAC (message authentic..." + }, + "fullDescription": { + "text": "Issue summary: The POLY1305 MAC (message authentication code) implementatio..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-6129", + "help": { + "text": "Vulnerability CVE-2023-6129\nSeverity: low\nPackage: openssl-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-6129](https://access.redhat.com/security/cve/CVE-2023-6129)\nIssue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.", + "markdown": "**Vulnerability CVE-2023-6129**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|openssl-libs|any in centos 7.6.1810|[]()|CVE-2023-6129|[https://access.redhat.com/security/cve/CVE-2023-6129](Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-39410", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "When deserializing untrusted or corrupted data, it..." + }, + "fullDescription": { + "text": "When deserializing untrusted or corrupted data, it is possible for a reader..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", + "help": { + "text": "Vulnerability CVE-2023-39410\nSeverity: high\nPackage: avro\nFixed Version: 1.11.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-39410](https://nvd.nist.gov/vuln/detail/CVE-2023-39410)\nWhen deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n", + "markdown": "**Vulnerability CVE-2023-39410**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|avro|1.11.3|[]()|CVE-2023-39410|[https://nvd.nist.gov/vuln/detail/CVE-2023-39410](When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-46364", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A SSRF vulnerability in parsing the href attribut..." + }, + "fullDescription": { + "text": "A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", + "help": { + "text": "Vulnerability CVE-2022-46364\nSeverity: critical\nPackage: cxf-core\nFixed Version: 3.4.10, 3.5.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-46364](https://nvd.nist.gov/vuln/detail/CVE-2022-46364)\nA SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. ", + "markdown": "**Vulnerability CVE-2022-46364**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|cxf-core|3.4.10, 3.5.5|[]()|CVE-2022-46364|[https://nvd.nist.gov/vuln/detail/CVE-2022-46364](A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. )|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2021-22696", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "CXF supports (via JwtRequestCodeFilter) passing OA..." + }, + "fullDescription": { + "text": "CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JW..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-22696", + "help": { + "text": "Vulnerability CVE-2021-22696\nSeverity: high\nPackage: cxf-rt-transports-http\nFixed Version: 3.3.10, 3.4.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22696](https://nvd.nist.gov/vuln/detail/CVE-2021-22696)\nCXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter. CXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.", + "markdown": "**Vulnerability CVE-2021-22696**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|cxf-rt-transports-http|3.3.10, 3.4.3|[]()|CVE-2021-22696|[https://nvd.nist.gov/vuln/detail/CVE-2021-22696](CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter. CXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-12423", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Apache CXF ships with a OpenId Connect JWK Keys se..." + }, + "fullDescription": { + "text": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a cli..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-12423", + "help": { + "text": "Vulnerability CVE-2019-12423\nSeverity: high\nPackage: cxf-core\nFixed Version: 3.2.12, 3.3.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12423](https://nvd.nist.gov/vuln/detail/CVE-2019-12423)\nApache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all.", + "markdown": "**Vulnerability CVE-2019-12423**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|cxf-core|3.2.12, 3.3.5|[]()|CVE-2019-12423|[https://nvd.nist.gov/vuln/detail/CVE-2019-12423](Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-46363", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A vulnerability in Apache CXF before versions 3.5...." + }, + "fullDescription": { + "text": "A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an at..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", + "help": { + "text": "Vulnerability CVE-2022-46363\nSeverity: high\nPackage: cxf-core\nFixed Version: 3.4.10, 3.5.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-46363](https://nvd.nist.gov/vuln/detail/CVE-2022-46363)\nA vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.\n\n", + "markdown": "**Vulnerability CVE-2022-46363**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|cxf-core|3.4.10, 3.5.5|[]()|CVE-2022-46363|[https://nvd.nist.gov/vuln/detail/CVE-2022-46363](A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.\n\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2017-5656", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Apache CXF\u0026#39;s STSClient before 3.1.11 and 3.0.13 us..." + }, + "fullDescription": { + "text": "Apache CXF\u0026#39;s STSClient before 3.1.11 and 3.0.13 uses a flawed way of cachin..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-5656", + "help": { + "text": "Vulnerability CVE-2017-5656\nSeverity: high\nPackage: cxf-rt-ws-security\nFixed Version: 3.0.14, 3.1.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-5656](https://nvd.nist.gov/vuln/detail/CVE-2017-5656)\nApache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.", + "markdown": "**Vulnerability CVE-2017-5656**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|cxf-rt-ws-security|3.0.14, 3.1.11|[]()|CVE-2017-5656|[https://nvd.nist.gov/vuln/detail/CVE-2017-5656](Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2018-8039", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "It is possible to configure Apache CXF to use the ..." + }, + "fullDescription": { + "text": "It is possible to configure Apache CXF to use the com.sun.net.ssl implement..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", + "help": { + "text": "Vulnerability CVE-2018-8039\nSeverity: high\nPackage: cxf-rt-transports-http\nFixed Version: 3.1.16, 3.2.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-8039](https://nvd.nist.gov/vuln/detail/CVE-2018-8039)\nIt is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.", + "markdown": "**Vulnerability CVE-2018-8039**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|cxf-rt-transports-http|3.1.16, 3.2.5|[]()|CVE-2018-8039|[https://nvd.nist.gov/vuln/detail/CVE-2018-8039](It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-8739", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The JAX-RS module in Apache CXF prior to 3.0.12 an..." + }, + "fullDescription": { + "text": "The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 pr..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-8739", + "help": { + "text": "Vulnerability CVE-2016-8739\nSeverity: high\nPackage: cxf-core\nFixed Version: 3.0.12, 3.1.9\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-8739](https://nvd.nist.gov/vuln/detail/CVE-2016-8739)\nThe JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.", + "markdown": "**Vulnerability CVE-2016-8739**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|cxf-core|3.0.12, 3.1.9|[]()|CVE-2016-8739|[https://nvd.nist.gov/vuln/detail/CVE-2016-8739](The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-6812", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The HTTP transport module in Apache CXF prior to 3..." + }, + "fullDescription": { + "text": "The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-6812", + "help": { + "text": "Vulnerability CVE-2016-6812\nSeverity: medium\nPackage: cxf-rt-transports-http\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6812](https://nvd.nist.gov/vuln/detail/CVE-2016-6812)\nThe HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.", + "markdown": "**Vulnerability CVE-2016-6812**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|cxf-rt-transports-http||[]()|CVE-2016-6812|[https://nvd.nist.gov/vuln/detail/CVE-2016-6812](The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2015-5253", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The SAML Web SSO module in Apache CXF before 2.7.1..." + }, + "fullDescription": { + "text": "The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, an..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-5253", + "help": { + "text": "Vulnerability CVE-2015-5253\nSeverity: medium\nPackage: cxf-core\nFixed Version: 2.7.18, 3.0.7, 3.1.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-5253](https://nvd.nist.gov/vuln/detail/CVE-2015-5253)\nThe SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a \"wrapping attack.\"", + "markdown": "**Vulnerability CVE-2015-5253**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|cxf-core|2.7.18, 3.0.7, 3.1.3|[]()|CVE-2015-5253|[https://nvd.nist.gov/vuln/detail/CVE-2015-5253](The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a \"wrapping attack.\")|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2017-12624", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Apache CXF supports sending and receiving attachme..." + }, + "fullDescription": { + "text": "Apache CXF supports sending and receiving attachments via either the JAX-WS..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-12624", + "help": { + "text": "Vulnerability CVE-2017-12624\nSeverity: medium\nPackage: cxf-core\nFixed Version: 3.1.14, 3.2.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-12624](https://nvd.nist.gov/vuln/detail/CVE-2017-12624)\nApache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property \"attachment-max-header-size\".", + "markdown": "**Vulnerability CVE-2017-12624**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|cxf-core|3.1.14, 3.2.1|[]()|CVE-2017-12624|[https://nvd.nist.gov/vuln/detail/CVE-2017-12624](Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property \"attachment-max-header-size\".)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-13954", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "By default, Apache CXF creates a /services page co..." + }, + "fullDescription": { + "text": "By default, Apache CXF creates a /services page containing a listing of the..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-13954", + "help": { + "text": "Vulnerability CVE-2020-13954\nSeverity: medium\nPackage: cxf-rt-transports-http\nFixed Version: 3.3.8, 3.4.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13954](https://nvd.nist.gov/vuln/detail/CVE-2020-13954)\nBy default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.", + "markdown": "**Vulnerability CVE-2020-13954**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|cxf-rt-transports-http|3.3.8, 3.4.1|[]()|CVE-2020-13954|[https://nvd.nist.gov/vuln/detail/CVE-2020-13954](By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2017-5653", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "JAX-RS XML Security streaming clients in Apache CX..." + }, + "fullDescription": { + "text": "JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.1..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-5653", + "help": { + "text": "Vulnerability CVE-2017-5653\nSeverity: medium\nPackage: cxf-core\nFixed Version: 3.0.13, 3.1.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-5653](https://nvd.nist.gov/vuln/detail/CVE-2017-5653)\nJAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.", + "markdown": "**Vulnerability CVE-2017-5653**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|cxf-core|3.0.13, 3.1.11|[]()|CVE-2017-5653|[https://nvd.nist.gov/vuln/detail/CVE-2017-5653](JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-1954", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Apache CXF has the ability to integrate with JMX b..." + }, + "fullDescription": { + "text": "Apache CXF has the ability to integrate with JMX by registering an Instrume..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954", + "help": { + "text": "Vulnerability CVE-2020-1954\nSeverity: medium\nPackage: cxf-rt-management\nFixed Version: 3.2.13, 3.3.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1954](https://nvd.nist.gov/vuln/detail/CVE-2020-1954)\nApache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.", + "markdown": "**Vulnerability CVE-2020-1954**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|cxf-rt-management|3.2.13, 3.3.6|[]()|CVE-2020-1954|[https://nvd.nist.gov/vuln/detail/CVE-2020-1954](Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2019-17573", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "By default, Apache CXF creates a /services page co..." + }, + "fullDescription": { + "text": "By default, Apache CXF creates a /services page containing a listing of the..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573", + "help": { + "text": "Vulnerability CVE-2019-17573\nSeverity: medium\nPackage: cxf-rt-transports-http\nFixed Version: 3.2.12, 3.3.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-17573](https://nvd.nist.gov/vuln/detail/CVE-2019-17573)\nBy default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.", + "markdown": "**Vulnerability CVE-2019-17573**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|cxf-rt-transports-http|3.2.12, 3.3.5|[]()|CVE-2019-17573|[https://nvd.nist.gov/vuln/detail/CVE-2019-17573](By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-13956", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Apache HttpClient versions prior to version 4.5.13..." + }, + "fullDescription": { + "text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpr..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", + "help": { + "text": "Vulnerability CVE-2020-13956\nSeverity: medium\nPackage: httpclient\nFixed Version: 4.5.13, 5.0.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13956](https://nvd.nist.gov/vuln/detail/CVE-2020-13956)\nApache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "markdown": "**Vulnerability CVE-2020-13956**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|httpclient|4.5.13, 5.0.3|[]()|CVE-2020-13956|[https://nvd.nist.gov/vuln/detail/CVE-2020-13956](Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-45787", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Unproper laxist permissions on the temporary files..." + }, + "fullDescription": { + "text": "Unproper laxist permissions on the temporary files used by MIME4J TempFileS..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-45787", + "help": { + "text": "Vulnerability CVE-2022-45787\nSeverity: medium\nPackage: apache-mime4j\nFixed Version: 0.8.9\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45787](https://nvd.nist.gov/vuln/detail/CVE-2022-45787)\nUnproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\n\nWe recommend users to upgrade to MIME4j version 0.8.9 or later.\n", + "markdown": "**Vulnerability CVE-2022-45787**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|apache-mime4j|0.8.9|[]()|CVE-2022-45787|[https://nvd.nist.gov/vuln/detail/CVE-2022-45787](Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\n\nWe recommend users to upgrade to MIME4j version 0.8.9 or later.\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2018-17187", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The Apache Qpid Proton-J transport includes an opt..." + }, + "fullDescription": { + "text": "The Apache Qpid Proton-J transport includes an optional wrapper layer to pe..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-17187", + "help": { + "text": "Vulnerability CVE-2018-17187\nSeverity: high\nPackage: proton-api\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-17187](https://nvd.nist.gov/vuln/detail/CVE-2018-17187)\nThe Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.", + "markdown": "**Vulnerability CVE-2018-17187**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|proton-api||[]()|CVE-2018-17187|[https://nvd.nist.gov/vuln/detail/CVE-2018-17187](The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2021-40690", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "All versions of Apache Santuario - XML Security fo..." + }, + "fullDescription": { + "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690", + "help": { + "text": "Vulnerability CVE-2021-40690\nSeverity: high\nPackage: xmlsec\nFixed Version: 2.1.7, 2.2.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-40690](https://nvd.nist.gov/vuln/detail/CVE-2021-40690)\nAll versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.", + "markdown": "**Vulnerability CVE-2021-40690**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|xmlsec|2.1.7, 2.2.3|[]()|CVE-2021-40690|[https://nvd.nist.gov/vuln/detail/CVE-2021-40690](All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-12400", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In version 2.0.3 Apache Santuario XML Security for..." + }, + "fullDescription": { + "text": "In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanis..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-12400", + "help": { + "text": "Vulnerability CVE-2019-12400\nSeverity: medium\nPackage: xmlsec\nFixed Version: 2.1.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12400](https://nvd.nist.gov/vuln/detail/CVE-2019-12400)\nIn version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.", + "markdown": "**Vulnerability CVE-2019-12400**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|xmlsec|2.1.4|[]()|CVE-2019-12400|[https://nvd.nist.gov/vuln/detail/CVE-2019-12400](In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-44483", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "All versions of Apache Santuario - XML Security fo..." + }, + "fullDescription": { + "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2...." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", + "help": { + "text": "Vulnerability CVE-2023-44483\nSeverity: medium\nPackage: xmlsec\nFixed Version: 2.2.6, 2.3.4, 3.0.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-44483](https://nvd.nist.gov/vuln/detail/CVE-2023-44483)\nAll versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", + "markdown": "**Vulnerability CVE-2023-44483**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|xmlsec|2.2.6, 2.3.4, 3.0.3|[]()|CVE-2023-44483|[https://nvd.nist.gov/vuln/detail/CVE-2023-44483](All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-13936", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "An attacker that is able to modify Velocity templa..." + }, + "fullDescription": { + "text": "An attacker that is able to modify Velocity templates may execute arbitrary..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936", + "help": { + "text": "Vulnerability CVE-2020-13936\nSeverity: high\nPackage: velocity\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13936](https://nvd.nist.gov/vuln/detail/CVE-2020-13936)\nAn attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.", + "markdown": "**Vulnerability CVE-2020-13936**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|velocity||[]()|CVE-2020-13936|[https://nvd.nist.gov/vuln/detail/CVE-2020-13936](An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2015-0226", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 ..." + }, + "fullDescription": { + "text": "Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks informat..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-0226", + "help": { + "text": "Vulnerability CVE-2015-0226\nSeverity: high\nPackage: wss4j-ws-security-dom\nFixed Version: 2.02\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-0226](https://nvd.nist.gov/vuln/detail/CVE-2015-0226)\nApache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.", + "markdown": "**Vulnerability CVE-2015-0226**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|wss4j-ws-security-dom|2.02|[]()|CVE-2015-0226|[https://nvd.nist.gov/vuln/detail/CVE-2015-0226](Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-33202", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Bouncy Castle for Java before 1.73 contains a pote..." + }, + "fullDescription": { + "text": "Bouncy Castle for Java before 1.73 contains a potential Denial of Service (..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-33202", + "help": { + "text": "Vulnerability CVE-2023-33202\nSeverity: medium\nPackage: bcprov-jdk15on\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-33202](https://nvd.nist.gov/vuln/detail/CVE-2023-33202)\nBouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)", + "markdown": "**Vulnerability CVE-2023-33202**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bcprov-jdk15on||[]()|CVE-2023-33202|[https://nvd.nist.gov/vuln/detail/CVE-2023-33202](Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.))|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-1000352", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and..." + }, + "fullDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implem..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000352", + "help": { + "text": "Vulnerability CVE-2016-1000352\nSeverity: high\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000352](https://nvd.nist.gov/vuln/detail/CVE-2016-1000352)\nIn the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.", + "markdown": "**Vulnerability CVE-2016-1000352**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bcprov-jdk15on|1.56|[]()|CVE-2016-1000352|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000352](In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-1000338", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In Bouncy Castle JCE Provider version 1.55 and ear..." + }, + "fullDescription": { + "text": "In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not ful..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000338", + "help": { + "text": "Vulnerability CVE-2016-1000338\nSeverity: high\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000338](https://nvd.nist.gov/vuln/detail/CVE-2016-1000338)\nIn Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.", + "markdown": "**Vulnerability CVE-2016-1000338**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bcprov-jdk15on|1.56|[]()|CVE-2016-1000338|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000338](In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-1000342", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and..." + }, + "fullDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not f..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000342", + "help": { + "text": "Vulnerability CVE-2016-1000342\nSeverity: high\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000342](https://nvd.nist.gov/vuln/detail/CVE-2016-1000342)\nIn the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.", + "markdown": "**Vulnerability CVE-2016-1000342**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bcprov-jdk15on|1.56|[]()|CVE-2016-1000342|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000342](In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-1000344", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and..." + }, + "fullDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implem..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000344", + "help": { + "text": "Vulnerability CVE-2016-1000344\nSeverity: high\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000344](https://nvd.nist.gov/vuln/detail/CVE-2016-1000344)\nIn the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.", + "markdown": "**Vulnerability CVE-2016-1000344**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bcprov-jdk15on|1.56|[]()|CVE-2016-1000344|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000344](In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-1000340", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In the Bouncy Castle JCE Provider versions 1.51 to..." + }, + "fullDescription": { + "text": "In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagatio..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000340", + "help": { + "text": "Vulnerability CVE-2016-1000340\nSeverity: high\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000340](https://nvd.nist.gov/vuln/detail/CVE-2016-1000340)\nIn the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.", + "markdown": "**Vulnerability CVE-2016-1000340**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bcprov-jdk15on|1.56|[]()|CVE-2016-1000340|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000340](In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-1000343", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and..." + }, + "fullDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000343", + "help": { + "text": "Vulnerability CVE-2016-1000343\nSeverity: high\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000343](https://nvd.nist.gov/vuln/detail/CVE-2016-1000343)\nIn the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.", + "markdown": "**Vulnerability CVE-2016-1000343**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|bcprov-jdk15on|1.56|[]()|CVE-2016-1000343|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000343](In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-1000339", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and..." + }, + "fullDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engi..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000339", + "help": { + "text": "Vulnerability CVE-2016-1000339\nSeverity: medium\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000339](https://nvd.nist.gov/vuln/detail/CVE-2016-1000339)\nIn the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.", + "markdown": "**Vulnerability CVE-2016-1000339**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bcprov-jdk15on|1.56|[]()|CVE-2016-1000339|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000339](In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-1000341", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and..." + }, + "fullDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature ge..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000341", + "help": { + "text": "Vulnerability CVE-2016-1000341\nSeverity: medium\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000341](https://nvd.nist.gov/vuln/detail/CVE-2016-1000341)\nIn the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.", + "markdown": "**Vulnerability CVE-2016-1000341**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bcprov-jdk15on|1.56|[]()|CVE-2016-1000341|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000341](In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-15522", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Bouncy Castle BC Java before 1.66, BC C# .NET befo..." + }, + "fullDescription": { + "text": "Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-15522", + "help": { + "text": "Vulnerability CVE-2020-15522\nSeverity: medium\nPackage: bcprov-jdk15on\nFixed Version: 1.66\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-15522](https://nvd.nist.gov/vuln/detail/CVE-2020-15522)\nBouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.", + "markdown": "**Vulnerability CVE-2020-15522**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bcprov-jdk15on|1.66|[]()|CVE-2020-15522|[https://nvd.nist.gov/vuln/detail/CVE-2020-15522](Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-26939", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In Legion of the Bouncy Castle BC before 1.61 and ..." + }, + "fullDescription": { + "text": "In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, at..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-26939", + "help": { + "text": "Vulnerability CVE-2020-26939\nSeverity: medium\nPackage: bcprov-jdk15on\nFixed Version: 1.61\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-26939](https://nvd.nist.gov/vuln/detail/CVE-2020-26939)\nIn Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.", + "markdown": "**Vulnerability CVE-2020-26939**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bcprov-jdk15on|1.61|[]()|CVE-2020-26939|[https://nvd.nist.gov/vuln/detail/CVE-2020-26939](In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-33201", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Bouncy Castle For Java before 1.74 is affected by ..." + }, + "fullDescription": { + "text": "Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnera..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", + "help": { + "text": "Vulnerability CVE-2023-33201\nSeverity: medium\nPackage: bcprov-jdk15on\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-33201](https://nvd.nist.gov/vuln/detail/CVE-2023-33201)\nBouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.", + "markdown": "**Vulnerability CVE-2023-33201**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bcprov-jdk15on||[]()|CVE-2023-33201|[https://nvd.nist.gov/vuln/detail/CVE-2023-33201](Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-1000345", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and..." + }, + "fullDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000345", + "help": { + "text": "Vulnerability CVE-2016-1000345\nSeverity: medium\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000345](https://nvd.nist.gov/vuln/detail/CVE-2016-1000345)\nIn the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.", + "markdown": "**Vulnerability CVE-2016-1000345**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|bcprov-jdk15on|1.56|[]()|CVE-2016-1000345|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000345](In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2015-6644", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Bouncy Castle in Android before 5.1.1 LMY49F and 6..." + }, + "fullDescription": { + "text": "Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allo..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-6644", + "help": { + "text": "Vulnerability CVE-2015-6644\nSeverity: low\nPackage: bcprov-jdk15on\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-6644](https://nvd.nist.gov/vuln/detail/CVE-2015-6644)\nBouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.", + "markdown": "**Vulnerability CVE-2015-6644**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|bcprov-jdk15on||[]()|CVE-2015-6644|[https://nvd.nist.gov/vuln/detail/CVE-2015-6644](Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2016-1000346", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and..." + }, + "fullDescription": { + "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the other party ..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000346", + "help": { + "text": "Vulnerability CVE-2016-1000346\nSeverity: low\nPackage: bcprov-jdk15on\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000346](https://nvd.nist.gov/vuln/detail/CVE-2016-1000346)\nIn the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.", + "markdown": "**Vulnerability CVE-2016-1000346**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|bcprov-jdk15on|1.56|[]()|CVE-2016-1000346|[https://nvd.nist.gov/vuln/detail/CVE-2016-1000346](In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2019-10202", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A series of deserialization vulnerabilities have b..." + }, + "fullDescription": { + "text": "A series of deserialization vulnerabilities have been discovered in Codehau..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-10202", + "help": { + "text": "Vulnerability CVE-2019-10202\nSeverity: critical\nPackage: jackson-mapper-asl\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10202](https://nvd.nist.gov/vuln/detail/CVE-2019-10202)\nA series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.", + "markdown": "**Vulnerability CVE-2019-10202**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jackson-mapper-asl||[]()|CVE-2019-10202|[https://nvd.nist.gov/vuln/detail/CVE-2019-10202](A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2019-10172", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in org.codehaus.jackson:jackson-m..." + }, + "fullDescription": { + "text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172", + "help": { + "text": "Vulnerability CVE-2019-10172\nSeverity: high\nPackage: jackson-mapper-asl\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10172](https://nvd.nist.gov/vuln/detail/CVE-2019-10172)\nA flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.", + "markdown": "**Vulnerability CVE-2019-10172**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jackson-mapper-asl||[]()|CVE-2019-10172|[https://nvd.nist.gov/vuln/detail/CVE-2019-10172](A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-40149", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Those using Jettison to parse untrusted XML or JSO..." + }, + "fullDescription": { + "text": "Those using Jettison to parse untrusted XML or JSON data may be vulnerable ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", + "help": { + "text": "Vulnerability CVE-2022-40149\nSeverity: high\nPackage: jettison\nFixed Version: 1.5.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40149](https://nvd.nist.gov/vuln/detail/CVE-2022-40149)\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.", + "markdown": "**Vulnerability CVE-2022-40149**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jettison|1.5.1|[]()|CVE-2022-40149|[https://nvd.nist.gov/vuln/detail/CVE-2022-40149](Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-40150", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Those using Jettison to parse untrusted XML or JSO..." + }, + "fullDescription": { + "text": "Those using Jettison to parse untrusted XML or JSON data may be vulnerable ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", + "help": { + "text": "Vulnerability CVE-2022-40150\nSeverity: high\nPackage: jettison\nFixed Version: 1.5.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40150](https://nvd.nist.gov/vuln/detail/CVE-2022-40150)\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.", + "markdown": "**Vulnerability CVE-2022-40150**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jettison|1.5.2|[]()|CVE-2022-40150|[https://nvd.nist.gov/vuln/detail/CVE-2022-40150](Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-45685", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A stack overflow in Jettison before v1.5.2 allows ..." + }, + "fullDescription": { + "text": "A stack overflow in Jettison before v1.5.2 allows attackers to cause a Deni..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-45685", + "help": { + "text": "Vulnerability CVE-2022-45685\nSeverity: high\nPackage: jettison\nFixed Version: 1.5.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45685](https://nvd.nist.gov/vuln/detail/CVE-2022-45685)\nA stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.", + "markdown": "**Vulnerability CVE-2022-45685**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jettison|1.5.2|[]()|CVE-2022-45685|[https://nvd.nist.gov/vuln/detail/CVE-2022-45685](A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-45693", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Jettison before v1.5.2 was discovered to contain a..." + }, + "fullDescription": { + "text": "Jettison before v1.5.2 was discovered to contain a stack overflow via the m..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", + "help": { + "text": "Vulnerability CVE-2022-45693\nSeverity: high\nPackage: jettison\nFixed Version: 1.5.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45693](https://nvd.nist.gov/vuln/detail/CVE-2022-45693)\nJettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.", + "markdown": "**Vulnerability CVE-2022-45693**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jettison|1.5.2|[]()|CVE-2022-45693|[https://nvd.nist.gov/vuln/detail/CVE-2022-45693](Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-1436", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "An infinite recursion is triggered in Jettison whe..." + }, + "fullDescription": { + "text": "An infinite recursion is triggered in Jettison when constructing a JSONArra..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", + "help": { + "text": "Vulnerability CVE-2023-1436\nSeverity: high\nPackage: jettison\nFixed Version: 1.5.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-1436](https://nvd.nist.gov/vuln/detail/CVE-2023-1436)\nAn infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\n\n", + "markdown": "**Vulnerability CVE-2023-1436**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jettison|1.5.4|[]()|CVE-2023-1436|[https://nvd.nist.gov/vuln/detail/CVE-2023-1436](An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\n\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2013-2035", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Race condition in hawtjni-runtime/src/main/java/or..." + }, + "fullDescription": { + "text": "Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runt..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", + "help": { + "text": "Vulnerability CVE-2013-2035\nSeverity: medium\nPackage: jansi\nFixed Version: 1.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2013-2035](https://nvd.nist.gov/vuln/detail/CVE-2013-2035)\nRace condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.", + "markdown": "**Vulnerability CVE-2013-2035**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jansi|1.11|[]()|CVE-2013-2035|[https://nvd.nist.gov/vuln/detail/CVE-2013-2035](Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-25638", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in hibernate-core in versions pri..." + }, + "fullDescription": { + "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.2..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638", + "help": { + "text": "Vulnerability CVE-2020-25638\nSeverity: high\nPackage: hibernate-core\nFixed Version: 5.3.20.Final, 5.4.24.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-25638](https://nvd.nist.gov/vuln/detail/CVE-2020-25638)\nA flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "markdown": "**Vulnerability CVE-2020-25638**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|hibernate-core|5.3.20.Final, 5.4.24.Final|[]()|CVE-2020-25638|[https://nvd.nist.gov/vuln/detail/CVE-2020-25638](A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-14900", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Hibernate ORM in versions befo..." + }, + "fullDescription": { + "text": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", + "help": { + "text": "Vulnerability CVE-2019-14900\nSeverity: medium\nPackage: hibernate-core\nFixed Version: 5.3.18, 5.4.18, 5.5.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900)\nA flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "markdown": "**Vulnerability CVE-2019-14900**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|hibernate-core|5.3.18, 5.4.18, 5.5.0.Beta1|[]()|CVE-2019-14900|[https://nvd.nist.gov/vuln/detail/CVE-2019-14900](A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-10693", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Hibernate Validator version 6...." + }, + "fullDescription": { + "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the m..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", + "help": { + "text": "Vulnerability CVE-2020-10693\nSeverity: medium\nPackage: hibernate-validator\nFixed Version: 6.0.20.Final, 6.1.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10693](https://nvd.nist.gov/vuln/detail/CVE-2020-10693)\nA flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", + "markdown": "**Vulnerability CVE-2020-10693**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|hibernate-validator|6.0.20.Final, 6.1.5.Final|[]()|CVE-2020-10693|[https://nvd.nist.gov/vuln/detail/CVE-2020-10693](A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2019-10219", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in Hibernate-Validator. ..." + }, + "fullDescription": { + "text": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator an..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219", + "help": { + "text": "Vulnerability CVE-2019-10219\nSeverity: medium\nPackage: hibernate-validator\nFixed Version: 6.0.18.Final, 6.1.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10219](https://nvd.nist.gov/vuln/detail/CVE-2019-10219)\nA vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.", + "markdown": "**Vulnerability CVE-2019-10219**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|hibernate-validator|6.0.18.Final, 6.1.0.Final|[]()|CVE-2019-10219|[https://nvd.nist.gov/vuln/detail/CVE-2019-10219](A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2017-15089", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "It was found that the Hotrod client in Infinispan ..." + }, + "fullDescription": { + "text": "It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would un..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-15089", + "help": { + "text": "Vulnerability CVE-2017-15089\nSeverity: high\nPackage: infinispan-core\nFixed Version: 9.2.0.CR1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-15089](https://nvd.nist.gov/vuln/detail/CVE-2017-15089)\nIt was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.", + "markdown": "**Vulnerability CVE-2017-15089**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|infinispan-core|9.2.0.CR1|[]()|CVE-2017-15089|[https://nvd.nist.gov/vuln/detail/CVE-2017-15089](It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-0750", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The hotrod java client in infinispan before 9.1.0...." + }, + "fullDescription": { + "text": "The hotrod java client in infinispan before 9.1.0.Final automatically deser..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-0750", + "help": { + "text": "Vulnerability CVE-2016-0750\nSeverity: high\nPackage: infinispan-client-hotrod\nFixed Version: 9.1.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-0750](https://nvd.nist.gov/vuln/detail/CVE-2016-0750)\nThe hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.", + "markdown": "**Vulnerability CVE-2016-0750**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|infinispan-client-hotrod|9.1.0.Final|[]()|CVE-2016-0750|[https://nvd.nist.gov/vuln/detail/CVE-2016-0750](The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-10174", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in Infinispan such that ..." + }, + "fullDescription": { + "text": "A vulnerability was found in Infinispan such that the invokeAccessibly meth..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174", + "help": { + "text": "Vulnerability CVE-2019-10174\nSeverity: high\nPackage: infinispan-core\nFixed Version: 8.2.12.Final, 9.4.17.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10174](https://nvd.nist.gov/vuln/detail/CVE-2019-10174)\nA vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.", + "markdown": "**Vulnerability CVE-2019-10174**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|infinispan-core|8.2.12.Final, 9.4.17.Final|[]()|CVE-2019-10174|[https://nvd.nist.gov/vuln/detail/CVE-2019-10174](A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-10158", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Infinispan through version 9.4..." + }, + "fullDescription": { + "text": "A flaw was found in Infinispan through version 9.4.14.Final. An improper im..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-10158", + "help": { + "text": "Vulnerability CVE-2019-10158\nSeverity: critical\nPackage: infinispan-core\nFixed Version: 9.4.15.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10158](https://nvd.nist.gov/vuln/detail/CVE-2019-10158)\nA flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.", + "markdown": "**Vulnerability CVE-2019-10158**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|infinispan-core|9.4.15.Final|[]()|CVE-2019-10158|[https://nvd.nist.gov/vuln/detail/CVE-2019-10158](A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2020-25711", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in infinispan 10 REST API, where ..." + }, + "fullDescription": { + "text": "A flaw was found in infinispan 10 REST API, where authorization permissions..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-25711", + "help": { + "text": "Vulnerability CVE-2020-25711\nSeverity: medium\nPackage: infinispan-core\nFixed Version: 11.0.6.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-25711](https://nvd.nist.gov/vuln/detail/CVE-2020-25711)\nA flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.", + "markdown": "**Vulnerability CVE-2020-25711**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|infinispan-core|11.0.6.Final|[]()|CVE-2020-25711|[https://nvd.nist.gov/vuln/detail/CVE-2020-25711](A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2014-9970", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "jasypt before 1.9.2 allows a timing attack against..." + }, + "fullDescription": { + "text": "jasypt before 1.9.2 allows a timing attack against the password hash compar..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970", + "help": { + "text": "Vulnerability CVE-2014-9970\nSeverity: high\nPackage: jasypt\nFixed Version: 1.9.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-9970](https://nvd.nist.gov/vuln/detail/CVE-2014-9970)\njasypt before 1.9.2 allows a timing attack against the password hash comparison.", + "markdown": "**Vulnerability CVE-2014-9970**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jasypt|1.9.2|[]()|CVE-2014-9970|[https://nvd.nist.gov/vuln/detail/CVE-2014-9970](jasypt before 1.9.2 allows a timing attack against the password hash comparison.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2024-1102", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in jberet-core logging. ..." + }, + "fullDescription": { + "text": "A vulnerability was found in jberet-core logging. An exception in \u0026#39;dbProper..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2024-1102", + "help": { + "text": "Vulnerability CVE-2024-1102\nSeverity: medium\nPackage: jberet-core\nFixed Version: 2.2.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-1102](https://nvd.nist.gov/vuln/detail/CVE-2024-1102)\nA vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.", + "markdown": "**Vulnerability CVE-2024-1102**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jberet-core|2.2.1.Final|[]()|CVE-2024-1102|[https://nvd.nist.gov/vuln/detail/CVE-2024-1102](A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-20250", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in wildfly. The JBoss EJB client ..." + }, + "fullDescription": { + "text": "A flaw was found in wildfly. The JBoss EJB client has publicly accessible p..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-20250", + "help": { + "text": "Vulnerability CVE-2021-20250\nSeverity: medium\nPackage: jboss-ejb-client\nFixed Version: 4.0.39\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20250](https://nvd.nist.gov/vuln/detail/CVE-2021-20250)\nA flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.", + "markdown": "**Vulnerability CVE-2021-20250**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jboss-ejb-client|4.0.39|[]()|CVE-2021-20250|[https://nvd.nist.gov/vuln/detail/CVE-2021-20250](A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-14297", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was discovered in Wildfly\u0026#39;s EJB Client as s..." + }, + "fullDescription": { + "text": "A flaw was discovered in Wildfly\u0026#39;s EJB Client as shipped with Red Hat JBoss..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", + "help": { + "text": "Vulnerability CVE-2020-14297\nSeverity: medium\nPackage: jboss-ejb-client\nFixed Version: 4.0.34.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-14297](https://nvd.nist.gov/vuln/detail/CVE-2020-14297)\nA flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.", + "markdown": "**Vulnerability CVE-2020-14297**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jboss-ejb-client|4.0.34.Final|[]()|CVE-2020-14297|[https://nvd.nist.gov/vuln/detail/CVE-2020-14297](A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-35510", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in jboss-remoting in versions bef..." + }, + "fullDescription": { + "text": "A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-000..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510", + "help": { + "text": "Vulnerability CVE-2020-35510\nSeverity: medium\nPackage: jboss-remoting\nFixed Version: 5.0.20.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35510](https://nvd.nist.gov/vuln/detail/CVE-2020-35510)\nA flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.", + "markdown": "**Vulnerability CVE-2020-35510**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jboss-remoting|5.0.20.Final|[]()|CVE-2020-35510|[https://nvd.nist.gov/vuln/detail/CVE-2020-35510](A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-1695", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in all resteasy 3.x.x versions pr..." + }, + "fullDescription": { + "text": "A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and a..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", + "help": { + "text": "Vulnerability CVE-2020-1695\nSeverity: high\nPackage: resteasy-jaxrs\nFixed Version: 3.11.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1695](https://nvd.nist.gov/vuln/detail/CVE-2020-1695)\nA flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", + "markdown": "**Vulnerability CVE-2020-1695**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|resteasy-jaxrs|3.11.0.Final|[]()|CVE-2020-1695|[https://nvd.nist.gov/vuln/detail/CVE-2020-1695](A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-25633", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in RESTEasy client in all version..." + }, + "fullDescription": { + "text": "A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633", + "help": { + "text": "Vulnerability CVE-2020-25633\nSeverity: medium\nPackage: resteasy-jaxrs\nFixed Version: 3.14.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-25633](https://nvd.nist.gov/vuln/detail/CVE-2020-25633)\nA flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.", + "markdown": "**Vulnerability CVE-2020-25633**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|resteasy-jaxrs|3.14.0.Final|[]()|CVE-2020-25633|[https://nvd.nist.gov/vuln/detail/CVE-2020-25633](A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-20289", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in RESTEasy in all versions of RE..." + }, + "fullDescription": { + "text": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final...." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289", + "help": { + "text": "Vulnerability CVE-2021-20289\nSeverity: medium\nPackage: resteasy-jaxrs\nFixed Version: 3.11.5.Final, 3.15.2.Final, 4.5.10.Final, 4.7.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20289](https://nvd.nist.gov/vuln/detail/CVE-2021-20289)\nA flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.", + "markdown": "**Vulnerability CVE-2021-20289**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|resteasy-jaxrs|3.11.5.Final, 3.15.2.Final, 4.5.10.Final, 4.7.0.Final|[]()|CVE-2021-20289|[https://nvd.nist.gov/vuln/detail/CVE-2021-20289](A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-6345", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "RESTEasy allows remote authenticated users to obta..." + }, + "fullDescription": { + "text": "RESTEasy allows remote authenticated users to obtain sensitive information ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-6345", + "help": { + "text": "Vulnerability CVE-2016-6345\nSeverity: medium\nPackage: resteasy-client\nFixed Version: 3.0.20.Final, 3.1.0.CR1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6345](https://nvd.nist.gov/vuln/detail/CVE-2016-6345)\nRESTEasy allows remote authenticated users to obtain sensitive information by leveraging \"insufficient use of random values\" in async jobs.", + "markdown": "**Vulnerability CVE-2016-6345**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|resteasy-client|3.0.20.Final, 3.1.0.CR1|[]()|CVE-2016-6345|[https://nvd.nist.gov/vuln/detail/CVE-2016-6345](RESTEasy allows remote authenticated users to obtain sensitive information by leveraging \"insufficient use of random values\" in async jobs.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-6347", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Cross-site scripting (XSS) vulnerability in the de..." + }, + "fullDescription": { + "text": "Cross-site scripting (XSS) vulnerability in the default exception handler i..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-6347", + "help": { + "text": "Vulnerability CVE-2016-6347\nSeverity: medium\nPackage: resteasy-jaxrs\nFixed Version: 3.1.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6347](https://nvd.nist.gov/vuln/detail/CVE-2016-6347)\nCross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", + "markdown": "**Vulnerability CVE-2016-6347**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|resteasy-jaxrs|3.1.0.Final|[]()|CVE-2016-6347|[https://nvd.nist.gov/vuln/detail/CVE-2016-6347](Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-6348", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "JacksonJsonpInterceptor in RESTEasy might allow re..." + }, + "fullDescription": { + "text": "JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-6348", + "help": { + "text": "Vulnerability CVE-2016-6348\nSeverity: medium\nPackage: resteasy-client\nFixed Version: 3.0.20.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6348](https://nvd.nist.gov/vuln/detail/CVE-2016-6348)\nJacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.", + "markdown": "**Vulnerability CVE-2016-6348**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|resteasy-client|3.0.20.Final|[]()|CVE-2016-6348|[https://nvd.nist.gov/vuln/detail/CVE-2016-6348](JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-6346", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "RESTEasy enables GZIPInterceptor, which allows rem..." + }, + "fullDescription": { + "text": "RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-6346", + "help": { + "text": "Vulnerability CVE-2016-6346\nSeverity: high\nPackage: resteasy-jaxrs\nFixed Version: 3.0.20.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6346](https://nvd.nist.gov/vuln/detail/CVE-2016-6346)\nRESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.", + "markdown": "**Vulnerability CVE-2016-6346**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|resteasy-jaxrs|3.0.20.Final|[]()|CVE-2016-6346|[https://nvd.nist.gov/vuln/detail/CVE-2016-6346](RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2017-7561", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Red Hat JBoss EAP version 3.0.7 through before 4.0..." + }, + "fullDescription": { + "text": "Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-7561", + "help": { + "text": "Vulnerability CVE-2017-7561\nSeverity: high\nPackage: resteasy-jaxrs\nFixed Version: 3.0.25.Final, 3.5.0.CR1, 4.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-7561](https://nvd.nist.gov/vuln/detail/CVE-2017-7561)\nRed Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.", + "markdown": "**Vulnerability CVE-2017-7561**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|resteasy-jaxrs|3.0.25.Final, 3.5.0.CR1, 4.0.0.Beta1|[]()|CVE-2017-7561|[https://nvd.nist.gov/vuln/detail/CVE-2017-7561](Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-10688", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A cross-site scripting (XSS) flaw was found in RES..." + }, + "fullDescription": { + "text": "A cross-site scripting (XSS) flaw was found in RESTEasy in versions before ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688", + "help": { + "text": "Vulnerability CVE-2020-10688\nSeverity: medium\nPackage: resteasy-jaxrs\nFixed Version: 3.11.1.Final, 4.5.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10688](https://nvd.nist.gov/vuln/detail/CVE-2020-10688)\nA cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.", + "markdown": "**Vulnerability CVE-2020-10688**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|resteasy-jaxrs|3.11.1.Final, 4.5.3|[]()|CVE-2020-10688|[https://nvd.nist.gov/vuln/detail/CVE-2020-10688](A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2018-1051", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "It was found that the fix for CVE-2016-9606 in ver..." + }, + "fullDescription": { + "text": "It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 wa..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-1051", + "help": { + "text": "Vulnerability CVE-2018-1051\nSeverity: high\nPackage: resteasy-yaml-provider\nFixed Version: 3.0.26.Final, 3.6.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1051](https://nvd.nist.gov/vuln/detail/CVE-2018-1051)\nIt was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.", + "markdown": "**Vulnerability CVE-2018-1051**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|resteasy-yaml-provider|3.0.26.Final, 3.6.0.Final|[]()|CVE-2018-1051|[https://nvd.nist.gov/vuln/detail/CVE-2018-1051](It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-9606", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "JBoss RESTEasy before version 3.1.2 could be force..." + }, + "fullDescription": { + "text": "JBoss RESTEasy before version 3.1.2 could be forced into parsing a request ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-9606", + "help": { + "text": "Vulnerability CVE-2016-9606\nSeverity: high\nPackage: resteasy-yaml-provider\nFixed Version: 3.1.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-9606](https://nvd.nist.gov/vuln/detail/CVE-2016-9606)\nJBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.", + "markdown": "**Vulnerability CVE-2016-9606**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|resteasy-yaml-provider|3.1.2|[]()|CVE-2016-9606|[https://nvd.nist.gov/vuln/detail/CVE-2016-9606](JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2023-5685", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in XNIO. The XNIO NotifierState t..." + }, + "fullDescription": { + "text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Ove..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", + "help": { + "text": "Vulnerability CVE-2023-5685\nSeverity: high\nPackage: xnio-api\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5685](https://nvd.nist.gov/vuln/detail/CVE-2023-5685)\nA flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", + "markdown": "**Vulnerability CVE-2023-5685**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|xnio-api||[]()|CVE-2023-5685|[https://nvd.nist.gov/vuln/detail/CVE-2023-5685](A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2016-2141", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "It was found that JGroups did not require necessar..." + }, + "fullDescription": { + "text": "It was found that JGroups did not require necessary headers for encrypt and..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-2141", + "help": { + "text": "Vulnerability CVE-2016-2141\nSeverity: critical\nPackage: jgroups\nFixed Version: 3.2.16.Final, 3.6.10.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-2141](https://nvd.nist.gov/vuln/detail/CVE-2016-2141)\nIt was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.", + "markdown": "**Vulnerability CVE-2016-2141**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|jgroups|3.2.16.Final, 3.6.10.Final|[]()|CVE-2016-2141|[https://nvd.nist.gov/vuln/detail/CVE-2016-2141](It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2021-37714", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "jsoup is a Java library for working with HTML. Tho..." + }, + "fullDescription": { + "text": "jsoup is a Java library for working with HTML. Those using jsoup versions p..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714", + "help": { + "text": "Vulnerability CVE-2021-37714\nSeverity: high\nPackage: jsoup\nFixed Version: 1.14.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37714](https://nvd.nist.gov/vuln/detail/CVE-2021-37714)\njsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.", + "markdown": "**Vulnerability CVE-2021-37714**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|jsoup|1.14.2|[]()|CVE-2021-37714|[https://nvd.nist.gov/vuln/detail/CVE-2021-37714](jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2015-6748", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Cross-site scripting (XSS) vulnerability in jsoup ..." + }, + "fullDescription": { + "text": "Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-6748", + "help": { + "text": "Vulnerability CVE-2015-6748\nSeverity: medium\nPackage: jsoup\nFixed Version: 1.8.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-6748](https://nvd.nist.gov/vuln/detail/CVE-2015-6748)\nCross-site scripting (XSS) vulnerability in jsoup before 1.8.3.", + "markdown": "**Vulnerability CVE-2015-6748**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jsoup|1.8.3|[]()|CVE-2015-6748|[https://nvd.nist.gov/vuln/detail/CVE-2015-6748](Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-36033", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "jsoup is a Java HTML parser, built for HTML editin..." + }, + "fullDescription": { + "text": "jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, an..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-36033", + "help": { + "text": "Vulnerability CVE-2022-36033\nSeverity: medium\nPackage: jsoup\nFixed Version: 1.15.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-36033](https://nvd.nist.gov/vuln/detail/CVE-2022-36033)\njsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)", + "markdown": "**Vulnerability CVE-2022-36033**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|jsoup|1.15.3|[]()|CVE-2022-36033|[https://nvd.nist.gov/vuln/detail/CVE-2022-36033](jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.))|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2014-3603", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The (1) HttpResource and (2) FileBackedHttpResourc..." + }, + "fullDescription": { + "text": "The (1) HttpResource and (2) FileBackedHttpResource implementations in Shib..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2014-3603", + "help": { + "text": "Vulnerability CVE-2014-3603\nSeverity: medium\nPackage: opensaml\nFixed Version: 2.6.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3603](https://nvd.nist.gov/vuln/detail/CVE-2014-3603)\nThe (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", + "markdown": "**Vulnerability CVE-2014-3603**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|opensaml|2.6.2|[]()|CVE-2014-3603|[https://nvd.nist.gov/vuln/detail/CVE-2014-3603](The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2015-1796", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The PKIX trust engines in Shibboleth Identity Prov..." + }, + "fullDescription": { + "text": "The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and Ope..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-1796", + "help": { + "text": "Vulnerability CVE-2015-1796\nSeverity: medium\nPackage: opensaml\nFixed Version: 2.6.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-1796](https://nvd.nist.gov/vuln/detail/CVE-2015-1796)\nThe PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.", + "markdown": "**Vulnerability CVE-2015-1796**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|opensaml|2.6.5|[]()|CVE-2015-1796|[https://nvd.nist.gov/vuln/detail/CVE-2015-1796](The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2014-7827", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The org.jboss.security.plugins.mapping.JBossMappin..." + }, + "fullDescription": { + "text": "The org.jboss.security.plugins.mapping.JBossMappingManager implementation i..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2014-7827", + "help": { + "text": "Vulnerability CVE-2014-7827\nSeverity: low\nPackage: picketlink-federation\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-7827](https://nvd.nist.gov/vuln/detail/CVE-2014-7827)\nThe org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.", + "markdown": "**Vulnerability CVE-2014-7827**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|picketlink-federation||[]()|CVE-2014-7827|[https://nvd.nist.gov/vuln/detail/CVE-2014-7827](The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2018-8088", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "org.slf4j.ext.EventData in the slf4j-ext module in..." + }, + "fullDescription": { + "text": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8...." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", + "help": { + "text": "Vulnerability CVE-2018-8088\nSeverity: critical\nPackage: slf4j-ext\nFixed Version: 1.7.26, 1.8.0-beta4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-8088](https://nvd.nist.gov/vuln/detail/CVE-2018-8088)\norg.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.", + "markdown": "**Vulnerability CVE-2018-8088**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|slf4j-ext|1.7.26, 1.8.0-beta4|[]()|CVE-2018-8088|[https://nvd.nist.gov/vuln/detail/CVE-2018-8088](org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2020-1719", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in wildfly. The EJBContext princi..." + }, + "fullDescription": { + "text": "A flaw was found in wildfly. The EJBContext principle is not popped back af..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719", + "help": { + "text": "Vulnerability CVE-2020-1719\nSeverity: medium\nPackage: wildfly-ejb3\nFixed Version: 20.0.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1719](https://nvd.nist.gov/vuln/detail/CVE-2020-1719)\nA flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.", + "markdown": "**Vulnerability CVE-2020-1719**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|wildfly-ejb3|20.0.0.Final|[]()|CVE-2020-1719|[https://nvd.nist.gov/vuln/detail/CVE-2020-1719](A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2016-9589", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Undertow in Red Hat wildfly before version 11.0.0...." + }, + "fullDescription": { + "text": "Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a ..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-9589", + "help": { + "text": "Vulnerability CVE-2016-9589\nSeverity: high\nPackage: wildfly-undertow\nFixed Version: 11.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-9589](https://nvd.nist.gov/vuln/detail/CVE-2016-9589)\nUndertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to \"max-headers\" (default 200) * \"max-header-size\" (default 1MB) per active TCP connection.", + "markdown": "**Vulnerability CVE-2016-9589**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|wildfly-undertow|11.0.0.Beta1|[]()|CVE-2016-9589|[https://nvd.nist.gov/vuln/detail/CVE-2016-9589](Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to \"max-headers\" (default 200) * \"max-header-size\" (default 1MB) per active TCP connection.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2018-1047", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Wildfly 9.x. A path traversal ..." + }, + "fullDescription": { + "text": "A flaw was found in Wildfly 9.x. A path traversal vulnerability through the..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-1047", + "help": { + "text": "Vulnerability CVE-2018-1047\nSeverity: medium\nPackage: wildfly-undertow\nFixed Version: 12.0.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1047](https://nvd.nist.gov/vuln/detail/CVE-2018-1047)\nA flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.", + "markdown": "**Vulnerability CVE-2018-1047**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|wildfly-undertow|12.0.0|[]()|CVE-2018-1047|[https://nvd.nist.gov/vuln/detail/CVE-2018-1047](A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-4061", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in wildfly-core. A management use..." + }, + "fullDescription": { + "text": "A flaw was found in wildfly-core. A management user could use the resolve-e..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061", + "help": { + "text": "Vulnerability CVE-2023-4061\nSeverity: medium\nPackage: wildfly-controller\nFixed Version: 22.0.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-4061](https://nvd.nist.gov/vuln/detail/CVE-2023-4061)\nA flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.", + "markdown": "**Vulnerability CVE-2023-4061**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|wildfly-controller|22.0.0.Final|[]()|CVE-2023-4061|[https://nvd.nist.gov/vuln/detail/CVE-2023-4061](A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2018-10862", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "WildFly Core before version 6.0.0.Alpha3 does not ..." + }, + "fullDescription": { + "text": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file pa..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862", + "help": { + "text": "Vulnerability CVE-2018-10862\nSeverity: medium\nPackage: wildfly-server\nFixed Version: 6.0.0.Alpha3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-10862](https://nvd.nist.gov/vuln/detail/CVE-2018-10862)\nWildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.", + "markdown": "**Vulnerability CVE-2018-10862**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|wildfly-server|6.0.0.Alpha3|[]()|CVE-2018-10862|[https://nvd.nist.gov/vuln/detail/CVE-2018-10862](WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-10718", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Wildfly before wildfly-embedde..." + }, + "fullDescription": { + "text": "A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", + "help": { + "text": "Vulnerability CVE-2020-10718\nSeverity: high\nPackage: wildfly-embedded\nFixed Version: 13.0.0.Beta5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10718](https://nvd.nist.gov/vuln/detail/CVE-2020-10718)\nA flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", + "markdown": "**Vulnerability CVE-2020-10718**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|wildfly-embedded|13.0.0.Beta5|[]()|CVE-2020-10718|[https://nvd.nist.gov/vuln/detail/CVE-2020-10718](A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2019-14838", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in wildfly-core before 7.2.5.GA. ..." + }, + "fullDescription": { + "text": "A flaw was found in wildfly-core before 7.2.5.GA. The Management users with..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2019-14838", + "help": { + "text": "Vulnerability CVE-2019-14838\nSeverity: medium\nPackage: wildfly-host-controller\nFixed Version: 7.2.5.GA\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14838](https://nvd.nist.gov/vuln/detail/CVE-2019-14838)\nA flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server", + "markdown": "**Vulnerability CVE-2019-14838**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|wildfly-host-controller|7.2.5.GA|[]()|CVE-2019-14838|[https://nvd.nist.gov/vuln/detail/CVE-2019-14838](A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3644", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in wildfly-core in all versions. ..." + }, + "fullDescription": { + "text": "A flaw was found in wildfly-core in all versions. If a vault expression is ..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2021-3644", + "help": { + "text": "Vulnerability CVE-2021-3644\nSeverity: low\nPackage: wildfly-server\nFixed Version: 16.0.1.Final, 17.0.0.Beta3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3644](https://nvd.nist.gov/vuln/detail/CVE-2021-3644)\nA flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.", + "markdown": "**Vulnerability CVE-2021-3644**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|wildfly-server|16.0.1.Final, 17.0.0.Beta3|[]()|CVE-2021-3644|[https://nvd.nist.gov/vuln/detail/CVE-2021-3644](A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-1471", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "SnakeYaml\u0026#39;s Constructor() class does not restrict ..." + }, + "fullDescription": { + "text": "SnakeYaml\u0026#39;s Constructor() class does not restrict types which can be instan..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", + "help": { + "text": "Vulnerability CVE-2022-1471\nSeverity: critical\nPackage: snakeyaml\nFixed Version: 2.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1471](https://nvd.nist.gov/vuln/detail/CVE-2022-1471)\nSnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.\n", + "markdown": "**Vulnerability CVE-2022-1471**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|critical|snakeyaml|2.0|[]()|CVE-2022-1471|[https://nvd.nist.gov/vuln/detail/CVE-2022-1471](SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "critical" + ] + } + }, + { + "id": "CVE-2022-25857", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The package org.yaml:snakeyaml from 0 and before 1..." + }, + "fullDescription": { + "text": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Den..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", + "help": { + "text": "Vulnerability CVE-2022-25857\nSeverity: high\nPackage: snakeyaml\nFixed Version: 1.31\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-25857](https://nvd.nist.gov/vuln/detail/CVE-2022-25857)\nThe package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "markdown": "**Vulnerability CVE-2022-25857**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|snakeyaml|1.31|[]()|CVE-2022-25857|[https://nvd.nist.gov/vuln/detail/CVE-2022-25857](The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2017-18640", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "The Alias feature in SnakeYAML before 1.26 allows ..." + }, + "fullDescription": { + "text": "The Alias feature in SnakeYAML before 1.26 allows entity expansion during a..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640", + "help": { + "text": "Vulnerability CVE-2017-18640\nSeverity: high\nPackage: snakeyaml\nFixed Version: 1.26\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-18640](https://nvd.nist.gov/vuln/detail/CVE-2017-18640)\nThe Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "markdown": "**Vulnerability CVE-2017-18640**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|snakeyaml|1.26|[]()|CVE-2017-18640|[https://nvd.nist.gov/vuln/detail/CVE-2017-18640](The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-38749", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Using snakeYAML to parse untrusted YAML files may ..." + }, + "fullDescription": { + "text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial o..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", + "help": { + "text": "Vulnerability CVE-2022-38749\nSeverity: medium\nPackage: snakeyaml\nFixed Version: 1.31\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-38749](https://nvd.nist.gov/vuln/detail/CVE-2022-38749)\nUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "markdown": "**Vulnerability CVE-2022-38749**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|snakeyaml|1.31|[]()|CVE-2022-38749|[https://nvd.nist.gov/vuln/detail/CVE-2022-38749](Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-38750", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Using snakeYAML to parse untrusted YAML files may ..." + }, + "fullDescription": { + "text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial o..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", + "help": { + "text": "Vulnerability CVE-2022-38750\nSeverity: medium\nPackage: snakeyaml\nFixed Version: 1.31\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-38750](https://nvd.nist.gov/vuln/detail/CVE-2022-38750)\nUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "markdown": "**Vulnerability CVE-2022-38750**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|snakeyaml|1.31|[]()|CVE-2022-38750|[https://nvd.nist.gov/vuln/detail/CVE-2022-38750](Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-38751", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Using snakeYAML to parse untrusted YAML files may ..." + }, + "fullDescription": { + "text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial o..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", + "help": { + "text": "Vulnerability CVE-2022-38751\nSeverity: medium\nPackage: snakeyaml\nFixed Version: 1.31\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-38751](https://nvd.nist.gov/vuln/detail/CVE-2022-38751)\nUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "markdown": "**Vulnerability CVE-2022-38751**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|snakeyaml|1.31|[]()|CVE-2022-38751|[https://nvd.nist.gov/vuln/detail/CVE-2022-38751](Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-38752", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Using snakeYAML to parse untrusted YAML files may ..." + }, + "fullDescription": { + "text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial o..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", + "help": { + "text": "Vulnerability CVE-2022-38752\nSeverity: medium\nPackage: snakeyaml\nFixed Version: 1.32\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-38752](https://nvd.nist.gov/vuln/detail/CVE-2022-38752)\nUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "markdown": "**Vulnerability CVE-2022-38752**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|snakeyaml|1.32|[]()|CVE-2022-38752|[https://nvd.nist.gov/vuln/detail/CVE-2022-38752](Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-41854", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "Those using Snakeyaml to parse untrusted YAML file..." + }, + "fullDescription": { + "text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to De..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", + "help": { + "text": "Vulnerability CVE-2022-41854\nSeverity: medium\nPackage: snakeyaml\nFixed Version: 1.32\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-41854](https://nvd.nist.gov/vuln/detail/CVE-2022-41854)\nThose using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "markdown": "**Vulnerability CVE-2022-41854**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|snakeyaml|1.32|[]()|CVE-2022-41854|[https://nvd.nist.gov/vuln/detail/CVE-2022-41854](Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2024-22365", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "linux-pam (aka Linux PAM) before 1.6.0 allows atta..." + }, + "fullDescription": { + "text": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial o..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-22365", + "help": { + "text": "Vulnerability CVE-2024-22365\nSeverity: medium\nPackage: pam\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-22365](https://access.redhat.com/security/cve/CVE-2024-22365)\nlinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", + "markdown": "**Vulnerability CVE-2024-22365**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|pam|any in centos 7.6.1810|[]()|CVE-2024-22365|[https://access.redhat.com/security/cve/CVE-2024-22365](linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:2189", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The procps-ng packages contain a set of system uti..." + }, + "fullDescription": { + "text": "The procps-ng packages contain a set of system utilities that provide syste..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-1122", + "help": { + "text": "Vulnerability RHSA-2019:2189\nSeverity: medium\nPackage: procps-ng\nFixed Version: 3.3.10-26.el7\nExploit Available: [http://www.exploit-db.com/exploits/44806](http://www.exploit-db.com/exploits/44806)\nExploit Type: local\nLink: [RHSA-2019:2189](https://access.redhat.com/security/cve/CVE-2018-1122)\nThe procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.", + "markdown": "**Vulnerability RHSA-2019:2189**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|procps-ng|3.3.10-26.el7|[http://www.exploit-db.com/exploits/44806](local)|RHSA-2019:2189|[https://access.redhat.com/security/cve/CVE-2018-1122](The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-4016", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Under some circumstances, this weakness allows a u..." + }, + "fullDescription": { + "text": "Under some circumstances, this weakness allows a user who has access to run..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-4016", + "help": { + "text": "Vulnerability CVE-2023-4016\nSeverity: low\nPackage: procps-ng\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-4016](https://access.redhat.com/security/cve/CVE-2023-4016)\nUnder some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", + "markdown": "**Vulnerability CVE-2023-4016**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|procps-ng|any in centos 7.6.1810|[]()|CVE-2023-4016|[https://access.redhat.com/security/cve/CVE-2023-4016](Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2019:0710", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Python is an interpreted, interactive, object-orie..." + }, + "fullDescription": { + "text": "Python is an interpreted, interactive, object-oriented programming language..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-9636", + "help": { + "text": "Vulnerability RHSA-2019:0710\nSeverity: high\nPackage: python-libs\nFixed Version: 2.7.5-77.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0710](https://access.redhat.com/security/cve/CVE-2019-9636)\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.", + "markdown": "**Vulnerability RHSA-2019:0710**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|python-libs|2.7.5-77.el7_6|[]()|RHSA-2019:0710|[https://access.redhat.com/security/cve/CVE-2019-9636](Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2023:6885", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Python is an interpreted, interactive, object-orie..." + }, + "fullDescription": { + "text": "Python is an interpreted, interactive, object-oriented programming language..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-40217", + "help": { + "text": "Vulnerability RHSA-2023:6885\nSeverity: high\nPackage: python-libs\nFixed Version: 2.7.5-94.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:6885](https://access.redhat.com/security/cve/CVE-2023-40217)\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.", + "markdown": "**Vulnerability RHSA-2023:6885**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|python-libs|2.7.5-94.el7_9|[]()|RHSA-2023:6885|[https://access.redhat.com/security/cve/CVE-2023-40217](Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2023:3555", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Python is an interpreted, interactive, object-orie..." + }, + "fullDescription": { + "text": "Python is an interpreted, interactive, object-oriented programming language..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-24329", + "help": { + "text": "Vulnerability RHSA-2023:3555\nSeverity: high\nPackage: python-libs\nFixed Version: 2.7.5-93.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:3555](https://access.redhat.com/security/cve/CVE-2023-24329)\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.", + "markdown": "**Vulnerability RHSA-2023:3555**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|python-libs|2.7.5-93.el7_9|[]()|RHSA-2023:3555|[https://access.redhat.com/security/cve/CVE-2023-24329](Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2019:1587", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Python is an interpreted, interactive, object-orie..." + }, + "fullDescription": { + "text": "Python is an interpreted, interactive, object-oriented programming language..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-10160", + "help": { + "text": "Vulnerability RHSA-2019:1587\nSeverity: high\nPackage: python-libs\nFixed Version: 2.7.5-80.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1587](https://access.redhat.com/security/cve/CVE-2019-10160)\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.", + "markdown": "**Vulnerability RHSA-2019:1587**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|python-libs|2.7.5-80.el7_6|[]()|RHSA-2019:1587|[https://access.redhat.com/security/cve/CVE-2019-10160](Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-48566", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in compare_digest in Lib/h..." + }, + "fullDescription": { + "text": "An issue was discovered in compare_digest in Lib/hmac.py in Python through ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-48566", + "help": { + "text": "Vulnerability CVE-2022-48566\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48566](https://access.redhat.com/security/cve/CVE-2022-48566)\nAn issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.", + "markdown": "**Vulnerability CVE-2022-48566**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2022-48566|[https://access.redhat.com/security/cve/CVE-2022-48566](An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-4189", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Python, specifically in the FT..." + }, + "fullDescription": { + "text": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-4189", + "help": { + "text": "Vulnerability CVE-2021-4189\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4189](https://access.redhat.com/security/cve/CVE-2021-4189)\nA flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.", + "markdown": "**Vulnerability CVE-2021-4189**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2021-4189|[https://access.redhat.com/security/cve/CVE-2021-4189](A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:3911", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Python is an interpreted, interactive, object-orie..." + }, + "fullDescription": { + "text": "Python is an interpreted, interactive, object-oriented programming language..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-16935", + "help": { + "text": "Vulnerability RHSA-2020:3911\nSeverity: medium\nPackage: python-libs\nFixed Version: 2.7.5-89.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3911](https://access.redhat.com/security/cve/CVE-2019-16935)\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.", + "markdown": "**Vulnerability RHSA-2020:3911**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|2.7.5-89.el7|[]()|RHSA-2020:3911|[https://access.redhat.com/security/cve/CVE-2019-16935](Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-10735", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in python. In algorithms with qua..." + }, + "fullDescription": { + "text": "A flaw was found in python. In algorithms with quadratic time complexity us..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-10735", + "help": { + "text": "Vulnerability CVE-2020-10735\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10735](https://access.redhat.com/security/cve/CVE-2020-10735)\nA flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.", + "markdown": "**Vulnerability CVE-2020-10735**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2020-10735|[https://access.redhat.com/security/cve/CVE-2020-10735](A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2022:5235", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Python is an interpreted, interactive, object-orie..." + }, + "fullDescription": { + "text": "Python is an interpreted, interactive, object-oriented programming language..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-26137", + "help": { + "text": "Vulnerability RHSA-2022:5235\nSeverity: medium\nPackage: python-libs\nFixed Version: 2.7.5-92.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5235](https://access.redhat.com/security/cve/CVE-2020-26137)\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.", + "markdown": "**Vulnerability RHSA-2022:5235**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|2.7.5-92.el7_9|[]()|RHSA-2022:5235|[https://access.redhat.com/security/cve/CVE-2020-26137](Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-27619", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In Python 3 through 3.9.0, the Lib/test/multibytec..." + }, + "fullDescription": { + "text": "In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-27619", + "help": { + "text": "Vulnerability CVE-2020-27619\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-27619](https://access.redhat.com/security/cve/CVE-2020-27619)\nIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.", + "markdown": "**Vulnerability CVE-2020-27619**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2020-27619|[https://access.redhat.com/security/cve/CVE-2020-27619](In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-23336", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The package python/cpython from 0 and before 3.6.1..." + }, + "fullDescription": { + "text": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-23336", + "help": { + "text": "Vulnerability CVE-2021-23336\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-23336](https://access.redhat.com/security/cve/CVE-2021-23336)\nThe package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", + "markdown": "**Vulnerability CVE-2021-23336**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2021-23336|[https://access.redhat.com/security/cve/CVE-2021-23336](The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3733", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "There\u0026#39;s a flaw in urllib\u0026#39;s AbstractBasicAuthHandle..." + }, + "fullDescription": { + "text": "There\u0026#39;s a flaw in urllib\u0026#39;s AbstractBasicAuthHandler class. An attacker who ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3733", + "help": { + "text": "Vulnerability CVE-2021-3733\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3733](https://access.redhat.com/security/cve/CVE-2021-3733)\nThere's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.", + "markdown": "**Vulnerability CVE-2021-3733**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2021-3733|[https://access.redhat.com/security/cve/CVE-2021-3733](There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2024-0450", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was found in the CPython `zipfile` module..." + }, + "fullDescription": { + "text": "An issue was found in the CPython `zipfile` module affecting versions 3.12...." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-0450", + "help": { + "text": "Vulnerability CVE-2024-0450\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-0450](https://access.redhat.com/security/cve/CVE-2024-0450)\nAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n", + "markdown": "**Vulnerability CVE-2024-0450**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2024-0450|[https://access.redhat.com/security/cve/CVE-2024-0450](An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:5009", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Python is an accessible, high-level, dynamically t..." + }, + "fullDescription": { + "text": "Python is an accessible, high-level, dynamically typed, interpreted program..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-20907", + "help": { + "text": "Vulnerability RHSA-2020:5009\nSeverity: medium\nPackage: python-libs\nFixed Version: 2.7.5-90.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5009](https://access.redhat.com/security/cve/CVE-2019-20907)\nPython is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries.", + "markdown": "**Vulnerability RHSA-2020:5009**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|2.7.5-90.el7|[]()|RHSA-2020:5009|[https://access.redhat.com/security/cve/CVE-2019-20907](Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-0391", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Python, specifically within th..." + }, + "fullDescription": { + "text": "A flaw was found in Python, specifically within the urllib.parse module. Th..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-0391", + "help": { + "text": "Vulnerability CVE-2022-0391\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0391](https://access.redhat.com/security/cve/CVE-2022-0391)\nA flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.", + "markdown": "**Vulnerability CVE-2022-0391**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2022-0391|[https://access.redhat.com/security/cve/CVE-2022-0391](A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-45061", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An issue was discovered in Python before 3.11.1. A..." + }, + "fullDescription": { + "text": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic a..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-45061", + "help": { + "text": "Vulnerability CVE-2022-45061\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45061](https://access.redhat.com/security/cve/CVE-2022-45061)\nAn issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", + "markdown": "**Vulnerability CVE-2022-45061**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2022-45061|[https://access.redhat.com/security/cve/CVE-2022-45061](An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-48560", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A use-after-free exists in Python through 3.9 via ..." + }, + "fullDescription": { + "text": "A use-after-free exists in Python through 3.9 via heappushpop in heapq." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-48560", + "help": { + "text": "Vulnerability CVE-2022-48560\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48560](https://access.redhat.com/security/cve/CVE-2022-48560)\nA use-after-free exists in Python through 3.9 via heappushpop in heapq.", + "markdown": "**Vulnerability CVE-2022-48560**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2022-48560|[https://access.redhat.com/security/cve/CVE-2022-48560](A use-after-free exists in Python through 3.9 via heappushpop in heapq.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-48565", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An XML External Entity (XXE) issue was discovered ..." + }, + "fullDescription": { + "text": "An XML External Entity (XXE) issue was discovered in Python through 3.9.1. ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-48565", + "help": { + "text": "Vulnerability CVE-2022-48565\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48565](https://access.redhat.com/security/cve/CVE-2022-48565)\nAn XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.", + "markdown": "**Vulnerability CVE-2022-48565**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2022-48565|[https://access.redhat.com/security/cve/CVE-2022-48565](An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2007-4559", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Directory traversal vulnerability in the (1) extra..." + }, + "fullDescription": { + "text": "Directory traversal vulnerability in the (1) extract and (2) extractall fun..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2007-4559", + "help": { + "text": "Vulnerability CVE-2007-4559\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2007-4559](https://access.redhat.com/security/cve/CVE-2007-4559)\nDirectory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", + "markdown": "**Vulnerability CVE-2007-4559**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2007-4559|[https://access.redhat.com/security/cve/CVE-2007-4559](Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:1131", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Python is an interpreted, interactive, object-orie..." + }, + "fullDescription": { + "text": "Python is an interpreted, interactive, object-oriented programming language..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-16056", + "help": { + "text": "Vulnerability RHSA-2020:1131\nSeverity: medium\nPackage: python-libs\nFixed Version: 2.7.5-88.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1131](https://access.redhat.com/security/cve/CVE-2019-16056)\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.", + "markdown": "**Vulnerability RHSA-2020:1131**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|2.7.5-88.el7|[]()|RHSA-2020:1131|[https://access.redhat.com/security/cve/CVE-2019-16056](Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-27043", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The email module of Python through 3.11.3 incorrec..." + }, + "fullDescription": { + "text": "The email module of Python through 3.11.3 incorrectly parses e-mail address..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-27043", + "help": { + "text": "Vulnerability CVE-2023-27043\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-27043](https://access.redhat.com/security/cve/CVE-2023-27043)\nThe email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", + "markdown": "**Vulnerability CVE-2023-27043**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2023-27043|[https://access.redhat.com/security/cve/CVE-2023-27043](The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-36632", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The legacy email.utils.parseaddr function in Pytho..." + }, + "fullDescription": { + "text": "The legacy email.utils.parseaddr function in Python through 3.11.4 allows a..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-36632", + "help": { + "text": "Vulnerability CVE-2023-36632\nSeverity: medium\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-36632](https://access.redhat.com/security/cve/CVE-2023-36632)\nThe legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.", + "markdown": "**Vulnerability CVE-2023-36632**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|any in centos 7.6.1810|[]()|CVE-2023-36632|[https://access.redhat.com/security/cve/CVE-2023-36632](The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:2030", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Python is an interpreted, interactive, object-orie..." + }, + "fullDescription": { + "text": "Python is an interpreted, interactive, object-oriented programming language..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-5010", + "help": { + "text": "Vulnerability RHSA-2019:2030\nSeverity: medium\nPackage: python-libs\nFixed Version: 2.7.5-86.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2030](https://access.redhat.com/security/cve/CVE-2019-5010)\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.", + "markdown": "**Vulnerability RHSA-2019:2030**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-libs|2.7.5-86.el7|[]()|RHSA-2019:2030|[https://access.redhat.com/security/cve/CVE-2019-5010](Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3737", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in python. An improperly handled ..." + }, + "fullDescription": { + "text": "A flaw was found in python. An improperly handled HTTP response in the HTTP..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3737", + "help": { + "text": "Vulnerability CVE-2021-3737\nSeverity: low\nPackage: python-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3737](https://access.redhat.com/security/cve/CVE-2021-3737)\nA flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.", + "markdown": "**Vulnerability CVE-2021-3737**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|python-libs|any in centos 7.6.1810|[]()|CVE-2021-3737|[https://access.redhat.com/security/cve/CVE-2021-3737](A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-43818", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "lxml is a library for processing XML and HTML in t..." + }, + "fullDescription": { + "text": "lxml is a library for processing XML and HTML in the Python language. Prior..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-43818", + "help": { + "text": "Vulnerability CVE-2021-43818\nSeverity: medium\nPackage: python-lxml\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-43818](https://access.redhat.com/security/cve/CVE-2021-43818)\nlxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.", + "markdown": "**Vulnerability CVE-2021-43818**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|python-lxml|any in centos 7.6.1810|[]()|CVE-2021-43818|[https://access.redhat.com/security/cve/CVE-2021-43818](lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2021:4785", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The RPM Package Manager (RPM) is a command-line dr..." + }, + "fullDescription": { + "text": "The RPM Package Manager (RPM) is a command-line driven package management s..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-20271", + "help": { + "text": "Vulnerability RHSA-2021:4785\nSeverity: medium\nPackage: rpm-python\nFixed Version: 4.11.3-48.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4785](https://access.redhat.com/security/cve/CVE-2021-20271)\nThe RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.", + "markdown": "**Vulnerability RHSA-2021:4785**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|rpm-python|4.11.3-48.el7_9|[]()|RHSA-2021:4785|[https://access.redhat.com/security/cve/CVE-2021-20271](The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3421", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in the RPM package in the read fu..." + }, + "fullDescription": { + "text": "A flaw was found in the RPM package in the read functionality. This flaw al..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3421", + "help": { + "text": "Vulnerability CVE-2021-3421\nSeverity: medium\nPackage: rpm-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3421](https://access.redhat.com/security/cve/CVE-2021-3421)\nA flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.", + "markdown": "**Vulnerability CVE-2021-3421**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|rpm-python|any in centos 7.6.1810|[]()|CVE-2021-3421|[https://access.redhat.com/security/cve/CVE-2021-3421](A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3521", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "There is a flaw in RPM\u0026#39;s signature functionality. ..." + }, + "fullDescription": { + "text": "There is a flaw in RPM\u0026#39;s signature functionality. OpenPGP subkeys are assoc..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3521", + "help": { + "text": "Vulnerability CVE-2021-3521\nSeverity: medium\nPackage: rpm-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3521](https://access.redhat.com/security/cve/CVE-2021-3521)\nThere is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.", + "markdown": "**Vulnerability CVE-2021-3521**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|rpm-python|any in centos 7.6.1810|[]()|CVE-2021-3521|[https://access.redhat.com/security/cve/CVE-2021-3521](There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-35937", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A race condition vulnerability was found in rpm. A..." + }, + "fullDescription": { + "text": "A race condition vulnerability was found in rpm. A local unprivileged user ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-35937", + "help": { + "text": "Vulnerability CVE-2021-35937\nSeverity: medium\nPackage: rpm-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35937](https://access.redhat.com/security/cve/CVE-2021-35937)\nA race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "markdown": "**Vulnerability CVE-2021-35937**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|rpm-python|any in centos 7.6.1810|[]()|CVE-2021-35937|[https://access.redhat.com/security/cve/CVE-2021-35937](A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-35938", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A symbolic link issue was found in rpm. It occurs ..." + }, + "fullDescription": { + "text": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-35938", + "help": { + "text": "Vulnerability CVE-2021-35938\nSeverity: medium\nPackage: rpm-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35938](https://access.redhat.com/security/cve/CVE-2021-35938)\nA symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "markdown": "**Vulnerability CVE-2021-35938**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|rpm-python|any in centos 7.6.1810|[]()|CVE-2021-35938|[https://access.redhat.com/security/cve/CVE-2021-35938](A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-35939", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "It was found that the fix for CVE-2017-7500 and CV..." + }, + "fullDescription": { + "text": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplet..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-35939", + "help": { + "text": "Vulnerability CVE-2021-35939\nSeverity: medium\nPackage: rpm-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35939](https://access.redhat.com/security/cve/CVE-2021-35939)\nIt was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "markdown": "**Vulnerability CVE-2021-35939**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|rpm-python|any in centos 7.6.1810|[]()|CVE-2021-35939|[https://access.redhat.com/security/cve/CVE-2021-35939](It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-20266", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in RPM\u0026#39;s hdrblobInit() in lib/hea..." + }, + "fullDescription": { + "text": "A flaw was found in RPM\u0026#39;s hdrblobInit() in lib/header.c. This flaw allows a..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-20266", + "help": { + "text": "Vulnerability CVE-2021-20266\nSeverity: low\nPackage: rpm-python\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20266](https://access.redhat.com/security/cve/CVE-2021-20266)\nA flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.", + "markdown": "**Vulnerability CVE-2021-20266**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|rpm-python|any in centos 7.6.1810|[]()|CVE-2021-20266|[https://access.redhat.com/security/cve/CVE-2021-20266](A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2023-4641", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in shadow-utils. When asking for ..." + }, + "fullDescription": { + "text": "A flaw was found in shadow-utils. When asking for a new password, shadow-ut..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-4641", + "help": { + "text": "Vulnerability CVE-2023-4641\nSeverity: low\nPackage: shadow-utils\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-4641](https://access.redhat.com/security/cve/CVE-2023-4641)\nA flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", + "markdown": "**Vulnerability CVE-2023-4641**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|shadow-utils|any in centos 7.6.1810|[]()|CVE-2023-4641|[https://access.redhat.com/security/cve/CVE-2023-4641](A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2020:1021", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "GNOME is the default desktop environment of Red Ha..." + }, + "fullDescription": { + "text": "GNOME is the default desktop environment of Red Hat Enterprise Linux." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-3820", + "help": { + "text": "Vulnerability RHSA-2020:1021\nSeverity: medium\nPackage: shared-mime-info\nFixed Version: 1.8-5.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1021](https://access.redhat.com/security/cve/CVE-2019-3820)\nGNOME is the default desktop environment of Red Hat Enterprise Linux.", + "markdown": "**Vulnerability RHSA-2020:1021**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|shared-mime-info|1.8-5.el7|[]()|RHSA-2020:1021|[https://access.redhat.com/security/cve/CVE-2019-3820](GNOME is the default desktop environment of Red Hat Enterprise Linux.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:0227", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "SQLite is a C library that implements an SQL datab..." + }, + "fullDescription": { + "text": "SQLite is a C library that implements an SQL database engine. A large subse..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-13734", + "help": { + "text": "Vulnerability RHSA-2020:0227\nSeverity: high\nPackage: sqlite\nFixed Version: 3.7.17-8.el7_7.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:0227](https://access.redhat.com/security/cve/CVE-2019-13734)\nSQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.", + "markdown": "**Vulnerability RHSA-2020:0227**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|sqlite|3.7.17-8.el7_7.1|[]()|RHSA-2020:0227|[https://access.redhat.com/security/cve/CVE-2019-13734](SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-24736", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Buffer Overflow vulnerability found in SQLite3 v.3..." + }, + "fullDescription": { + "text": "Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-24736", + "help": { + "text": "Vulnerability CVE-2020-24736\nSeverity: medium\nPackage: sqlite\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-24736](https://access.redhat.com/security/cve/CVE-2020-24736)\nBuffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.", + "markdown": "**Vulnerability CVE-2020-24736**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|sqlite|any in centos 7.6.1810|[]()|CVE-2020-24736|[https://access.redhat.com/security/cve/CVE-2020-24736](Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-35527", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In SQLite 3.31.1, there is an out of bounds access..." + }, + "fullDescription": { + "text": "In SQLite 3.31.1, there is an out of bounds access problem through ALTER TA..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-35527", + "help": { + "text": "Vulnerability CVE-2020-35527\nSeverity: medium\nPackage: sqlite\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35527](https://access.redhat.com/security/cve/CVE-2020-35527)\nIn SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.", + "markdown": "**Vulnerability CVE-2020-35527**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|sqlite|any in centos 7.6.1810|[]()|CVE-2020-35527|[https://access.redhat.com/security/cve/CVE-2020-35527](In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-35737", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometim..." + }, + "fullDescription": { + "text": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-35737", + "help": { + "text": "Vulnerability CVE-2022-35737\nSeverity: medium\nPackage: sqlite\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-35737](https://access.redhat.com/security/cve/CVE-2022-35737)\nSQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", + "markdown": "**Vulnerability CVE-2022-35737**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|sqlite|any in centos 7.6.1810|[]()|CVE-2022-35737|[https://access.redhat.com/security/cve/CVE-2022-35737](SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-35525", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "In SQlite 3.31.1, a potential null pointer derrefe..." + }, + "fullDescription": { + "text": "In SQlite 3.31.1, a potential null pointer derreference was found in the IN..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-35525", + "help": { + "text": "Vulnerability CVE-2020-35525\nSeverity: low\nPackage: sqlite\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35525](https://access.redhat.com/security/cve/CVE-2020-35525)\nIn SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.", + "markdown": "**Vulnerability CVE-2020-35525**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|sqlite|any in centos 7.6.1810|[]()|CVE-2020-35525|[https://access.redhat.com/security/cve/CVE-2020-35525](In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-45346", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A Memory Leak vulnerability exists in SQLite Proje..." + }, + "fullDescription": { + "text": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.3..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-45346", + "help": { + "text": "Vulnerability CVE-2021-45346\nSeverity: low\nPackage: sqlite\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-45346](https://access.redhat.com/security/cve/CVE-2021-45346)\nA Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.", + "markdown": "**Vulnerability CVE-2021-45346**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|sqlite|any in centos 7.6.1810|[]()|CVE-2021-45346|[https://access.redhat.com/security/cve/CVE-2021-45346](A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2024-0232", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A heap use-after-free issue has been identified in..." + }, + "fullDescription": { + "text": "A heap use-after-free issue has been identified in SQLite in the jsonParseA..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2024-0232", + "help": { + "text": "Vulnerability CVE-2024-0232\nSeverity: low\nPackage: sqlite\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-0232](https://access.redhat.com/security/cve/CVE-2024-0232)\nA heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "markdown": "**Vulnerability CVE-2024-0232**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|sqlite|any in centos 7.6.1810|[]()|CVE-2024-0232|[https://access.redhat.com/security/cve/CVE-2024-0232](A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2019:2091", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The systemd packages contain systemd, a system and..." + }, + "fullDescription": { + "text": "The systemd packages contain systemd, a system and service manager for Linu..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-16888", + "help": { + "text": "Vulnerability RHSA-2019:2091\nSeverity: medium\nPackage: systemd-libs\nFixed Version: 219-67.el7\nExploit Available: [http://www.exploit-db.com/exploits/45714](http://www.exploit-db.com/exploits/45714)\nExploit Type: dos\nLink: [RHSA-2019:2091](https://access.redhat.com/security/cve/CVE-2018-16888)\nThe systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.", + "markdown": "**Vulnerability RHSA-2019:2091**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|systemd-libs|219-67.el7|[http://www.exploit-db.com/exploits/45714](dos)|RHSA-2019:2091|[https://access.redhat.com/security/cve/CVE-2018-16888](The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2019:0368", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The systemd packages contain systemd, a system and..." + }, + "fullDescription": { + "text": "The systemd packages contain systemd, a system and service manager for Linu..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-6454", + "help": { + "text": "Vulnerability RHSA-2019:0368\nSeverity: high\nPackage: systemd-libs\nFixed Version: 219-62.el7_6.5\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0368](https://access.redhat.com/security/cve/CVE-2019-6454)\nThe systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.", + "markdown": "**Vulnerability RHSA-2019:0368**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|systemd-libs|219-62.el7_6.5|[]()|RHSA-2019:0368|[https://access.redhat.com/security/cve/CVE-2019-6454](The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2022:6160", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The systemd packages contain systemd, a system and..." + }, + "fullDescription": { + "text": "The systemd packages contain systemd, a system and service manager for Linu..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2526", + "help": { + "text": "Vulnerability RHSA-2022:6160\nSeverity: high\nPackage: systemd-libs\nFixed Version: 219-78.el7_9.7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:6160](https://access.redhat.com/security/cve/CVE-2022-2526)\nThe systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.", + "markdown": "**Vulnerability RHSA-2022:6160**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|systemd-libs|219-78.el7_9.7|[]()|RHSA-2022:6160|[https://access.redhat.com/security/cve/CVE-2022-2526](The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2020-13529", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An exploitable denial-of-service vulnerability exi..." + }, + "fullDescription": { + "text": "An exploitable denial-of-service vulnerability exists in Systemd 245. A spe..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2020-13529", + "help": { + "text": "Vulnerability CVE-2020-13529\nSeverity: medium\nPackage: systemd-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13529](https://access.redhat.com/security/cve/CVE-2020-13529)\nAn exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", + "markdown": "**Vulnerability CVE-2020-13529**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|systemd-libs|any in centos 7.6.1810|[]()|CVE-2020-13529|[https://access.redhat.com/security/cve/CVE-2020-13529](An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-3821", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "An off-by-one Error issue was discovered in System..." + }, + "fullDescription": { + "text": "An off-by-one Error issue was discovered in Systemd in format_timespan() fu..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-3821", + "help": { + "text": "Vulnerability CVE-2022-3821\nSeverity: medium\nPackage: systemd-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-3821](https://access.redhat.com/security/cve/CVE-2022-3821)\nAn off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", + "markdown": "**Vulnerability CVE-2022-3821**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|systemd-libs|any in centos 7.6.1810|[]()|CVE-2022-3821|[https://access.redhat.com/security/cve/CVE-2022-3821](An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-4415", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "A vulnerability was found in systemd. This securit..." + }, + "fullDescription": { + "text": "A vulnerability was found in systemd. This security flaw can cause a local ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-4415", + "help": { + "text": "Vulnerability CVE-2022-4415\nSeverity: medium\nPackage: systemd-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-4415](https://access.redhat.com/security/cve/CVE-2022-4415)\nA vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", + "markdown": "**Vulnerability CVE-2022-4415**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|systemd-libs|any in centos 7.6.1810|[]()|CVE-2022-4415|[https://access.redhat.com/security/cve/CVE-2022-4415](A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-45873", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "systemd 250 and 251 allows local users to achieve ..." + }, + "fullDescription": { + "text": "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlo..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-45873", + "help": { + "text": "Vulnerability CVE-2022-45873\nSeverity: medium\nPackage: systemd-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45873](https://access.redhat.com/security/cve/CVE-2022-45873)\nsystemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", + "markdown": "**Vulnerability CVE-2022-45873**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|systemd-libs|any in centos 7.6.1810|[]()|CVE-2022-45873|[https://access.redhat.com/security/cve/CVE-2022-45873](systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-26604", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "systemd before 247 does not adequately block local..." + }, + "fullDescription": { + "text": "systemd before 247 does not adequately block local privilege escalation for..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-26604", + "help": { + "text": "Vulnerability CVE-2023-26604\nSeverity: medium\nPackage: systemd-libs\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-26604](https://access.redhat.com/security/cve/CVE-2023-26604)\nsystemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.", + "markdown": "**Vulnerability CVE-2023-26604**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|systemd-libs|any in centos 7.6.1810|[]()|CVE-2023-26604|[https://access.redhat.com/security/cve/CVE-2023-26604](systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2020:4007", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The systemd packages contain systemd, a system and..." + }, + "fullDescription": { + "text": "The systemd packages contain systemd, a system and service manager for Linu..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-20386", + "help": { + "text": "Vulnerability RHSA-2020:4007\nSeverity: low\nPackage: systemd-libs\nFixed Version: 219-78.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4007](https://access.redhat.com/security/cve/CVE-2019-20386)\nThe systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.", + "markdown": "**Vulnerability RHSA-2020:4007**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|systemd-libs|219-78.el7|[]()|RHSA-2020:4007|[https://access.redhat.com/security/cve/CVE-2019-20386](The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2019:2159", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The unzip utility is used to list, test, and extra..." + }, + "fullDescription": { + "text": "The unzip utility is used to list, test, and extract files from zip archive..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-18384", + "help": { + "text": "Vulnerability RHSA-2019:2159\nSeverity: low\nPackage: unzip\nFixed Version: 6.0-20.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2159](https://access.redhat.com/security/cve/CVE-2018-18384)\nThe unzip utility is used to list, test, and extract files from zip archives.", + "markdown": "**Vulnerability RHSA-2019:2159**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|unzip|6.0-20.el7|[]()|RHSA-2019:2159|[https://access.redhat.com/security/cve/CVE-2018-18384](The unzip utility is used to list, test, and extract files from zip archives.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2020:1181", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The unzip utility is used to list, test, and extra..." + }, + "fullDescription": { + "text": "The unzip utility is used to list, test, and extract files from zip archive..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-13232", + "help": { + "text": "Vulnerability RHSA-2020:1181\nSeverity: low\nPackage: unzip\nFixed Version: 6.0-21.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1181](https://access.redhat.com/security/cve/CVE-2019-13232)\nThe unzip utility is used to list, test, and extract files from zip archives.", + "markdown": "**Vulnerability RHSA-2020:1181**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|unzip|6.0-21.el7|[]()|RHSA-2020:1181|[https://access.redhat.com/security/cve/CVE-2019-13232](The unzip utility is used to list, test, and extract files from zip archives.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "RHSA-2019:1619", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Vim (Vi IMproved) is an updated and improved versi..." + }, + "fullDescription": { + "text": "Vim (Vi IMproved) is an updated and improved version of the vi editor." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2019-12735", + "help": { + "text": "Vulnerability RHSA-2019:1619\nSeverity: high\nPackage: vim-minimal\nFixed Version: 2:7.4.160-6.el7_6\nExploit Available: [http://www.exploit-db.com/exploits/46973](http://www.exploit-db.com/exploits/46973)\nExploit Type: local\nLink: [RHSA-2019:1619](https://access.redhat.com/security/cve/CVE-2019-12735)\nVim (Vi IMproved) is an updated and improved version of the vi editor.", + "markdown": "**Vulnerability RHSA-2019:1619**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|vim-minimal|2:7.4.160-6.el7_6|[http://www.exploit-db.com/exploits/46973](local)|RHSA-2019:1619|[https://access.redhat.com/security/cve/CVE-2019-12735](Vim (Vi IMproved) is an updated and improved version of the vi editor.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-1621", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Heap buffer overflow in vim_strncpy find_word in G..." + }, + "fullDescription": { + "text": "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-1621", + "help": { + "text": "Vulnerability CVE-2022-1621\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1621](https://access.redhat.com/security/cve/CVE-2022-1621)\nHeap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution", + "markdown": "**Vulnerability CVE-2022-1621**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-1621|[https://access.redhat.com/security/cve/CVE-2022-1621](Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3872", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "fullDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3872", + "help": { + "text": "Vulnerability CVE-2021-3872\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3872](https://access.redhat.com/security/cve/CVE-2021-3872)\nvim is vulnerable to Heap-based Buffer Overflow", + "markdown": "**Vulnerability CVE-2021-3872**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2021-3872|[https://access.redhat.com/security/cve/CVE-2021-3872](vim is vulnerable to Heap-based Buffer Overflow)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3778", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "fullDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3778", + "help": { + "text": "Vulnerability CVE-2021-3778\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3778](https://access.redhat.com/security/cve/CVE-2021-3778)\nvim is vulnerable to Heap-based Buffer Overflow", + "markdown": "**Vulnerability CVE-2021-3778**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2021-3778|[https://access.redhat.com/security/cve/CVE-2021-3778](vim is vulnerable to Heap-based Buffer Overflow)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-0359", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Heap-based Buffer Overflow in GitHub repository vi..." + }, + "fullDescription": { + "text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-0359", + "help": { + "text": "Vulnerability CVE-2022-0359\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0359](https://access.redhat.com/security/cve/CVE-2022-0359)\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", + "markdown": "**Vulnerability CVE-2022-0359**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-0359|[https://access.redhat.com/security/cve/CVE-2022-0359](Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3984", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "fullDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3984", + "help": { + "text": "Vulnerability CVE-2021-3984\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3984](https://access.redhat.com/security/cve/CVE-2021-3984)\nvim is vulnerable to Heap-based Buffer Overflow", + "markdown": "**Vulnerability CVE-2021-3984**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2021-3984|[https://access.redhat.com/security/cve/CVE-2021-3984](vim is vulnerable to Heap-based Buffer Overflow)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-4019", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "fullDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-4019", + "help": { + "text": "Vulnerability CVE-2021-4019\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4019](https://access.redhat.com/security/cve/CVE-2021-4019)\nvim is vulnerable to Heap-based Buffer Overflow", + "markdown": "**Vulnerability CVE-2021-4019**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2021-4019|[https://access.redhat.com/security/cve/CVE-2021-4019](vim is vulnerable to Heap-based Buffer Overflow)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-3796", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "vim is vulnerable to Use After Free" + }, + "fullDescription": { + "text": "vim is vulnerable to Use After Free" + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3796", + "help": { + "text": "Vulnerability CVE-2021-3796\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3796](https://access.redhat.com/security/cve/CVE-2021-3796)\nvim is vulnerable to Use After Free", + "markdown": "**Vulnerability CVE-2021-3796**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2021-3796|[https://access.redhat.com/security/cve/CVE-2021-3796](vim is vulnerable to Use After Free)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-4192", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "vim is vulnerable to Use After Free" + }, + "fullDescription": { + "text": "vim is vulnerable to Use After Free" + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-4192", + "help": { + "text": "Vulnerability CVE-2021-4192\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4192](https://access.redhat.com/security/cve/CVE-2021-4192)\nvim is vulnerable to Use After Free", + "markdown": "**Vulnerability CVE-2021-4192**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2021-4192|[https://access.redhat.com/security/cve/CVE-2021-4192](vim is vulnerable to Use After Free)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2021-4193", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "vim is vulnerable to Out-of-bounds Read" + }, + "fullDescription": { + "text": "vim is vulnerable to Out-of-bounds Read" + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-4193", + "help": { + "text": "Vulnerability CVE-2021-4193\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4193](https://access.redhat.com/security/cve/CVE-2021-4193)\nvim is vulnerable to Out-of-bounds Read", + "markdown": "**Vulnerability CVE-2021-4193**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2021-4193|[https://access.redhat.com/security/cve/CVE-2021-4193](vim is vulnerable to Out-of-bounds Read)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-1629", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Buffer Over-read in function find_next_quote in Gi..." + }, + "fullDescription": { + "text": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim p..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-1629", + "help": { + "text": "Vulnerability CVE-2022-1629\nSeverity: medium\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1629](https://access.redhat.com/security/cve/CVE-2022-1629)\nBuffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution", + "markdown": "**Vulnerability CVE-2022-1629**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-1629|[https://access.redhat.com/security/cve/CVE-2022-1629](Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2022-3591", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Use After Free in GitHub repository vim/vim prior ..." + }, + "fullDescription": { + "text": "Use After Free in GitHub repository vim/vim prior to 9.0.0789." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-3591", + "help": { + "text": "Vulnerability CVE-2022-3591\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-3591](https://access.redhat.com/security/cve/CVE-2022-3591)\nUse After Free in GitHub repository vim/vim prior to 9.0.0789.", + "markdown": "**Vulnerability CVE-2022-3591**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-3591|[https://access.redhat.com/security/cve/CVE-2022-3591](Use After Free in GitHub repository vim/vim prior to 9.0.0789.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-4069", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "vim is vulnerable to Use After Free" + }, + "fullDescription": { + "text": "vim is vulnerable to Use After Free" + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-4069", + "help": { + "text": "Vulnerability CVE-2021-4069\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4069](https://access.redhat.com/security/cve/CVE-2021-4069)\nvim is vulnerable to Use After Free", + "markdown": "**Vulnerability CVE-2021-4069**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2021-4069|[https://access.redhat.com/security/cve/CVE-2021-4069](vim is vulnerable to Use After Free)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2021-3903", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "fullDescription": { + "text": "vim is vulnerable to Heap-based Buffer Overflow" + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2021-3903", + "help": { + "text": "Vulnerability CVE-2021-3903\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3903](https://access.redhat.com/security/cve/CVE-2021-3903)\nvim is vulnerable to Heap-based Buffer Overflow", + "markdown": "**Vulnerability CVE-2021-3903**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2021-3903|[https://access.redhat.com/security/cve/CVE-2021-3903](vim is vulnerable to Heap-based Buffer Overflow)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-2231", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "NULL Pointer Dereference in GitHub repository vim/..." + }, + "fullDescription": { + "text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2231", + "help": { + "text": "Vulnerability CVE-2022-2231\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2231](https://access.redhat.com/security/cve/CVE-2022-2231)\nNULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.", + "markdown": "**Vulnerability CVE-2022-2231**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-2231|[https://access.redhat.com/security/cve/CVE-2022-2231](NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-2288", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Out-of-bounds Write in GitHub repository vim/vim p..." + }, + "fullDescription": { + "text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2288", + "help": { + "text": "Vulnerability CVE-2022-2288\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2288](https://access.redhat.com/security/cve/CVE-2022-2288)\nOut-of-bounds Write in GitHub repository vim/vim prior to 9.0.", + "markdown": "**Vulnerability CVE-2022-2288**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-2288|[https://access.redhat.com/security/cve/CVE-2022-2288](Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-2289", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Use After Free in GitHub repository vim/vim prior ..." + }, + "fullDescription": { + "text": "Use After Free in GitHub repository vim/vim prior to 9.0." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2289", + "help": { + "text": "Vulnerability CVE-2022-2289\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2289](https://access.redhat.com/security/cve/CVE-2022-2289)\nUse After Free in GitHub repository vim/vim prior to 9.0.", + "markdown": "**Vulnerability CVE-2022-2289**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-2289|[https://access.redhat.com/security/cve/CVE-2022-2289](Use After Free in GitHub repository vim/vim prior to 9.0.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-2571", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Heap-based Buffer Overflow in GitHub repository vi..." + }, + "fullDescription": { + "text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2571", + "help": { + "text": "Vulnerability CVE-2022-2571\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2571](https://access.redhat.com/security/cve/CVE-2022-2571)\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.", + "markdown": "**Vulnerability CVE-2022-2571**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-2571|[https://access.redhat.com/security/cve/CVE-2022-2571](Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-2580", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Heap-based Buffer Overflow in GitHub repository vi..." + }, + "fullDescription": { + "text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2580", + "help": { + "text": "Vulnerability CVE-2022-2580\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2580](https://access.redhat.com/security/cve/CVE-2022-2580)\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.", + "markdown": "**Vulnerability CVE-2022-2580**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-2580|[https://access.redhat.com/security/cve/CVE-2022-2580](Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-2581", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Out-of-bounds Read in GitHub repository vim/vim pr..." + }, + "fullDescription": { + "text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2581", + "help": { + "text": "Vulnerability CVE-2022-2581\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2581](https://access.redhat.com/security/cve/CVE-2022-2581)\nOut-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.", + "markdown": "**Vulnerability CVE-2022-2581**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-2581|[https://access.redhat.com/security/cve/CVE-2022-2581](Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-2598", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Out-of-bounds Write to API in GitHub repository vi..." + }, + "fullDescription": { + "text": "Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2598", + "help": { + "text": "Vulnerability CVE-2022-2598\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2598](https://access.redhat.com/security/cve/CVE-2022-2598)\nOut-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n\n", + "markdown": "**Vulnerability CVE-2022-2598**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-2598|[https://access.redhat.com/security/cve/CVE-2022-2598](Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n\n)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-2816", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Out-of-bounds Read in GitHub repository vim/vim pr..." + }, + "fullDescription": { + "text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-2816", + "help": { + "text": "Vulnerability CVE-2022-2816\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2816](https://access.redhat.com/security/cve/CVE-2022-2816)\nOut-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.", + "markdown": "**Vulnerability CVE-2022-2816**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-2816|[https://access.redhat.com/security/cve/CVE-2022-2816](Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-3520", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Heap-based Buffer Overflow in GitHub repository vi..." + }, + "fullDescription": { + "text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-3520", + "help": { + "text": "Vulnerability CVE-2022-3520\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-3520](https://access.redhat.com/security/cve/CVE-2022-3520)\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.", + "markdown": "**Vulnerability CVE-2022-3520**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-3520|[https://access.redhat.com/security/cve/CVE-2022-3520](Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2022-1154", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "Use after free in utf_ptr2char in GitHub repositor..." + }, + "fullDescription": { + "text": "Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.46..." + }, + "defaultConfiguration": { + "level": "note" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-1154", + "help": { + "text": "Vulnerability CVE-2022-1154\nSeverity: low\nPackage: vim-minimal\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1154](https://access.redhat.com/security/cve/CVE-2022-1154)\nUse after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.", + "markdown": "**Vulnerability CVE-2022-1154**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|low|vim-minimal|any in centos 7.6.1810|[]()|CVE-2022-1154|[https://access.redhat.com/security/cve/CVE-2022-1154](Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "low" + ] + } + }, + { + "id": "CVE-2013-4002", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "XMLscanner.java in Apache Xerces2 Java Parser befo..." + }, + "fullDescription": { + "text": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2013-4002", + "help": { + "text": "Vulnerability CVE-2013-4002\nSeverity: high\nPackage: xercesImpl\nFixed Version: 2.12.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2013-4002](https://nvd.nist.gov/vuln/detail/CVE-2013-4002)\nXMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.", + "markdown": "**Vulnerability CVE-2013-4002**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|xercesImpl|2.12.0|[]()|CVE-2013-4002|[https://nvd.nist.gov/vuln/detail/CVE-2013-4002](XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "CVE-2022-23437", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "There\u0026#39;s a vulnerability within the Apache Xerces J..." + }, + "fullDescription": { + "text": "There\u0026#39;s a vulnerability within the Apache Xerces Java (XercesJ) XML parser ..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", + "help": { + "text": "Vulnerability CVE-2022-23437\nSeverity: medium\nPackage: xercesImpl\nFixed Version: 2.12.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23437](https://nvd.nist.gov/vuln/detail/CVE-2022-23437)\nThere's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.", + "markdown": "**Vulnerability CVE-2022-23437**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|xercesImpl|2.12.2|[]()|CVE-2022-23437|[https://nvd.nist.gov/vuln/detail/CVE-2022-23437](There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2020-14338", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "A flaw was found in Wildfly\u0026#39;s implementation of Xe..." + }, + "fullDescription": { + "text": "A flaw was found in Wildfly\u0026#39;s implementation of Xerces, specifically in the..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338", + "help": { + "text": "Vulnerability CVE-2020-14338\nSeverity: medium\nPackage: xercesImpl\nFixed Version: 2.12.0.SP3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-14338](https://nvd.nist.gov/vuln/detail/CVE-2020-14338)\nA flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.", + "markdown": "**Vulnerability CVE-2020-14338**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|xercesImpl|2.12.0.SP3|[]()|CVE-2020-14338|[https://nvd.nist.gov/vuln/detail/CVE-2020-14338](A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "RHSA-2022:5052", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "XZ Utils is an integrated collection of user-space..." + }, + "fullDescription": { + "text": "XZ Utils is an integrated collection of user-space file compression utiliti..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-1271", + "help": { + "text": "Vulnerability RHSA-2022:5052\nSeverity: high\nPackage: xz-libs\nFixed Version: 5.2.2-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5052](https://access.redhat.com/security/cve/CVE-2022-1271)\nXZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.", + "markdown": "**Vulnerability RHSA-2022:5052**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|xz-libs|5.2.2-2.el7_9|[]()|RHSA-2022:5052|[https://access.redhat.com/security/cve/CVE-2022-1271](XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2022:2213", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The zlib packages provide a general-purpose lossle..." + }, + "fullDescription": { + "text": "The zlib packages provide a general-purpose lossless data compression libra..." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2018-25032", + "help": { + "text": "Vulnerability RHSA-2022:2213\nSeverity: high\nPackage: zlib\nFixed Version: 1.2.7-20.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:2213](https://access.redhat.com/security/cve/CVE-2018-25032)\nThe zlib packages provide a general-purpose lossless data compression library that is used by many different programs.", + "markdown": "**Vulnerability RHSA-2022:2213**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|high|zlib|1.2.7-20.el7_9|[]()|RHSA-2022:2213|[https://access.redhat.com/security/cve/CVE-2018-25032](The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "high" + ] + } + }, + { + "id": "RHSA-2023:1095", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "The zlib packages provide a general-purpose lossle..." + }, + "fullDescription": { + "text": "The zlib packages provide a general-purpose lossless data compression libra..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2022-37434", + "help": { + "text": "Vulnerability RHSA-2023:1095\nSeverity: medium\nPackage: zlib\nFixed Version: 1.2.7-21.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1095](https://access.redhat.com/security/cve/CVE-2022-37434)\nThe zlib packages provide a general-purpose lossless data compression library that is used by many different programs.", + "markdown": "**Vulnerability RHSA-2023:1095**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|zlib|1.2.7-21.el7_9|[]()|RHSA-2023:1095|[https://access.redhat.com/security/cve/CVE-2022-37434](The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + }, + { + "id": "CVE-2023-45853", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "MiniZip in zlib through 1.3 has an integer overflo..." + }, + "fullDescription": { + "text": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-base..." + }, + "defaultConfiguration": { + "level": "warning" + }, + "helpUri": "https://access.redhat.com/security/cve/CVE-2023-45853", + "help": { + "text": "Vulnerability CVE-2023-45853\nSeverity: medium\nPackage: zlib\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-45853](https://access.redhat.com/security/cve/CVE-2023-45853)\nMiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.", + "markdown": "**Vulnerability CVE-2023-45853**\n| Severity | Package | Fixed Version | Exploit Available | Exploit Type | Link |\n| --- | --- | --- | --- | --- | --- |\n|medium|zlib|any in centos 7.6.1810|[]()|CVE-2023-45853|[https://access.redhat.com/security/cve/CVE-2023-45853](MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.)|\n\n%!v(MISSING)" + }, + "properties": { + "precision": "very-high", + "security-severity": "0.0", + "tags": [ + "vulnerability", + "security", + "medium" + ] + } + } + ], + "version": "" + } + }, + "results": [ + { + "ruleId": "CVE-2020-7662", + "ruleIndex": 0, + "level": "error", + "message": { + "text": "Package: angular.js\nInstalled Version: 1.2.1\nVulnerability CVE-2020-7662\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-7662](https://nvd.nist.gov/vuln/detail/CVE-2020-7662)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js: angular.js@1.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2022-25869", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "Package: angular.js\nInstalled Version: 1.2.1\nVulnerability CVE-2022-25869\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-25869](https://nvd.nist.gov/vuln/detail/CVE-2022-25869)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js: angular.js@1.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2023-26116", + "ruleIndex": 2, + "level": "warning", + "message": { + "text": "Package: angular.js\nInstalled Version: 1.2.1\nVulnerability CVE-2023-26116\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-26116](https://nvd.nist.gov/vuln/detail/CVE-2023-26116)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js: angular.js@1.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2023-26117", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Package: angular.js\nInstalled Version: 1.2.1\nVulnerability CVE-2023-26117\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-26117](https://nvd.nist.gov/vuln/detail/CVE-2023-26117)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js: angular.js@1.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2023-26118", + "ruleIndex": 4, + "level": "warning", + "message": { + "text": "Package: angular.js\nInstalled Version: 1.2.1\nVulnerability CVE-2023-26118\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-26118](https://nvd.nist.gov/vuln/detail/CVE-2023-26118)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js: angular.js@1.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-14863", + "ruleIndex": 5, + "level": "warning", + "message": { + "text": "Package: angular.js\nInstalled Version: 1.2.1\nVulnerability CVE-2019-14863\nSeverity: medium\nFixed Version: 1.5.0-beta.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14863](https://nvd.nist.gov/vuln/detail/CVE-2019-14863)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js: angular.js@1.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-7676", + "ruleIndex": 6, + "level": "warning", + "message": { + "text": "Package: angular.js\nInstalled Version: 1.2.1\nVulnerability CVE-2020-7676\nSeverity: medium\nFixed Version: 1.8.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-7676](https://nvd.nist.gov/vuln/detail/CVE-2020-7676)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:angular.min.js: angular.js@1.2.1" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1113", + "ruleIndex": 7, + "level": "warning", + "message": { + "text": "Package: bash\nInstalled Version: 4.2.46-31.el7\nVulnerability RHSA-2020:1113\nSeverity: medium\nFixed Version: 4.2.46-34.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1113](https://access.redhat.com/security/cve/CVE-2019-9924)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bash", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bash@4.2.46-31.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:2344", + "ruleIndex": 8, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2020:2344\nSeverity: high\nFixed Version: 32:9.11.4-16.P2.el7_8.6\nExploit Available: [http://www.exploit-db.com/exploits/48521](http://www.exploit-db.com/exploits/48521)\nExploit Type: dos\nLink: [RHSA-2020:2344](https://access.redhat.com/security/cve/CVE-2020-8616)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:6765", + "ruleIndex": 9, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2022:6765\nSeverity: high\nFixed Version: 32:9.11.4-26.P2.el7_9.10\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:6765](https://access.redhat.com/security/cve/CVE-2022-38178)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1294", + "ruleIndex": 10, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2019:1294\nSeverity: high\nFixed Version: 32:9.9.4-74.el7_6.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1294](https://access.redhat.com/security/cve/CVE-2018-5743)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2023-50868", + "ruleIndex": 11, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability CVE-2023-50868\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-50868](https://access.redhat.com/security/cve/CVE-2023-50868)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2023-50387", + "ruleIndex": 12, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability CVE-2023-50387\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-50387](https://access.redhat.com/security/cve/CVE-2023-50387)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:0671", + "ruleIndex": 13, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2021:0671\nSeverity: high\nFixed Version: 32:9.11.4-26.P2.el7_9.4\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:0671](https://access.redhat.com/security/cve/CVE-2020-8625)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2023-4408", + "ruleIndex": 14, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability CVE-2023-4408\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-4408](https://access.redhat.com/security/cve/CVE-2023-4408)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:1469", + "ruleIndex": 15, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2021:1469\nSeverity: high\nFixed Version: 32:9.11.4-26.P2.el7_9.5\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1469](https://access.redhat.com/security/cve/CVE-2021-25215)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:5691", + "ruleIndex": 16, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2023:5691\nSeverity: high\nFixed Version: 32:9.11.4-26.P2.el7_9.15\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:5691](https://access.redhat.com/security/cve/CVE-2023-3341)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:4152", + "ruleIndex": 17, + "level": "error", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2023:4152\nSeverity: high\nFixed Version: 32:9.11.4-26.P2.el7_9.14\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:4152](https://access.redhat.com/security/cve/CVE-2023-2828)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:5011", + "ruleIndex": 18, + "level": "warning", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2020:5011\nSeverity: medium\nFixed Version: 32:9.11.4-26.P2.el7_9.2\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5011](https://access.redhat.com/security/cve/CVE-2020-8623)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:0402", + "ruleIndex": 19, + "level": "warning", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2023:0402\nSeverity: medium\nFixed Version: 32:9.11.4-26.P2.el7_9.13\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:0402](https://access.redhat.com/security/cve/CVE-2021-25220)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2021-25219", + "ruleIndex": 20, + "level": "warning", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability CVE-2021-25219\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-25219](https://access.redhat.com/security/cve/CVE-2021-25219)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:3325", + "ruleIndex": 21, + "level": "warning", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2021:3325\nSeverity: medium\nFixed Version: 32:9.11.4-26.P2.el7_9.7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3325](https://access.redhat.com/security/cve/CVE-2021-25214)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2057", + "ruleIndex": 22, + "level": "warning", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2019:2057\nSeverity: medium\nFixed Version: 32:9.11.4-9.P2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2057](https://access.redhat.com/security/cve/CVE-2018-5741)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1061", + "ruleIndex": 23, + "level": "warning", + "message": { + "text": "Package: bind-license\nInstalled Version: 32:9.9.4-73.el7_6\nVulnerability RHSA-2020:1061\nSeverity: medium\nFixed Version: 32:9.11.4-16.P2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1061](https://access.redhat.com/security/cve/CVE-2019-6477)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bind-license", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bind-license@32:9.9.4-73.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2075", + "ruleIndex": 24, + "level": "warning", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability RHSA-2019:2075\nSeverity: medium\nFixed Version: 2.27-41.base.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2075](https://access.redhat.com/security/cve/CVE-2018-1000876)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-16590", + "ruleIndex": 25, + "level": "warning", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2020-16590\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16590](https://access.redhat.com/security/cve/CVE-2020-16590)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-16592", + "ruleIndex": 26, + "level": "warning", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2020-16592\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16592](https://access.redhat.com/security/cve/CVE-2020-16592)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-20197", + "ruleIndex": 27, + "level": "warning", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2021-20197\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20197](https://access.redhat.com/security/cve/CVE-2021-20197)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-20294", + "ruleIndex": 28, + "level": "warning", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2021-20294\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20294](https://access.redhat.com/security/cve/CVE-2021-20294)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-37322", + "ruleIndex": 29, + "level": "warning", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2021-37322\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37322](https://access.redhat.com/security/cve/CVE-2021-37322)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2021:4033", + "ruleIndex": 30, + "level": "warning", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability RHSA-2021:4033\nSeverity: medium\nFixed Version: 2.27-44.base.el7_9.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4033](https://access.redhat.com/security/cve/CVE-2021-42574)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2019-17450", + "ruleIndex": 31, + "level": "note", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2019-17450\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-17450](https://access.redhat.com/security/cve/CVE-2019-17450)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-16591", + "ruleIndex": 32, + "level": "note", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2020-16591\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16591](https://access.redhat.com/security/cve/CVE-2020-16591)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-16593", + "ruleIndex": 33, + "level": "note", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2020-16593\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16593](https://access.redhat.com/security/cve/CVE-2020-16593)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-16599", + "ruleIndex": 34, + "level": "note", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2020-16599\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-16599](https://access.redhat.com/security/cve/CVE-2020-16599)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-35448", + "ruleIndex": 35, + "level": "note", + "message": { + "text": "Package: binutils\nInstalled Version: 2.27-34.base.el7\nVulnerability CVE-2020-35448\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35448](https://access.redhat.com/security/cve/CVE-2020-35448)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "binutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": binutils@2.27-34.base.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:0203", + "ruleIndex": 36, + "level": "error", + "message": { + "text": "Package: bsdtar\nInstalled Version: 3.1.2-10.el7_2\nVulnerability RHSA-2020:0203\nSeverity: high\nFixed Version: 3.1.2-14.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:0203](https://access.redhat.com/security/cve/CVE-2019-18408)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bsdtar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bsdtar@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2298", + "ruleIndex": 37, + "level": "warning", + "message": { + "text": "Package: bsdtar\nInstalled Version: 3.1.2-10.el7_2\nVulnerability RHSA-2019:2298\nSeverity: medium\nFixed Version: 3.1.2-12.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2298](https://access.redhat.com/security/cve/CVE-2018-1000878)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bsdtar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bsdtar@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "CVE-2021-23177", + "ruleIndex": 38, + "level": "warning", + "message": { + "text": "Package: bsdtar\nInstalled Version: 3.1.2-10.el7_2\nVulnerability CVE-2021-23177\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-23177](https://access.redhat.com/security/cve/CVE-2021-23177)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bsdtar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bsdtar@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "CVE-2021-31566", + "ruleIndex": 39, + "level": "warning", + "message": { + "text": "Package: bsdtar\nInstalled Version: 3.1.2-10.el7_2\nVulnerability CVE-2021-31566\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-31566](https://access.redhat.com/security/cve/CVE-2021-31566)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bsdtar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bsdtar@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "CVE-2022-36227", + "ruleIndex": 40, + "level": "note", + "message": { + "text": "Package: bsdtar\nInstalled Version: 3.1.2-10.el7_2\nVulnerability CVE-2022-36227\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-36227](https://access.redhat.com/security/cve/CVE-2022-36227)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bsdtar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": bsdtar@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "CVE-2023-37920", + "ruleIndex": 41, + "level": "note", + "message": { + "text": "Package: ca-certificates\nInstalled Version: 2018.2.22-70.0.el7_5\nVulnerability CVE-2023-37920\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-37920](https://access.redhat.com/security/cve/CVE-2023-37920)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ca-certificates", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ca-certificates@2018.2.22-70.0.el7_5" + } + } + ] + }, + { + "ruleId": "CVE-2019-14540", + "ruleIndex": 42, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-14540\nSeverity: critical\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14540](https://nvd.nist.gov/vuln/detail/CVE-2019-14540)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-17531", + "ruleIndex": 43, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-17531\nSeverity: critical\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-17531](https://nvd.nist.gov/vuln/detail/CVE-2019-17531)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2017-17485", + "ruleIndex": 44, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2017-17485\nSeverity: critical\nFixed Version: 2.7.9.2, 2.8.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-17485](https://nvd.nist.gov/vuln/detail/CVE-2017-17485)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-9547", + "ruleIndex": 45, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-9547\nSeverity: critical\nFixed Version: 2.7.9.7, 2.8.11.6, 2.9.10.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-9547](https://nvd.nist.gov/vuln/detail/CVE-2020-9547)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-16335", + "ruleIndex": 46, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-16335\nSeverity: critical\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-16335](https://nvd.nist.gov/vuln/detail/CVE-2019-16335)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-16943", + "ruleIndex": 47, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-16943\nSeverity: critical\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-16943](https://nvd.nist.gov/vuln/detail/CVE-2019-16943)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-9548", + "ruleIndex": 48, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-9548\nSeverity: critical\nFixed Version: 2.7.9.7, 2.8.11.6, 2.9.10.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-9548](https://nvd.nist.gov/vuln/detail/CVE-2020-9548)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2018-14718", + "ruleIndex": 49, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2018-14718\nSeverity: critical\nFixed Version: 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.7\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-14718](https://nvd.nist.gov/vuln/detail/CVE-2018-14718)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-16942", + "ruleIndex": 50, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-16942\nSeverity: critical\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-16942](https://nvd.nist.gov/vuln/detail/CVE-2019-16942)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-14892", + "ruleIndex": 51, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-14892\nSeverity: critical\nFixed Version: 2.6.7.3, 2.8.11.5, 2.9.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14892](https://nvd.nist.gov/vuln/detail/CVE-2019-14892)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2018-19362", + "ruleIndex": 52, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2018-19362\nSeverity: critical\nFixed Version: 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-19362](https://nvd.nist.gov/vuln/detail/CVE-2018-19362)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2018-7489", + "ruleIndex": 53, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2018-7489\nSeverity: critical\nFixed Version: 2.6.7.5, 2.7.9.3, 2.8.11.1, 2.9.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-7489](https://nvd.nist.gov/vuln/detail/CVE-2018-7489)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-17267", + "ruleIndex": 54, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-17267\nSeverity: critical\nFixed Version: 2.8.11.5, 2.9.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-17267](https://nvd.nist.gov/vuln/detail/CVE-2019-17267)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2017-7525", + "ruleIndex": 55, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2017-7525\nSeverity: critical\nFixed Version: 2.6.7.1, 2.7.9.1, 2.8.9\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-7525](https://nvd.nist.gov/vuln/detail/CVE-2017-7525)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2018-14719", + "ruleIndex": 56, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2018-14719\nSeverity: critical\nFixed Version: 2.7.9.5, 2.8.11.3, 2.9.7\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-14719](https://nvd.nist.gov/vuln/detail/CVE-2018-14719)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-20330", + "ruleIndex": 57, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-20330\nSeverity: critical\nFixed Version: 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-20330](https://nvd.nist.gov/vuln/detail/CVE-2019-20330)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2018-11307", + "ruleIndex": 58, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2018-11307\nSeverity: critical\nFixed Version: 2.7.9.4, 2.8.11.2, 2.9.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-11307](https://nvd.nist.gov/vuln/detail/CVE-2018-11307)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-8840", + "ruleIndex": 59, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-8840\nSeverity: critical\nFixed Version: 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8840](https://nvd.nist.gov/vuln/detail/CVE-2020-8840)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-14379", + "ruleIndex": 60, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-14379\nSeverity: critical\nFixed Version: 2.7.9.6, 2.8.11.4, 2.9.9.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14379](https://nvd.nist.gov/vuln/detail/CVE-2019-14379)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2017-15095", + "ruleIndex": 61, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2017-15095\nSeverity: critical\nFixed Version: 2.6.7.3, 2.7.9.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-15095](https://nvd.nist.gov/vuln/detail/CVE-2017-15095)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-24750", + "ruleIndex": 62, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-24750\nSeverity: high\nFixed Version: 2.6.7.5, 2.9.10.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-24750](https://nvd.nist.gov/vuln/detail/CVE-2020-24750)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2018-5968", + "ruleIndex": 63, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2018-5968\nSeverity: high\nFixed Version: 2.7.9.5, 2.8.11.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-5968](https://nvd.nist.gov/vuln/detail/CVE-2018-5968)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36188", + "ruleIndex": 64, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36188\nSeverity: high\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36188](https://nvd.nist.gov/vuln/detail/CVE-2020-36188)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-10650", + "ruleIndex": 65, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-10650\nSeverity: high\nFixed Version: 2.9.10.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10650](https://nvd.nist.gov/vuln/detail/CVE-2020-10650)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36186", + "ruleIndex": 66, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36186\nSeverity: high\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36186](https://nvd.nist.gov/vuln/detail/CVE-2020-36186)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2021-20190", + "ruleIndex": 67, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2021-20190\nSeverity: high\nFixed Version: 2.6.7.5, 2.9.10.7\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20190](https://nvd.nist.gov/vuln/detail/CVE-2021-20190)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36182", + "ruleIndex": 68, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36182\nSeverity: high\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36182](https://nvd.nist.gov/vuln/detail/CVE-2020-36182)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36189", + "ruleIndex": 69, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36189\nSeverity: high\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36189](https://nvd.nist.gov/vuln/detail/CVE-2020-36189)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-35490", + "ruleIndex": 70, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-35490\nSeverity: high\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35490](https://nvd.nist.gov/vuln/detail/CVE-2020-35490)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-24616", + "ruleIndex": 71, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-24616\nSeverity: high\nFixed Version: 2.9.10.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-24616](https://nvd.nist.gov/vuln/detail/CVE-2020-24616)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-10673", + "ruleIndex": 72, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-10673\nSeverity: high\nFixed Version: 2.6.7.4, 2.9.10.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10673](https://nvd.nist.gov/vuln/detail/CVE-2020-10673)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36184", + "ruleIndex": 73, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36184\nSeverity: high\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36184](https://nvd.nist.gov/vuln/detail/CVE-2020-36184)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36181", + "ruleIndex": 74, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36181\nSeverity: high\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36181](https://nvd.nist.gov/vuln/detail/CVE-2020-36181)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2018-12022", + "ruleIndex": 75, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2018-12022\nSeverity: high\nFixed Version: 2.7.9.4, 2.8.11.2, 2.9.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-12022](https://nvd.nist.gov/vuln/detail/CVE-2018-12022)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36185", + "ruleIndex": 76, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36185\nSeverity: high\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36185](https://nvd.nist.gov/vuln/detail/CVE-2020-36185)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36179", + "ruleIndex": 77, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36179\nSeverity: high\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36179](https://nvd.nist.gov/vuln/detail/CVE-2020-36179)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-12086", + "ruleIndex": 78, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-12086\nSeverity: high\nFixed Version: 2.6.7.3, 2.7.9.6, 2.8.11.4, 2.9.9\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12086](https://nvd.nist.gov/vuln/detail/CVE-2019-12086)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-35491", + "ruleIndex": 79, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-35491\nSeverity: high\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35491](https://nvd.nist.gov/vuln/detail/CVE-2020-35491)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-35728", + "ruleIndex": 80, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-35728\nSeverity: high\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35728](https://nvd.nist.gov/vuln/detail/CVE-2020-35728)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36518", + "ruleIndex": 81, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36518\nSeverity: high\nFixed Version: 2.12.6.1, 2.13.2.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36187", + "ruleIndex": 82, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36187\nSeverity: high\nFixed Version: 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36187](https://nvd.nist.gov/vuln/detail/CVE-2020-36187)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36183", + "ruleIndex": 83, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36183\nSeverity: high\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36183](https://nvd.nist.gov/vuln/detail/CVE-2020-36183)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2020-36180", + "ruleIndex": 84, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2020-36180\nSeverity: high\nFixed Version: 2.6.7.5, 2.9.10.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36180](https://nvd.nist.gov/vuln/detail/CVE-2020-36180)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2022-42004", + "ruleIndex": 85, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2022-42004\nSeverity: high\nFixed Version: 2.12.7.1, 2.13.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42004](https://nvd.nist.gov/vuln/detail/CVE-2022-42004)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2022-42003", + "ruleIndex": 86, + "level": "error", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2022-42003\nSeverity: high\nFixed Version: 2.12.7.1, 2.13.4.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42003](https://nvd.nist.gov/vuln/detail/CVE-2022-42003)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-12384", + "ruleIndex": 87, + "level": "warning", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-12384\nSeverity: medium\nFixed Version: 2.6.7.3, 2.7.9.6, 2.8.11.4, 2.9.9.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12384](https://nvd.nist.gov/vuln/detail/CVE-2019-12384)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2019-12814", + "ruleIndex": 88, + "level": "warning", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2019-12814\nSeverity: medium\nFixed Version: 2.6.7.3, 2.7.9.6, 2.8.11.4, 2.9.9.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12814](https://nvd.nist.gov/vuln/detail/CVE-2019-12814)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2018-1000873", + "ruleIndex": 89, + "level": "warning", + "message": { + "text": "Package: jackson-databind\nInstalled Version: 2.5.1\nVulnerability CVE-2018-1000873\nSeverity: medium\nFixed Version: 2.9.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1000873](https://nvd.nist.gov/vuln/detail/CVE-2018-1000873)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/fasterxml/jackson/core/jackson-databind/main/jackson-databind-2.5.1.jar: jackson-databind@2.5.1" + } + } + ] + }, + { + "ruleId": "CVE-2023-2976", + "ruleIndex": 90, + "level": "error", + "message": { + "text": "Package: guava\nInstalled Version: 18.0\nVulnerability CVE-2023-2976\nSeverity: high\nFixed Version: 32.0.0-android\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2976](https://nvd.nist.gov/vuln/detail/CVE-2023-2976)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/google/guava/main/guava-18.0.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/google/guava/main/guava-18.0.jar: guava@18.0" + } + } + ] + }, + { + "ruleId": "CVE-2018-10237", + "ruleIndex": 91, + "level": "warning", + "message": { + "text": "Package: guava\nInstalled Version: 18.0\nVulnerability CVE-2018-10237\nSeverity: medium\nFixed Version: 24.1.1-android\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-10237](https://nvd.nist.gov/vuln/detail/CVE-2018-10237)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/google/guava/main/guava-18.0.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/google/guava/main/guava-18.0.jar: guava@18.0" + } + } + ] + }, + { + "ruleId": "CVE-2020-8908", + "ruleIndex": 92, + "level": "note", + "message": { + "text": "Package: guava\nInstalled Version: 18.0\nVulnerability CVE-2020-8908\nSeverity: low\nFixed Version: 32.0.0-android\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8908](https://nvd.nist.gov/vuln/detail/CVE-2020-8908)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/google/guava/main/guava-18.0.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/google/guava/main/guava-18.0.jar: guava@18.0" + } + } + ] + }, + { + "ruleId": "CVE-2021-42392", + "ruleIndex": 93, + "level": "error", + "message": { + "text": "Package: h2\nInstalled Version: 1.3.173\nVulnerability CVE-2021-42392\nSeverity: critical\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-42392](https://nvd.nist.gov/vuln/detail/CVE-2021-42392)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/h2database/h2/main/h2-1.3.173.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/h2database/h2/main/h2-1.3.173.jar: h2@1.3.173" + } + } + ] + }, + { + "ruleId": "CVE-2022-23221", + "ruleIndex": 94, + "level": "error", + "message": { + "text": "Package: h2\nInstalled Version: 1.3.173\nVulnerability CVE-2022-23221\nSeverity: critical\nFixed Version: 2.0.206\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23221](https://nvd.nist.gov/vuln/detail/CVE-2022-23221)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/h2database/h2/main/h2-1.3.173.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/h2database/h2/main/h2-1.3.173.jar: h2@1.3.173" + } + } + ] + }, + { + "ruleId": "CVE-2022-45868", + "ruleIndex": 95, + "level": "error", + "message": { + "text": "Package: h2\nInstalled Version: 1.3.173\nVulnerability CVE-2022-45868\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45868](https://nvd.nist.gov/vuln/detail/CVE-2022-45868)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/com/h2database/h2/main/h2-1.3.173.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/com/h2database/h2/main/h2-1.3.173.jar: h2@1.3.173" + } + } + ] + }, + { + "ruleId": "CVE-2014-0114", + "ruleIndex": 96, + "level": "error", + "message": { + "text": "Package: commons-beanutils-core\nInstalled Version: 1.8.3\nVulnerability CVE-2014-0114\nSeverity: high\nFixed Version: \nExploit Available: [http://www.exploit-db.com/exploits/41690](http://www.exploit-db.com/exploits/41690)\nExploit Type: remote\nLink: [CVE-2014-0114](https://nvd.nist.gov/vuln/detail/CVE-2014-0114)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/beanutils/main/commons-beanutils-core-1.8.3.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/beanutils/main/commons-beanutils-core-1.8.3.jar: commons-beanutils-core@1.8.3" + } + } + ] + }, + { + "ruleId": "CVE-2015-4852", + "ruleIndex": 97, + "level": "error", + "message": { + "text": "Package: commons-collections\nInstalled Version: 3.2.1\nVulnerability CVE-2015-4852\nSeverity: critical\nFixed Version: 3.2.2\nExploit Available: [http://www.exploit-db.com/exploits/42806](http://www.exploit-db.com/exploits/42806)\nExploit Type: remote\nLink: [CVE-2015-4852](https://nvd.nist.gov/vuln/detail/CVE-2015-4852)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/collections/main/commons-collections-3.2.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/collections/main/commons-collections-3.2.1.jar: commons-collections@3.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2015-7501", + "ruleIndex": 98, + "level": "error", + "message": { + "text": "Package: commons-collections\nInstalled Version: 3.2.1\nVulnerability CVE-2015-7501\nSeverity: critical\nFixed Version: 3.2.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-7501](https://nvd.nist.gov/vuln/detail/CVE-2015-7501)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/collections/main/commons-collections-3.2.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/collections/main/commons-collections-3.2.1.jar: commons-collections@3.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2017-15708", + "ruleIndex": 99, + "level": "error", + "message": { + "text": "Package: commons-collections\nInstalled Version: 3.2.1\nVulnerability CVE-2017-15708\nSeverity: critical\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-15708](https://nvd.nist.gov/vuln/detail/CVE-2017-15708)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/collections/main/commons-collections-3.2.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/collections/main/commons-collections-3.2.1.jar: commons-collections@3.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2015-6420", + "ruleIndex": 100, + "level": "error", + "message": { + "text": "Package: commons-collections\nInstalled Version: 3.2.1\nVulnerability CVE-2015-6420\nSeverity: high\nFixed Version: 3.2.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-6420](https://nvd.nist.gov/vuln/detail/CVE-2015-6420)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/collections/main/commons-collections-3.2.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/collections/main/commons-collections-3.2.1.jar: commons-collections@3.2.1" + } + } + ] + }, + { + "ruleId": "CVE-2021-29425", + "ruleIndex": 101, + "level": "warning", + "message": { + "text": "Package: commons-io\nInstalled Version: 2.4\nVulnerability CVE-2021-29425\nSeverity: medium\nFixed Version: 2.7\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-29425](https://nvd.nist.gov/vuln/detail/CVE-2021-29425)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/io/main/commons-io-2.4.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/io/main/commons-io-2.4.jar: commons-io@2.4" + } + } + ] + }, + { + "ruleId": "CVE-2015-4041", + "ruleIndex": 102, + "level": "note", + "message": { + "text": "Package: coreutils\nInstalled Version: 8.22-23.el7\nVulnerability CVE-2015-4041\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-4041](https://access.redhat.com/security/cve/CVE-2015-4041)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "coreutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": coreutils@8.22-23.el7" + } + } + ] + }, + { + "ruleId": "CVE-2015-4042", + "ruleIndex": 103, + "level": "note", + "message": { + "text": "Package: coreutils\nInstalled Version: 8.22-23.el7\nVulnerability CVE-2015-4042\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-4042](https://access.redhat.com/security/cve/CVE-2015-4042)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "coreutils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": coreutils@8.22-23.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3908", + "ruleIndex": 104, + "level": "warning", + "message": { + "text": "Package: cpio\nInstalled Version: 2.11-27.el7\nVulnerability RHSA-2020:3908\nSeverity: medium\nFixed Version: 2.11-28.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3908](https://access.redhat.com/security/cve/CVE-2019-14866)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "cpio", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": cpio@2.11-27.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-38185", + "ruleIndex": 105, + "level": "warning", + "message": { + "text": "Package: cpio\nInstalled Version: 2.11-27.el7\nVulnerability CVE-2021-38185\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-38185](https://access.redhat.com/security/cve/CVE-2021-38185)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "cpio", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": cpio@2.11-27.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27776", + "ruleIndex": 106, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27776\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27776](https://access.redhat.com/security/cve/CVE-2022-27776)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27782", + "ruleIndex": 107, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27782\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27782](https://access.redhat.com/security/cve/CVE-2022-27782)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22947", + "ruleIndex": 108, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22947\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22947](https://access.redhat.com/security/cve/CVE-2021-22947)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3916", + "ruleIndex": 109, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2020:3916\nSeverity: medium\nFixed Version: 7.29.0-59.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3916](https://access.redhat.com/security/cve/CVE-2019-5482)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:5002", + "ruleIndex": 110, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2020:5002\nSeverity: medium\nFixed Version: 7.29.0-59.el7_9.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5002](https://access.redhat.com/security/cve/CVE-2020-8177)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-8284", + "ruleIndex": 111, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2020-8284\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8284](https://access.redhat.com/security/cve/CVE-2020-8284)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-8285", + "ruleIndex": 112, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2020-8285\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8285](https://access.redhat.com/security/cve/CVE-2020-8285)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22876", + "ruleIndex": 113, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22876\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22876](https://access.redhat.com/security/cve/CVE-2021-22876)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27774", + "ruleIndex": 114, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27774\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27774](https://access.redhat.com/security/cve/CVE-2022-27774)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22924", + "ruleIndex": 115, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22924\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22924](https://access.redhat.com/security/cve/CVE-2021-22924)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-43551", + "ruleIndex": 116, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-43551\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-43551](https://access.redhat.com/security/cve/CVE-2022-43551)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22946", + "ruleIndex": 117, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22946\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22946](https://access.redhat.com/security/cve/CVE-2021-22946)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2024-2398", + "ruleIndex": 118, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2024-2398\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-2398](https://access.redhat.com/security/cve/CVE-2024-2398)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-32208", + "ruleIndex": 119, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-32208\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-32208](https://access.redhat.com/security/cve/CVE-2022-32208)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-30115", + "ruleIndex": 120, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-30115\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-30115](https://access.redhat.com/security/cve/CVE-2022-30115)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27778", + "ruleIndex": 121, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27778\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27778](https://access.redhat.com/security/cve/CVE-2022-27778)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27779", + "ruleIndex": 122, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27779\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27779](https://access.redhat.com/security/cve/CVE-2022-27779)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27780", + "ruleIndex": 123, + "level": "warning", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27780\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27780](https://access.redhat.com/security/cve/CVE-2022-27780)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1880", + "ruleIndex": 124, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2019:1880\nSeverity: low\nFixed Version: 7.29.0-51.el7_6.3\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1880](https://access.redhat.com/security/cve/CVE-2018-14618)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2181", + "ruleIndex": 125, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2019:2181\nSeverity: low\nFixed Version: 7.29.0-54.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2181](https://access.redhat.com/security/cve/CVE-2018-16842)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27781", + "ruleIndex": 126, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27781\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27781](https://access.redhat.com/security/cve/CVE-2022-27781)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-28322", + "ruleIndex": 127, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2023-28322\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-28322](https://access.redhat.com/security/cve/CVE-2023-28322)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-35252", + "ruleIndex": 128, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-35252\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-35252](https://access.redhat.com/security/cve/CVE-2022-35252)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22925", + "ruleIndex": 129, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22925\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22925](https://access.redhat.com/security/cve/CVE-2021-22925)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2023:7743", + "ruleIndex": 130, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2023:7743\nSeverity: low\nFixed Version: 7.29.0-59.el7_9.2\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:7743](https://access.redhat.com/security/cve/CVE-2022-43552)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22898", + "ruleIndex": 131, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22898\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22898](https://access.redhat.com/security/cve/CVE-2021-22898)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-38546", + "ruleIndex": 132, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2023-38546\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-38546](https://access.redhat.com/security/cve/CVE-2023-38546)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1020", + "ruleIndex": 133, + "level": "note", + "message": { + "text": "Package: curl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2020:1020\nSeverity: low\nFixed Version: 7.29.0-57.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1020](https://access.redhat.com/security/cve/CVE-2019-5436)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "curl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": curl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2022:0666", + "ruleIndex": 134, + "level": "error", + "message": { + "text": "Package: cyrus-sasl-lib\nInstalled Version: 2.1.26-23.el7\nVulnerability RHSA-2022:0666\nSeverity: high\nFixed Version: 2.1.26-24.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0666](https://access.redhat.com/security/cve/CVE-2022-24407)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "cyrus-sasl-lib", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": cyrus-sasl-lib@2.1.26-23.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:2894", + "ruleIndex": 135, + "level": "error", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability RHSA-2020:2894\nSeverity: high\nFixed Version: 1:1.10.24-14.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:2894](https://access.redhat.com/security/cve/CVE-2020-12049)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4032", + "ruleIndex": 136, + "level": "warning", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability RHSA-2020:4032\nSeverity: medium\nFixed Version: 1:1.10.24-15.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4032](https://access.redhat.com/security/cve/CVE-2019-12749)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-42010", + "ruleIndex": 137, + "level": "warning", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2022-42010\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42010](https://access.redhat.com/security/cve/CVE-2022-42010)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-42011", + "ruleIndex": 138, + "level": "warning", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2022-42011\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42011](https://access.redhat.com/security/cve/CVE-2022-42011)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-42012", + "ruleIndex": 139, + "level": "warning", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2022-42012\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42012](https://access.redhat.com/security/cve/CVE-2022-42012)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-34969", + "ruleIndex": 140, + "level": "warning", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2023-34969\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-34969](https://access.redhat.com/security/cve/CVE-2023-34969)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2014-3636", + "ruleIndex": 141, + "level": "note", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2014-3636\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3636](https://access.redhat.com/security/cve/CVE-2014-3636)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2014-3637", + "ruleIndex": 142, + "level": "note", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2014-3637\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3637](https://access.redhat.com/security/cve/CVE-2014-3637)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2014-3638", + "ruleIndex": 143, + "level": "note", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2014-3638\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3638](https://access.redhat.com/security/cve/CVE-2014-3638)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2014-3639", + "ruleIndex": 144, + "level": "note", + "message": { + "text": "Package: dbus\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2014-3639\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3639](https://access.redhat.com/security/cve/CVE-2014-3639)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:2894", + "ruleIndex": 135, + "level": "error", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability RHSA-2020:2894\nSeverity: high\nFixed Version: 1:1.10.24-14.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:2894](https://access.redhat.com/security/cve/CVE-2020-12049)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4032", + "ruleIndex": 136, + "level": "warning", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability RHSA-2020:4032\nSeverity: medium\nFixed Version: 1:1.10.24-15.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4032](https://access.redhat.com/security/cve/CVE-2019-12749)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-42010", + "ruleIndex": 137, + "level": "warning", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2022-42010\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42010](https://access.redhat.com/security/cve/CVE-2022-42010)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-42011", + "ruleIndex": 138, + "level": "warning", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2022-42011\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42011](https://access.redhat.com/security/cve/CVE-2022-42011)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-42012", + "ruleIndex": 139, + "level": "warning", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2022-42012\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-42012](https://access.redhat.com/security/cve/CVE-2022-42012)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-34969", + "ruleIndex": 140, + "level": "warning", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2023-34969\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-34969](https://access.redhat.com/security/cve/CVE-2023-34969)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2014-3636", + "ruleIndex": 141, + "level": "note", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2014-3636\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3636](https://access.redhat.com/security/cve/CVE-2014-3636)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2014-3637", + "ruleIndex": 142, + "level": "note", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2014-3637\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3637](https://access.redhat.com/security/cve/CVE-2014-3637)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2014-3638", + "ruleIndex": 143, + "level": "note", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2014-3638\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3638](https://access.redhat.com/security/cve/CVE-2014-3638)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2014-3639", + "ruleIndex": 144, + "level": "note", + "message": { + "text": "Package: dbus-libs\nInstalled Version: 1:1.10.24-12.el7\nVulnerability CVE-2014-3639\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3639](https://access.redhat.com/security/cve/CVE-2014-3639)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "dbus-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": dbus-libs@1:1.10.24-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-10683", + "ruleIndex": 145, + "level": "error", + "message": { + "text": "Package: dom4j\nInstalled Version: 1.6.1\nVulnerability CVE-2020-10683\nSeverity: critical\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10683](https://nvd.nist.gov/vuln/detail/CVE-2020-10683)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/dom4j/main/dom4j-1.6.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/dom4j/main/dom4j-1.6.1.jar: dom4j@1.6.1" + } + } + ] + }, + { + "ruleId": "CVE-2018-1000632", + "ruleIndex": 146, + "level": "error", + "message": { + "text": "Package: dom4j\nInstalled Version: 1.6.1\nVulnerability CVE-2018-1000632\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1000632](https://nvd.nist.gov/vuln/detail/CVE-2018-1000632)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/dom4j/main/dom4j-1.6.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/dom4j/main/dom4j-1.6.1.jar: dom4j@1.6.1" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2197", + "ruleIndex": 147, + "level": "note", + "message": { + "text": "Package: elfutils-default-yama-scope\nInstalled Version: 0.172-2.el7\nVulnerability RHSA-2019:2197\nSeverity: low\nFixed Version: 0.176-2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2197](https://access.redhat.com/security/cve/CVE-2018-16402)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "elfutils-default-yama-scope", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": elfutils-default-yama-scope@0.172-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2197", + "ruleIndex": 147, + "level": "note", + "message": { + "text": "Package: elfutils-libelf\nInstalled Version: 0.172-2.el7\nVulnerability RHSA-2019:2197\nSeverity: low\nFixed Version: 0.176-2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2197](https://access.redhat.com/security/cve/CVE-2018-16402)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "elfutils-libelf", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": elfutils-libelf@0.172-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2197", + "ruleIndex": 147, + "level": "note", + "message": { + "text": "Package: elfutils-libs\nInstalled Version: 0.172-2.el7\nVulnerability RHSA-2019:2197\nSeverity: low\nFixed Version: 0.176-2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2197](https://access.redhat.com/security/cve/CVE-2018-16402)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "elfutils-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": elfutils-libs@0.172-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2022:1069", + "ruleIndex": 148, + "level": "error", + "message": { + "text": "Package: expat\nInstalled Version: 2.1.0-10.el7_3\nVulnerability RHSA-2022:1069\nSeverity: high\nFixed Version: 2.1.0-14.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:1069](https://access.redhat.com/security/cve/CVE-2022-25315)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "expat", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": expat@2.1.0-10.el7_3" + } + } + ] + }, + { + "ruleId": "RHSA-2022:6834", + "ruleIndex": 149, + "level": "error", + "message": { + "text": "Package: expat\nInstalled Version: 2.1.0-10.el7_3\nVulnerability RHSA-2022:6834\nSeverity: high\nFixed Version: 2.1.0-15.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:6834](https://access.redhat.com/security/cve/CVE-2022-40674)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "expat", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": expat@2.1.0-10.el7_3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1011", + "ruleIndex": 150, + "level": "warning", + "message": { + "text": "Package: expat\nInstalled Version: 2.1.0-10.el7_3\nVulnerability RHSA-2020:1011\nSeverity: medium\nFixed Version: 2.1.0-11.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1011](https://access.redhat.com/security/cve/CVE-2015-2716)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "expat", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": expat@2.1.0-10.el7_3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3952", + "ruleIndex": 151, + "level": "warning", + "message": { + "text": "Package: expat\nInstalled Version: 2.1.0-10.el7_3\nVulnerability RHSA-2020:3952\nSeverity: medium\nFixed Version: 2.1.0-12.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3952](https://access.redhat.com/security/cve/CVE-2019-15903)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "expat", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": expat@2.1.0-10.el7_3" + } + } + ] + }, + { + "ruleId": "CVE-2022-25313", + "ruleIndex": 152, + "level": "warning", + "message": { + "text": "Package: expat\nInstalled Version: 2.1.0-10.el7_3\nVulnerability CVE-2022-25313\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-25313](https://access.redhat.com/security/cve/CVE-2022-25313)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "expat", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": expat@2.1.0-10.el7_3" + } + } + ] + }, + { + "ruleId": "CVE-2023-52425", + "ruleIndex": 153, + "level": "warning", + "message": { + "text": "Package: expat\nInstalled Version: 2.1.0-10.el7_3\nVulnerability CVE-2023-52425\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-52425](https://access.redhat.com/security/cve/CVE-2023-52425)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "expat", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": expat@2.1.0-10.el7_3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1022", + "ruleIndex": 154, + "level": "note", + "message": { + "text": "Package: file-libs\nInstalled Version: 5.11-35.el7\nVulnerability RHSA-2020:1022\nSeverity: low\nFixed Version: 5.11-36.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1022](https://access.redhat.com/security/cve/CVE-2018-10360)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "file-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": file-libs@5.11-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-48554", + "ruleIndex": 155, + "level": "note", + "message": { + "text": "Package: file-libs\nInstalled Version: 5.11-35.el7\nVulnerability CVE-2022-48554\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48554](https://access.redhat.com/security/cve/CVE-2022-48554)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "file-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": file-libs@5.11-35.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4907", + "ruleIndex": 156, + "level": "error", + "message": { + "text": "Package: freetype\nInstalled Version: 2.8-12.el7_6.1\nVulnerability RHSA-2020:4907\nSeverity: high\nFixed Version: 2.8-14.el7_9.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4907](https://access.redhat.com/security/cve/CVE-2020-15999)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "freetype", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": freetype@2.8-12.el7_6.1" + } + } + ] + }, + { + "ruleId": "CVE-2022-27404", + "ruleIndex": 157, + "level": "warning", + "message": { + "text": "Package: freetype\nInstalled Version: 2.8-12.el7_6.1\nVulnerability CVE-2022-27404\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27404](https://access.redhat.com/security/cve/CVE-2022-27404)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "freetype", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": freetype@2.8-12.el7_6.1" + } + } + ] + }, + { + "ruleId": "CVE-2022-27405", + "ruleIndex": 158, + "level": "warning", + "message": { + "text": "Package: freetype\nInstalled Version: 2.8-12.el7_6.1\nVulnerability CVE-2022-27405\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27405](https://access.redhat.com/security/cve/CVE-2022-27405)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "freetype", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": freetype@2.8-12.el7_6.1" + } + } + ] + }, + { + "ruleId": "CVE-2022-27406", + "ruleIndex": 159, + "level": "warning", + "message": { + "text": "Package: freetype\nInstalled Version: 2.8-12.el7_6.1\nVulnerability CVE-2022-27406\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27406](https://access.redhat.com/security/cve/CVE-2022-27406)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "freetype", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": freetype@2.8-12.el7_6.1" + } + } + ] + }, + { + "ruleId": "CVE-2022-28506", + "ruleIndex": 160, + "level": "warning", + "message": { + "text": "Package: giflib\nInstalled Version: 4.1.6-9.el7\nVulnerability CVE-2022-28506\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-28506](https://access.redhat.com/security/cve/CVE-2022-28506)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "giflib", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": giflib@4.1.6-9.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-23922", + "ruleIndex": 161, + "level": "note", + "message": { + "text": "Package: giflib\nInstalled Version: 4.1.6-9.el7\nVulnerability CVE-2020-23922\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-23922](https://access.redhat.com/security/cve/CVE-2020-23922)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "giflib", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": giflib@4.1.6-9.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-39742", + "ruleIndex": 162, + "level": "note", + "message": { + "text": "Package: giflib\nInstalled Version: 4.1.6-9.el7\nVulnerability CVE-2023-39742\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-39742](https://access.redhat.com/security/cve/CVE-2023-39742)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "giflib", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": giflib@4.1.6-9.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2021:2147", + "ruleIndex": 163, + "level": "error", + "message": { + "text": "Package: glib2\nInstalled Version: 2.56.1-2.el7\nVulnerability RHSA-2021:2147\nSeverity: high\nFixed Version: 2.56.1-9.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:2147](https://access.redhat.com/security/cve/CVE-2021-27219)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glib2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glib2@2.56.1-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3978", + "ruleIndex": 164, + "level": "warning", + "message": { + "text": "Package: glib2\nInstalled Version: 2.56.1-2.el7\nVulnerability RHSA-2020:3978\nSeverity: medium\nFixed Version: 2.56.1-7.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3978](https://access.redhat.com/security/cve/CVE-2019-12450)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glib2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glib2@2.56.1-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-27218", + "ruleIndex": 165, + "level": "warning", + "message": { + "text": "Package: glib2\nInstalled Version: 2.56.1-2.el7\nVulnerability CVE-2021-27218\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-27218](https://access.redhat.com/security/cve/CVE-2021-27218)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glib2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glib2@2.56.1-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3800", + "ruleIndex": 166, + "level": "warning", + "message": { + "text": "Package: glib2\nInstalled Version: 2.56.1-2.el7\nVulnerability CVE-2021-3800\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3800](https://access.redhat.com/security/cve/CVE-2021-3800)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glib2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glib2@2.56.1-2.el7" + } + } + ] + }, + { + "ruleId": "RHBA-2019:2044", + "ruleIndex": 167, + "level": "note", + "message": { + "text": "Package: glib2\nInstalled Version: 2.56.1-2.el7\nVulnerability RHBA-2019:2044\nSeverity: low\nFixed Version: 2.56.1-5.el7\nExploit Available: []()\nExploit Type: \nLink: [RHBA-2019:2044](https://access.redhat.com/security/cve/CVE-2018-5819)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glib2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glib2@2.56.1-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-28153", + "ruleIndex": 168, + "level": "note", + "message": { + "text": "Package: glib2\nInstalled Version: 2.56.1-2.el7\nVulnerability CVE-2021-28153\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-28153](https://access.redhat.com/security/cve/CVE-2021-28153)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glib2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glib2@2.56.1-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-29499", + "ruleIndex": 169, + "level": "note", + "message": { + "text": "Package: glib2\nInstalled Version: 2.56.1-2.el7\nVulnerability CVE-2023-29499\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-29499](https://access.redhat.com/security/cve/CVE-2023-29499)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glib2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glib2@2.56.1-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-32611", + "ruleIndex": 170, + "level": "note", + "message": { + "text": "Package: glib2\nInstalled Version: 2.56.1-2.el7\nVulnerability CVE-2023-32611\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-32611](https://access.redhat.com/security/cve/CVE-2023-32611)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glib2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glib2@2.56.1-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-32665", + "ruleIndex": 171, + "level": "note", + "message": { + "text": "Package: glib2\nInstalled Version: 2.56.1-2.el7\nVulnerability CVE-2023-32665\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-32665](https://access.redhat.com/security/cve/CVE-2023-32665)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glib2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glib2@2.56.1-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2024-2961", + "ruleIndex": 172, + "level": "error", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-2961\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-2961](https://access.redhat.com/security/cve/CVE-2024-2961)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-33599", + "ruleIndex": 173, + "level": "error", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-33599\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33599](https://access.redhat.com/security/cve/CVE-2024-33599)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-5156", + "ruleIndex": 174, + "level": "warning", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2023-5156\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5156](https://access.redhat.com/security/cve/CVE-2023-5156)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-35942", + "ruleIndex": 175, + "level": "warning", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2021-35942\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35942](https://access.redhat.com/security/cve/CVE-2021-35942)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3999", + "ruleIndex": 176, + "level": "warning", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2021-3999\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3999](https://access.redhat.com/security/cve/CVE-2021-3999)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-23218", + "ruleIndex": 177, + "level": "warning", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2022-23218\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23218](https://access.redhat.com/security/cve/CVE-2022-23218)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-23219", + "ruleIndex": 178, + "level": "warning", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2022-23219\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23219](https://access.redhat.com/security/cve/CVE-2022-23219)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2118", + "ruleIndex": 179, + "level": "warning", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability RHSA-2019:2118\nSeverity: medium\nFixed Version: 2.17-292.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2118](https://access.redhat.com/security/cve/CVE-2016-10739)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2021:0348", + "ruleIndex": 180, + "level": "warning", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability RHSA-2021:0348\nSeverity: medium\nFixed Version: 2.17-322.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:0348](https://access.redhat.com/security/cve/CVE-2020-29573)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-33600", + "ruleIndex": 181, + "level": "warning", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-33600\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33600](https://access.redhat.com/security/cve/CVE-2024-33600)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2020-27618", + "ruleIndex": 182, + "level": "note", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2020-27618\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-27618](https://access.redhat.com/security/cve/CVE-2020-27618)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-33574", + "ruleIndex": 183, + "level": "note", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2021-33574\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-33574](https://access.redhat.com/security/cve/CVE-2021-33574)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3861", + "ruleIndex": 184, + "level": "note", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability RHSA-2020:3861\nSeverity: low\nFixed Version: 2.17-317.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3861](https://access.redhat.com/security/cve/CVE-2019-19126)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-33601", + "ruleIndex": 185, + "level": "note", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-33601\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33601](https://access.redhat.com/security/cve/CVE-2024-33601)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-33602", + "ruleIndex": 186, + "level": "note", + "message": { + "text": "Package: glibc\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-33602\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33602](https://access.redhat.com/security/cve/CVE-2024-33602)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-2961", + "ruleIndex": 172, + "level": "error", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-2961\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-2961](https://access.redhat.com/security/cve/CVE-2024-2961)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-33599", + "ruleIndex": 173, + "level": "error", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-33599\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33599](https://access.redhat.com/security/cve/CVE-2024-33599)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-5156", + "ruleIndex": 174, + "level": "warning", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2023-5156\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5156](https://access.redhat.com/security/cve/CVE-2023-5156)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-35942", + "ruleIndex": 175, + "level": "warning", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2021-35942\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35942](https://access.redhat.com/security/cve/CVE-2021-35942)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3999", + "ruleIndex": 176, + "level": "warning", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2021-3999\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3999](https://access.redhat.com/security/cve/CVE-2021-3999)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-23218", + "ruleIndex": 177, + "level": "warning", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2022-23218\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23218](https://access.redhat.com/security/cve/CVE-2022-23218)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-23219", + "ruleIndex": 178, + "level": "warning", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2022-23219\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23219](https://access.redhat.com/security/cve/CVE-2022-23219)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2118", + "ruleIndex": 179, + "level": "warning", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability RHSA-2019:2118\nSeverity: medium\nFixed Version: 2.17-292.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2118](https://access.redhat.com/security/cve/CVE-2016-10739)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2021:0348", + "ruleIndex": 180, + "level": "warning", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability RHSA-2021:0348\nSeverity: medium\nFixed Version: 2.17-322.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:0348](https://access.redhat.com/security/cve/CVE-2020-29573)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-33600", + "ruleIndex": 181, + "level": "warning", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-33600\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33600](https://access.redhat.com/security/cve/CVE-2024-33600)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2020-27618", + "ruleIndex": 182, + "level": "note", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2020-27618\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-27618](https://access.redhat.com/security/cve/CVE-2020-27618)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-33574", + "ruleIndex": 183, + "level": "note", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2021-33574\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-33574](https://access.redhat.com/security/cve/CVE-2021-33574)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3861", + "ruleIndex": 184, + "level": "note", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability RHSA-2020:3861\nSeverity: low\nFixed Version: 2.17-317.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3861](https://access.redhat.com/security/cve/CVE-2019-19126)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-33601", + "ruleIndex": 185, + "level": "note", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-33601\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33601](https://access.redhat.com/security/cve/CVE-2024-33601)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-33602", + "ruleIndex": 186, + "level": "note", + "message": { + "text": "Package: glibc-common\nInstalled Version: 2.17-260.el7_6.3\nVulnerability CVE-2024-33602\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-33602](https://access.redhat.com/security/cve/CVE-2024-33602)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "glibc-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": glibc-common@2.17-260.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-43618", + "ruleIndex": 187, + "level": "warning", + "message": { + "text": "Package: gmp\nInstalled Version: 1:6.0.0-15.el7\nVulnerability CVE-2021-43618\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-43618](https://access.redhat.com/security/cve/CVE-2021-43618)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "gmp", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": gmp@1:6.0.0-15.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-34903", + "ruleIndex": 188, + "level": "warning", + "message": { + "text": "Package: gnupg2\nInstalled Version: 2.0.22-5.el7_5\nVulnerability CVE-2022-34903\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-34903](https://access.redhat.com/security/cve/CVE-2022-34903)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "gnupg2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": gnupg2@2.0.22-5.el7_5" + } + } + ] + }, + { + "ruleId": "RHSA-2022:2191", + "ruleIndex": 189, + "level": "error", + "message": { + "text": "Package: gzip\nInstalled Version: 1.5-10.el7\nVulnerability RHSA-2022:2191\nSeverity: high\nFixed Version: 1.5-11.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:2191](https://access.redhat.com/security/cve/CVE-2022-1271)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "gzip", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": gzip@1.5-10.el7" + } + } + ] + }, + { + "ruleId": "CVE-2019-20445", + "ruleIndex": 190, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-20445\nSeverity: critical\nFixed Version: 4.1.44.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-20445](https://nvd.nist.gov/vuln/detail/CVE-2019-20445)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-20444", + "ruleIndex": 191, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-20444\nSeverity: critical\nFixed Version: 4.1.44.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-20444](https://nvd.nist.gov/vuln/detail/CVE-2019-20444)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-41881", + "ruleIndex": 192, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2022-41881\nSeverity: high\nFixed Version: 4.1.86\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-41881](https://nvd.nist.gov/vuln/detail/CVE-2022-41881)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-9512", + "ruleIndex": 193, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-9512\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9512](https://nvd.nist.gov/vuln/detail/CVE-2019-9512)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-9518", + "ruleIndex": 194, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-9518\nSeverity: high\nFixed Version: 4.1.39.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9518](https://nvd.nist.gov/vuln/detail/CVE-2019-9518)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-4970", + "ruleIndex": 195, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2016-4970\nSeverity: high\nFixed Version: 4.0.37, 4.1.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-4970](https://nvd.nist.gov/vuln/detail/CVE-2016-4970)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-9514", + "ruleIndex": 196, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-9514\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9514](https://nvd.nist.gov/vuln/detail/CVE-2019-9514)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-16869", + "ruleIndex": 197, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-16869\nSeverity: high\nFixed Version: 4.1.42.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-16869](https://nvd.nist.gov/vuln/detail/CVE-2019-16869)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-37136", + "ruleIndex": 198, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2021-37136\nSeverity: high\nFixed Version: 4.1.68\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37136](https://nvd.nist.gov/vuln/detail/CVE-2021-37136)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-9515", + "ruleIndex": 199, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-9515\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9515](https://nvd.nist.gov/vuln/detail/CVE-2019-9515)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-34462", + "ruleIndex": 200, + "level": "warning", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2023-34462\nSeverity: medium\nFixed Version: 4.1.94.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-34462](https://nvd.nist.gov/vuln/detail/CVE-2023-34462)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-21409", + "ruleIndex": 201, + "level": "warning", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2021-21409\nSeverity: medium\nFixed Version: 4.1.61.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-21409](https://nvd.nist.gov/vuln/detail/CVE-2021-21409)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-20445", + "ruleIndex": 190, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-20445\nSeverity: critical\nFixed Version: 4.1.44.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-20445](https://nvd.nist.gov/vuln/detail/CVE-2019-20445)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-20444", + "ruleIndex": 191, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-20444\nSeverity: critical\nFixed Version: 4.1.44.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-20444](https://nvd.nist.gov/vuln/detail/CVE-2019-20444)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-41881", + "ruleIndex": 192, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2022-41881\nSeverity: high\nFixed Version: 4.1.86\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-41881](https://nvd.nist.gov/vuln/detail/CVE-2022-41881)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-9512", + "ruleIndex": 193, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-9512\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9512](https://nvd.nist.gov/vuln/detail/CVE-2019-9512)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-9518", + "ruleIndex": 194, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-9518\nSeverity: high\nFixed Version: 4.1.39.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9518](https://nvd.nist.gov/vuln/detail/CVE-2019-9518)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-4970", + "ruleIndex": 195, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2016-4970\nSeverity: high\nFixed Version: 4.0.37, 4.1.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-4970](https://nvd.nist.gov/vuln/detail/CVE-2016-4970)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-9514", + "ruleIndex": 196, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-9514\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9514](https://nvd.nist.gov/vuln/detail/CVE-2019-9514)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-16869", + "ruleIndex": 197, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-16869\nSeverity: high\nFixed Version: 4.1.42.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-16869](https://nvd.nist.gov/vuln/detail/CVE-2019-16869)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-37136", + "ruleIndex": 198, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2021-37136\nSeverity: high\nFixed Version: 4.1.68\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37136](https://nvd.nist.gov/vuln/detail/CVE-2021-37136)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-9515", + "ruleIndex": 199, + "level": "error", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2019-9515\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-9515](https://nvd.nist.gov/vuln/detail/CVE-2019-9515)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-34462", + "ruleIndex": 200, + "level": "warning", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2023-34462\nSeverity: medium\nFixed Version: 4.1.94.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-34462](https://nvd.nist.gov/vuln/detail/CVE-2023-34462)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-21409", + "ruleIndex": 201, + "level": "warning", + "message": { + "text": "Package: netty-all\nInstalled Version: 4.0.26.Final\nVulnerability CVE-2021-21409\nSeverity: medium\nFixed Version: 4.1.61.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-21409](https://nvd.nist.gov/vuln/detail/CVE-2021-21409)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.26.Final.jar: netty-all@4.0.26.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-1745", + "ruleIndex": 202, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-1745\nSeverity: critical\nFixed Version: 2.0.30\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1745](https://nvd.nist.gov/vuln/detail/CVE-2020-1745)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-10212", + "ruleIndex": 203, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2019-10212\nSeverity: critical\nFixed Version: 2.0.20\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10212](https://nvd.nist.gov/vuln/detail/CVE-2019-10212)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-3888", + "ruleIndex": 204, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2019-3888\nSeverity: critical\nFixed Version: 2.0.21\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-3888](https://nvd.nist.gov/vuln/detail/CVE-2019-3888)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-12165", + "ruleIndex": 205, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2017-12165\nSeverity: high\nFixed Version: 1.3.31, 1.4.17, 2.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-12165](https://nvd.nist.gov/vuln/detail/CVE-2017-12165)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-27782", + "ruleIndex": 206, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-27782\nSeverity: high\nFixed Version: 2.0.33, 2.1.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-27782](https://nvd.nist.gov/vuln/detail/CVE-2020-27782)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-1319", + "ruleIndex": 207, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2022-1319\nSeverity: high\nFixed Version: 2.2.17\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1319](https://nvd.nist.gov/vuln/detail/CVE-2022-1319)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-10184", + "ruleIndex": 208, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2019-10184\nSeverity: high\nFixed Version: 2.0.23\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10184](https://nvd.nist.gov/vuln/detail/CVE-2019-10184)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-2670", + "ruleIndex": 209, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2017-2670\nSeverity: high\nFixed Version: 1.3.28\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-2670](https://nvd.nist.gov/vuln/detail/CVE-2017-2670)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-3223", + "ruleIndex": 210, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2023-3223\nSeverity: high\nFixed Version: 2.2.24.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-3223](https://nvd.nist.gov/vuln/detail/CVE-2023-3223)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3859", + "ruleIndex": 211, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-3859\nSeverity: high\nFixed Version: 2.2.15\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3859](https://nvd.nist.gov/vuln/detail/CVE-2021-3859)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-5379", + "ruleIndex": 212, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2023-5379\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5379](https://nvd.nist.gov/vuln/detail/CVE-2023-5379)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-14888", + "ruleIndex": 213, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2019-14888\nSeverity: high\nFixed Version: 2.0.29.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14888](https://nvd.nist.gov/vuln/detail/CVE-2019-14888)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10705", + "ruleIndex": 214, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-10705\nSeverity: high\nFixed Version: 2.1.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10705](https://nvd.nist.gov/vuln/detail/CVE-2020-10705)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-2053", + "ruleIndex": 215, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2022-2053\nSeverity: high\nFixed Version: 2.2.19.Final, 2.3.0.Alpha2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2053](https://nvd.nist.gov/vuln/detail/CVE-2022-2053)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-1757", + "ruleIndex": 216, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-1757\nSeverity: high\nFixed Version: 2.1.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1757](https://nvd.nist.gov/vuln/detail/CVE-2020-1757)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-1259", + "ruleIndex": 217, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2022-1259\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1259](https://nvd.nist.gov/vuln/detail/CVE-2022-1259)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-1108", + "ruleIndex": 218, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2023-1108\nSeverity: high\nFixed Version: 2.2.24.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-1108](https://nvd.nist.gov/vuln/detail/CVE-2023-1108)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-1048", + "ruleIndex": 219, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2018-1048\nSeverity: high\nFixed Version: 2.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1048](https://nvd.nist.gov/vuln/detail/CVE-2018-1048)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3690", + "ruleIndex": 220, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-3690\nSeverity: high\nFixed Version: 2.0.40, 2.2.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3690](https://nvd.nist.gov/vuln/detail/CVE-2021-3690)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-4492", + "ruleIndex": 221, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2022-4492\nSeverity: high\nFixed Version: 2.2.24.Final, 2.3.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-4492](https://nvd.nist.gov/vuln/detail/CVE-2022-4492)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-20220", + "ruleIndex": 222, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-20220\nSeverity: medium\nFixed Version: 2.0.34, 2.1.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20220](https://nvd.nist.gov/vuln/detail/CVE-2021-20220)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-1067", + "ruleIndex": 223, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2018-1067\nSeverity: medium\nFixed Version: 1.4.25.Final, 2.0.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1067](https://nvd.nist.gov/vuln/detail/CVE-2018-1067)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3597", + "ruleIndex": 224, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-3597\nSeverity: medium\nFixed Version: 2.0.39.Final, 2.2.9.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3597](https://nvd.nist.gov/vuln/detail/CVE-2021-3597)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-4993", + "ruleIndex": 225, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2016-4993\nSeverity: medium\nFixed Version: 1.3.5.Final, 2.0.0b1, 2.0.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-4993](https://nvd.nist.gov/vuln/detail/CVE-2016-4993)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-1114", + "ruleIndex": 226, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2018-1114\nSeverity: medium\nFixed Version: 1.4.25.Final, 2.0.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1114](https://nvd.nist.gov/vuln/detail/CVE-2018-1114)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-7046", + "ruleIndex": 227, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2016-7046\nSeverity: medium\nFixed Version: 1.3.25.Final, 1.4.3.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-7046](https://nvd.nist.gov/vuln/detail/CVE-2016-7046)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-6311", + "ruleIndex": 228, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2016-6311\nSeverity: medium\nFixed Version: 2.0.9.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6311](https://nvd.nist.gov/vuln/detail/CVE-2016-6311)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2024-1459", + "ruleIndex": 229, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2024-1459\nSeverity: medium\nFixed Version: 2.2.31.Final, 2.3.12.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-1459](https://nvd.nist.gov/vuln/detail/CVE-2024-1459)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-14642", + "ruleIndex": 230, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2018-14642\nSeverity: medium\nFixed Version: 2.0.19.FINAL\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-14642](https://nvd.nist.gov/vuln/detail/CVE-2018-14642)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3629", + "ruleIndex": 231, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-3629\nSeverity: medium\nFixed Version: 2.0.40.Final, 2.2.11.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3629](https://nvd.nist.gov/vuln/detail/CVE-2021-3629)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-12196", + "ruleIndex": 232, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2017-12196\nSeverity: medium\nFixed Version: 1.4.24.Final, 2.0.2.FInal\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-12196](https://nvd.nist.gov/vuln/detail/CVE-2017-12196)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10687", + "ruleIndex": 233, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-10687\nSeverity: medium\nFixed Version: 2.2.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10687](https://nvd.nist.gov/vuln/detail/CVE-2020-10687)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10719", + "ruleIndex": 234, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-10719\nSeverity: medium\nFixed Version: 2.1.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10719](https://nvd.nist.gov/vuln/detail/CVE-2020-10719)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-2666", + "ruleIndex": 235, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2017-2666\nSeverity: medium\nFixed Version: 1.3.31, 1.4.17\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-2666](https://nvd.nist.gov/vuln/detail/CVE-2017-2666)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-1.2.9.Final.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-1745", + "ruleIndex": 202, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-1745\nSeverity: critical\nFixed Version: 2.0.30\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1745](https://nvd.nist.gov/vuln/detail/CVE-2020-1745)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-10212", + "ruleIndex": 203, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2019-10212\nSeverity: critical\nFixed Version: 2.0.20\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10212](https://nvd.nist.gov/vuln/detail/CVE-2019-10212)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-3888", + "ruleIndex": 204, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2019-3888\nSeverity: critical\nFixed Version: 2.0.21\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-3888](https://nvd.nist.gov/vuln/detail/CVE-2019-3888)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-12165", + "ruleIndex": 205, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2017-12165\nSeverity: high\nFixed Version: 1.3.31, 1.4.17, 2.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-12165](https://nvd.nist.gov/vuln/detail/CVE-2017-12165)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-27782", + "ruleIndex": 206, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-27782\nSeverity: high\nFixed Version: 2.0.33, 2.1.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-27782](https://nvd.nist.gov/vuln/detail/CVE-2020-27782)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-1319", + "ruleIndex": 207, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2022-1319\nSeverity: high\nFixed Version: 2.2.17\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1319](https://nvd.nist.gov/vuln/detail/CVE-2022-1319)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-10184", + "ruleIndex": 208, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2019-10184\nSeverity: high\nFixed Version: 2.0.23\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10184](https://nvd.nist.gov/vuln/detail/CVE-2019-10184)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-2670", + "ruleIndex": 209, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2017-2670\nSeverity: high\nFixed Version: 1.3.28\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-2670](https://nvd.nist.gov/vuln/detail/CVE-2017-2670)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-3223", + "ruleIndex": 210, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2023-3223\nSeverity: high\nFixed Version: 2.2.24.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-3223](https://nvd.nist.gov/vuln/detail/CVE-2023-3223)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3859", + "ruleIndex": 211, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-3859\nSeverity: high\nFixed Version: 2.2.15\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3859](https://nvd.nist.gov/vuln/detail/CVE-2021-3859)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-5379", + "ruleIndex": 212, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2023-5379\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5379](https://nvd.nist.gov/vuln/detail/CVE-2023-5379)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-14888", + "ruleIndex": 213, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2019-14888\nSeverity: high\nFixed Version: 2.0.29.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14888](https://nvd.nist.gov/vuln/detail/CVE-2019-14888)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10705", + "ruleIndex": 214, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-10705\nSeverity: high\nFixed Version: 2.1.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10705](https://nvd.nist.gov/vuln/detail/CVE-2020-10705)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-2053", + "ruleIndex": 215, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2022-2053\nSeverity: high\nFixed Version: 2.2.19.Final, 2.3.0.Alpha2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2053](https://nvd.nist.gov/vuln/detail/CVE-2022-2053)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-1757", + "ruleIndex": 216, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-1757\nSeverity: high\nFixed Version: 2.1.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1757](https://nvd.nist.gov/vuln/detail/CVE-2020-1757)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-1259", + "ruleIndex": 217, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2022-1259\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1259](https://nvd.nist.gov/vuln/detail/CVE-2022-1259)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-1108", + "ruleIndex": 218, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2023-1108\nSeverity: high\nFixed Version: 2.2.24.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-1108](https://nvd.nist.gov/vuln/detail/CVE-2023-1108)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-1048", + "ruleIndex": 219, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2018-1048\nSeverity: high\nFixed Version: 2.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1048](https://nvd.nist.gov/vuln/detail/CVE-2018-1048)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3690", + "ruleIndex": 220, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-3690\nSeverity: high\nFixed Version: 2.0.40, 2.2.10\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3690](https://nvd.nist.gov/vuln/detail/CVE-2021-3690)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-4492", + "ruleIndex": 221, + "level": "error", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2022-4492\nSeverity: high\nFixed Version: 2.2.24.Final, 2.3.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-4492](https://nvd.nist.gov/vuln/detail/CVE-2022-4492)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-20220", + "ruleIndex": 222, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-20220\nSeverity: medium\nFixed Version: 2.0.34, 2.1.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20220](https://nvd.nist.gov/vuln/detail/CVE-2021-20220)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-1067", + "ruleIndex": 223, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2018-1067\nSeverity: medium\nFixed Version: 1.4.25.Final, 2.0.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1067](https://nvd.nist.gov/vuln/detail/CVE-2018-1067)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3597", + "ruleIndex": 224, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-3597\nSeverity: medium\nFixed Version: 2.0.39.Final, 2.2.9.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3597](https://nvd.nist.gov/vuln/detail/CVE-2021-3597)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-4993", + "ruleIndex": 225, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2016-4993\nSeverity: medium\nFixed Version: 1.3.5.Final, 2.0.0b1, 2.0.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-4993](https://nvd.nist.gov/vuln/detail/CVE-2016-4993)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-1114", + "ruleIndex": 226, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2018-1114\nSeverity: medium\nFixed Version: 1.4.25.Final, 2.0.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1114](https://nvd.nist.gov/vuln/detail/CVE-2018-1114)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-7046", + "ruleIndex": 227, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2016-7046\nSeverity: medium\nFixed Version: 1.3.25.Final, 1.4.3.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-7046](https://nvd.nist.gov/vuln/detail/CVE-2016-7046)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-6311", + "ruleIndex": 228, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2016-6311\nSeverity: medium\nFixed Version: 2.0.9.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6311](https://nvd.nist.gov/vuln/detail/CVE-2016-6311)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2024-1459", + "ruleIndex": 229, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2024-1459\nSeverity: medium\nFixed Version: 2.2.31.Final, 2.3.12.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-1459](https://nvd.nist.gov/vuln/detail/CVE-2024-1459)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-14642", + "ruleIndex": 230, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2018-14642\nSeverity: medium\nFixed Version: 2.0.19.FINAL\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-14642](https://nvd.nist.gov/vuln/detail/CVE-2018-14642)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3629", + "ruleIndex": 231, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2021-3629\nSeverity: medium\nFixed Version: 2.0.40.Final, 2.2.11.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3629](https://nvd.nist.gov/vuln/detail/CVE-2021-3629)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-12196", + "ruleIndex": 232, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2017-12196\nSeverity: medium\nFixed Version: 1.4.24.Final, 2.0.2.FInal\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-12196](https://nvd.nist.gov/vuln/detail/CVE-2017-12196)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10687", + "ruleIndex": 233, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-10687\nSeverity: medium\nFixed Version: 2.2.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10687](https://nvd.nist.gov/vuln/detail/CVE-2020-10687)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10719", + "ruleIndex": 234, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-10719\nSeverity: medium\nFixed Version: 2.1.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10719](https://nvd.nist.gov/vuln/detail/CVE-2020-10719)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-2666", + "ruleIndex": 235, + "level": "warning", + "message": { + "text": "Package: undertow-core\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2017-2666\nSeverity: medium\nFixed Version: 1.3.31, 1.4.17\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-2666](https://nvd.nist.gov/vuln/detail/CVE-2017-2666)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: undertow-core@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-10184", + "ruleIndex": 208, + "level": "error", + "message": { + "text": "Package: undertow-servlet\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2019-10184\nSeverity: high\nFixed Version: 2.0.23\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10184](https://nvd.nist.gov/vuln/detail/CVE-2019-10184)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/servlet/main/undertow-servlet-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/servlet/main/undertow-servlet-1.2.9.Final.jar: undertow-servlet@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-1757", + "ruleIndex": 216, + "level": "error", + "message": { + "text": "Package: undertow-servlet\nInstalled Version: 1.2.9.Final\nVulnerability CVE-2020-1757\nSeverity: high\nFixed Version: 2.1.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1757](https://nvd.nist.gov/vuln/detail/CVE-2020-1757)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/servlet/main/undertow-servlet-1.2.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/io/undertow/servlet/main/undertow-servlet-1.2.9.Final.jar: undertow-servlet@1.2.9.Final" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0775", + "ruleIndex": 236, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:0775\nSeverity: high\nFixed Version: 1:1.8.0.212.b04-0.el7_6\nExploit Available: [http://www.exploit-db.com/exploits/46723](http://www.exploit-db.com/exploits/46723)\nExploit Type: dos\nLink: [RHSA-2019:0775](https://access.redhat.com/security/cve/CVE-2019-2698)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:5698", + "ruleIndex": 237, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:5698\nSeverity: high\nFixed Version: 1:1.8.0.342.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5698](https://access.redhat.com/security/cve/CVE-2022-34169)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1512", + "ruleIndex": 238, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:1512\nSeverity: high\nFixed Version: 1:1.8.0.252.b09-2.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1512](https://access.redhat.com/security/cve/CVE-2020-2805)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:3889", + "ruleIndex": 239, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2021:3889\nSeverity: high\nFixed Version: 1:1.8.0.312.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3889](https://access.redhat.com/security/cve/CVE-2021-35567)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:2845", + "ruleIndex": 240, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2021:2845\nSeverity: high\nFixed Version: 1:1.8.0.302.b08-0.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:2845](https://access.redhat.com/security/cve/CVE-2021-2388)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:3128", + "ruleIndex": 241, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:3128\nSeverity: high\nFixed Version: 1:1.8.0.232.b09-0.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:3128](https://access.redhat.com/security/cve/CVE-2019-2949)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:2968", + "ruleIndex": 242, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:2968\nSeverity: high\nFixed Version: 1:1.8.0.262.b10-0.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:2968](https://access.redhat.com/security/cve/CVE-2020-14583)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2024:0223", + "ruleIndex": 243, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2024:0223\nSeverity: high\nFixed Version: 1:1.8.0.402.b06-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2024:0223](https://access.redhat.com/security/cve/CVE-2024-20952)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:0196", + "ruleIndex": 244, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:0196\nSeverity: high\nFixed Version: 1:1.8.0.242.b08-0.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:0196](https://access.redhat.com/security/cve/CVE-2020-2604)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:1904", + "ruleIndex": 245, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:1904\nSeverity: high\nFixed Version: 1:1.8.0.372.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1904](https://access.redhat.com/security/cve/CVE-2023-21930)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:1487", + "ruleIndex": 246, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:1487\nSeverity: high\nFixed Version: 1:1.8.0.332.b09-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:1487](https://access.redhat.com/security/cve/CVE-2022-21476)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2017-10176", + "ruleIndex": 247, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability CVE-2017-10176\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-10176](https://access.redhat.com/security/cve/CVE-2017-10176)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0435", + "ruleIndex": 248, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:0435\nSeverity: medium\nFixed Version: 1:1.8.0.201.b09-0.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0435](https://access.redhat.com/security/cve/CVE-2019-2422)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2024:1817", + "ruleIndex": 249, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2024:1817\nSeverity: medium\nFixed Version: 1:1.8.0.412.b08-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2024:1817](https://access.redhat.com/security/cve/CVE-2024-21094)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:1298", + "ruleIndex": 250, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2021:1298\nSeverity: medium\nFixed Version: 1:1.8.0.292.b10-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1298](https://access.redhat.com/security/cve/CVE-2021-2163)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2017-10118", + "ruleIndex": 251, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability CVE-2017-10118\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-10118](https://access.redhat.com/security/cve/CVE-2017-10118)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:7002", + "ruleIndex": 252, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:7002\nSeverity: medium\nFixed Version: 1:1.8.0.352.b08-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:7002](https://access.redhat.com/security/cve/CVE-2022-21628)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:0203", + "ruleIndex": 253, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:0203\nSeverity: medium\nFixed Version: 1:1.8.0.362.b08-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:0203](https://access.redhat.com/security/cve/CVE-2023-21830)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:0306", + "ruleIndex": 254, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:0306\nSeverity: medium\nFixed Version: 1:1.8.0.322.b06-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0306](https://access.redhat.com/security/cve/CVE-2022-21365)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:4166", + "ruleIndex": 255, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:4166\nSeverity: medium\nFixed Version: 1:1.8.0.382.b05-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:4166](https://access.redhat.com/security/cve/CVE-2023-22049)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:5761", + "ruleIndex": 256, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:5761\nSeverity: medium\nFixed Version: 1:1.8.0.392.b08-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:5761](https://access.redhat.com/security/cve/CVE-2023-22081)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4350", + "ruleIndex": 257, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:4350\nSeverity: medium\nFixed Version: 1:1.8.0.272.b10-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4350](https://access.redhat.com/security/cve/CVE-2020-14803)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1815", + "ruleIndex": 258, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:1815\nSeverity: medium\nFixed Version: 1:1.8.0.222.b10-0.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1815](https://access.redhat.com/security/cve/CVE-2019-2769)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0775", + "ruleIndex": 236, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:0775\nSeverity: high\nFixed Version: 1:1.8.0.212.b04-0.el7_6\nExploit Available: [http://www.exploit-db.com/exploits/46723](http://www.exploit-db.com/exploits/46723)\nExploit Type: dos\nLink: [RHSA-2019:0775](https://access.redhat.com/security/cve/CVE-2019-2698)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:5698", + "ruleIndex": 237, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:5698\nSeverity: high\nFixed Version: 1:1.8.0.342.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5698](https://access.redhat.com/security/cve/CVE-2022-34169)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1512", + "ruleIndex": 238, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:1512\nSeverity: high\nFixed Version: 1:1.8.0.252.b09-2.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1512](https://access.redhat.com/security/cve/CVE-2020-2805)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:3889", + "ruleIndex": 239, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2021:3889\nSeverity: high\nFixed Version: 1:1.8.0.312.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3889](https://access.redhat.com/security/cve/CVE-2021-35567)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:2845", + "ruleIndex": 240, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2021:2845\nSeverity: high\nFixed Version: 1:1.8.0.302.b08-0.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:2845](https://access.redhat.com/security/cve/CVE-2021-2388)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:3128", + "ruleIndex": 241, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:3128\nSeverity: high\nFixed Version: 1:1.8.0.232.b09-0.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:3128](https://access.redhat.com/security/cve/CVE-2019-2949)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:2968", + "ruleIndex": 242, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:2968\nSeverity: high\nFixed Version: 1:1.8.0.262.b10-0.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:2968](https://access.redhat.com/security/cve/CVE-2020-14583)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2024:0223", + "ruleIndex": 243, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2024:0223\nSeverity: high\nFixed Version: 1:1.8.0.402.b06-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2024:0223](https://access.redhat.com/security/cve/CVE-2024-20952)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:0196", + "ruleIndex": 244, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:0196\nSeverity: high\nFixed Version: 1:1.8.0.242.b08-0.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:0196](https://access.redhat.com/security/cve/CVE-2020-2604)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:1904", + "ruleIndex": 245, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:1904\nSeverity: high\nFixed Version: 1:1.8.0.372.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1904](https://access.redhat.com/security/cve/CVE-2023-21930)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:1487", + "ruleIndex": 246, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:1487\nSeverity: high\nFixed Version: 1:1.8.0.332.b09-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:1487](https://access.redhat.com/security/cve/CVE-2022-21476)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2017-10176", + "ruleIndex": 247, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability CVE-2017-10176\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-10176](https://access.redhat.com/security/cve/CVE-2017-10176)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0435", + "ruleIndex": 248, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:0435\nSeverity: medium\nFixed Version: 1:1.8.0.201.b09-0.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0435](https://access.redhat.com/security/cve/CVE-2019-2422)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2024:1817", + "ruleIndex": 249, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2024:1817\nSeverity: medium\nFixed Version: 1:1.8.0.412.b08-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2024:1817](https://access.redhat.com/security/cve/CVE-2024-21094)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:1298", + "ruleIndex": 250, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2021:1298\nSeverity: medium\nFixed Version: 1:1.8.0.292.b10-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1298](https://access.redhat.com/security/cve/CVE-2021-2163)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2017-10118", + "ruleIndex": 251, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability CVE-2017-10118\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-10118](https://access.redhat.com/security/cve/CVE-2017-10118)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:7002", + "ruleIndex": 252, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:7002\nSeverity: medium\nFixed Version: 1:1.8.0.352.b08-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:7002](https://access.redhat.com/security/cve/CVE-2022-21628)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:0203", + "ruleIndex": 253, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:0203\nSeverity: medium\nFixed Version: 1:1.8.0.362.b08-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:0203](https://access.redhat.com/security/cve/CVE-2023-21830)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:0306", + "ruleIndex": 254, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:0306\nSeverity: medium\nFixed Version: 1:1.8.0.322.b06-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0306](https://access.redhat.com/security/cve/CVE-2022-21365)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:4166", + "ruleIndex": 255, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:4166\nSeverity: medium\nFixed Version: 1:1.8.0.382.b05-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:4166](https://access.redhat.com/security/cve/CVE-2023-22049)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:5761", + "ruleIndex": 256, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:5761\nSeverity: medium\nFixed Version: 1:1.8.0.392.b08-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:5761](https://access.redhat.com/security/cve/CVE-2023-22081)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4350", + "ruleIndex": 257, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:4350\nSeverity: medium\nFixed Version: 1:1.8.0.272.b10-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4350](https://access.redhat.com/security/cve/CVE-2020-14803)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1815", + "ruleIndex": 258, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-devel\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:1815\nSeverity: medium\nFixed Version: 1:1.8.0.222.b10-0.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1815](https://access.redhat.com/security/cve/CVE-2019-2769)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-devel", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-devel@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0775", + "ruleIndex": 236, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:0775\nSeverity: high\nFixed Version: 1:1.8.0.212.b04-0.el7_6\nExploit Available: [http://www.exploit-db.com/exploits/46723](http://www.exploit-db.com/exploits/46723)\nExploit Type: dos\nLink: [RHSA-2019:0775](https://access.redhat.com/security/cve/CVE-2019-2698)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:5698", + "ruleIndex": 237, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:5698\nSeverity: high\nFixed Version: 1:1.8.0.342.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5698](https://access.redhat.com/security/cve/CVE-2022-34169)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1512", + "ruleIndex": 238, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:1512\nSeverity: high\nFixed Version: 1:1.8.0.252.b09-2.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1512](https://access.redhat.com/security/cve/CVE-2020-2805)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:3889", + "ruleIndex": 239, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2021:3889\nSeverity: high\nFixed Version: 1:1.8.0.312.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3889](https://access.redhat.com/security/cve/CVE-2021-35567)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:2845", + "ruleIndex": 240, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2021:2845\nSeverity: high\nFixed Version: 1:1.8.0.302.b08-0.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:2845](https://access.redhat.com/security/cve/CVE-2021-2388)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:3128", + "ruleIndex": 241, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:3128\nSeverity: high\nFixed Version: 1:1.8.0.232.b09-0.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:3128](https://access.redhat.com/security/cve/CVE-2019-2949)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:2968", + "ruleIndex": 242, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:2968\nSeverity: high\nFixed Version: 1:1.8.0.262.b10-0.el7_8\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:2968](https://access.redhat.com/security/cve/CVE-2020-14583)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2024:0223", + "ruleIndex": 243, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2024:0223\nSeverity: high\nFixed Version: 1:1.8.0.402.b06-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2024:0223](https://access.redhat.com/security/cve/CVE-2024-20952)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:0196", + "ruleIndex": 244, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:0196\nSeverity: high\nFixed Version: 1:1.8.0.242.b08-0.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:0196](https://access.redhat.com/security/cve/CVE-2020-2604)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:1904", + "ruleIndex": 245, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:1904\nSeverity: high\nFixed Version: 1:1.8.0.372.b07-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1904](https://access.redhat.com/security/cve/CVE-2023-21930)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:1487", + "ruleIndex": 246, + "level": "error", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:1487\nSeverity: high\nFixed Version: 1:1.8.0.332.b09-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:1487](https://access.redhat.com/security/cve/CVE-2022-21476)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2017-10176", + "ruleIndex": 247, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability CVE-2017-10176\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-10176](https://access.redhat.com/security/cve/CVE-2017-10176)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0435", + "ruleIndex": 248, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:0435\nSeverity: medium\nFixed Version: 1:1.8.0.201.b09-0.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0435](https://access.redhat.com/security/cve/CVE-2019-2422)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2024:1817", + "ruleIndex": 249, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2024:1817\nSeverity: medium\nFixed Version: 1:1.8.0.412.b08-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2024:1817](https://access.redhat.com/security/cve/CVE-2024-21094)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:1298", + "ruleIndex": 250, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2021:1298\nSeverity: medium\nFixed Version: 1:1.8.0.292.b10-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1298](https://access.redhat.com/security/cve/CVE-2021-2163)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2017-10118", + "ruleIndex": 251, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability CVE-2017-10118\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-10118](https://access.redhat.com/security/cve/CVE-2017-10118)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:7002", + "ruleIndex": 252, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:7002\nSeverity: medium\nFixed Version: 1:1.8.0.352.b08-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:7002](https://access.redhat.com/security/cve/CVE-2022-21628)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:0203", + "ruleIndex": 253, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:0203\nSeverity: medium\nFixed Version: 1:1.8.0.362.b08-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:0203](https://access.redhat.com/security/cve/CVE-2023-21830)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:0306", + "ruleIndex": 254, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2022:0306\nSeverity: medium\nFixed Version: 1:1.8.0.322.b06-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0306](https://access.redhat.com/security/cve/CVE-2022-21365)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:4166", + "ruleIndex": 255, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:4166\nSeverity: medium\nFixed Version: 1:1.8.0.382.b05-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:4166](https://access.redhat.com/security/cve/CVE-2023-22049)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:5761", + "ruleIndex": 256, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2023:5761\nSeverity: medium\nFixed Version: 1:1.8.0.392.b08-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:5761](https://access.redhat.com/security/cve/CVE-2023-22081)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4350", + "ruleIndex": 257, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2020:4350\nSeverity: medium\nFixed Version: 1:1.8.0.272.b10-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4350](https://access.redhat.com/security/cve/CVE-2020-14803)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1815", + "ruleIndex": 258, + "level": "warning", + "message": { + "text": "Package: java-1.8.0-openjdk-headless\nInstalled Version: 1:1.8.0.191.b12-1.el7_6\nVulnerability RHSA-2019:1815\nSeverity: medium\nFixed Version: 1:1.8.0.222.b10-0.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1815](https://access.redhat.com/security/cve/CVE-2019-2769)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "java-1.8.0-openjdk-headless", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": java-1.8.0-openjdk-headless@1:1.8.0.191.b12-1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-11022", + "ruleIndex": 259, + "level": "warning", + "message": { + "text": "Package: jquery\nInstalled Version: 1.10.2\nVulnerability CVE-2020-11022\nSeverity: medium\nFixed Version: 3.5.0\nExploit Available: [http://www.exploit-db.com/exploits/49766](http://www.exploit-db.com/exploits/49766)\nExploit Type: webapps\nLink: [CVE-2020-11022](https://nvd.nist.gov/vuln/detail/CVE-2020-11022)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js: jquery@1.10.2" + } + } + ] + }, + { + "ruleId": "CVE-2020-11023", + "ruleIndex": 260, + "level": "warning", + "message": { + "text": "Package: jquery\nInstalled Version: 1.10.2\nVulnerability CVE-2020-11023\nSeverity: medium\nFixed Version: 3.5.0\nExploit Available: [http://www.exploit-db.com/exploits/49767](http://www.exploit-db.com/exploits/49767)\nExploit Type: webapps\nLink: [CVE-2020-11023](https://nvd.nist.gov/vuln/detail/CVE-2020-11023)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js: jquery@1.10.2" + } + } + ] + }, + { + "ruleId": "CVE-2015-9251", + "ruleIndex": 261, + "level": "warning", + "message": { + "text": "Package: jquery\nInstalled Version: 1.10.2\nVulnerability CVE-2015-9251\nSeverity: medium\nFixed Version: 1.12.2, 3.0.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-9251](https://nvd.nist.gov/vuln/detail/CVE-2015-9251)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js: jquery@1.10.2" + } + } + ] + }, + { + "ruleId": "CVE-2019-11358", + "ruleIndex": 262, + "level": "warning", + "message": { + "text": "Package: jquery\nInstalled Version: 1.10.2\nVulnerability CVE-2019-11358\nSeverity: medium\nFixed Version: 3.4.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-11358](https://nvd.nist.gov/vuln/detail/CVE-2019-11358)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js: jquery@1.10.2" + } + } + ] + }, + { + "ruleId": "CVE-2020-23064", + "ruleIndex": 263, + "level": "warning", + "message": { + "text": "Package: jquery\nInstalled Version: 1.10.2\nVulnerability CVE-2020-23064\nSeverity: medium\nFixed Version: 3.5.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-23064](https://nvd.nist.gov/vuln/detail/CVE-2020-23064)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/console/main/release-stream-2.7.4.Final-resources.jar:jquery.min.js: jquery@1.10.2" + } + } + ] + }, + { + "ruleId": "RHSA-2022:8640", + "ruleIndex": 264, + "level": "error", + "message": { + "text": "Package: krb5-libs\nInstalled Version: 1.15.1-37.el7_6\nVulnerability RHSA-2022:8640\nSeverity: high\nFixed Version: 1.15.1-55.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:8640](https://access.redhat.com/security/cve/CVE-2022-42898)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "krb5-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": krb5-libs@1.15.1-37.el7_6" + } + } + ] + }, + { + "ruleId": "RHBA-2019:2599", + "ruleIndex": 265, + "level": "warning", + "message": { + "text": "Package: krb5-libs\nInstalled Version: 1.15.1-37.el7_6\nVulnerability RHBA-2019:2599\nSeverity: medium\nFixed Version: 1.15.1-37.el7_7.2\nExploit Available: []()\nExploit Type: \nLink: [RHBA-2019:2599](https://access.redhat.com/security/cve/CVE-2018-20217)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "krb5-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": krb5-libs@1.15.1-37.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-28196", + "ruleIndex": 266, + "level": "warning", + "message": { + "text": "Package: krb5-libs\nInstalled Version: 1.15.1-37.el7_6\nVulnerability CVE-2020-28196\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28196](https://access.redhat.com/security/cve/CVE-2020-28196)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "krb5-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": krb5-libs@1.15.1-37.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2021-36222", + "ruleIndex": 267, + "level": "warning", + "message": { + "text": "Package: krb5-libs\nInstalled Version: 1.15.1-37.el7_6\nVulnerability CVE-2021-36222\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36222](https://access.redhat.com/security/cve/CVE-2021-36222)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "krb5-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": krb5-libs@1.15.1-37.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:4788", + "ruleIndex": 268, + "level": "warning", + "message": { + "text": "Package: krb5-libs\nInstalled Version: 1.15.1-37.el7_6\nVulnerability RHSA-2021:4788\nSeverity: medium\nFixed Version: 1.15.1-51.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4788](https://access.redhat.com/security/cve/CVE-2021-37750)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "krb5-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": krb5-libs@1.15.1-37.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2024-26462", + "ruleIndex": 269, + "level": "warning", + "message": { + "text": "Package: krb5-libs\nInstalled Version: 1.15.1-37.el7_6\nVulnerability CVE-2024-26462\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-26462](https://access.redhat.com/security/cve/CVE-2024-26462)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "krb5-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": krb5-libs@1.15.1-37.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2024-26458", + "ruleIndex": 270, + "level": "note", + "message": { + "text": "Package: krb5-libs\nInstalled Version: 1.15.1-37.el7_6\nVulnerability CVE-2024-26458\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-26458](https://access.redhat.com/security/cve/CVE-2024-26458)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "krb5-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": krb5-libs@1.15.1-37.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2024-26461", + "ruleIndex": 271, + "level": "note", + "message": { + "text": "Package: krb5-libs\nInstalled Version: 1.15.1-37.el7_6\nVulnerability CVE-2024-26461\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-26461](https://access.redhat.com/security/cve/CVE-2024-26461)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "krb5-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": krb5-libs@1.15.1-37.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4908", + "ruleIndex": 272, + "level": "error", + "message": { + "text": "Package: libX11\nInstalled Version: 1.6.5-2.el7\nVulnerability RHSA-2020:4908\nSeverity: high\nFixed Version: 1.6.7-3.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4908](https://access.redhat.com/security/cve/CVE-2020-14363)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2021:3296", + "ruleIndex": 273, + "level": "error", + "message": { + "text": "Package: libX11\nInstalled Version: 1.6.5-2.el7\nVulnerability RHSA-2021:3296\nSeverity: high\nFixed Version: 1.6.7-4.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3296](https://access.redhat.com/security/cve/CVE-2021-31535)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2079", + "ruleIndex": 274, + "level": "warning", + "message": { + "text": "Package: libX11\nInstalled Version: 1.6.5-2.el7\nVulnerability RHSA-2019:2079\nSeverity: medium\nFixed Version: 1.6.7-2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2079](https://access.redhat.com/security/cve/CVE-2018-14600)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-3138", + "ruleIndex": 275, + "level": "warning", + "message": { + "text": "Package: libX11\nInstalled Version: 1.6.5-2.el7\nVulnerability CVE-2023-3138\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-3138](https://access.redhat.com/security/cve/CVE-2023-3138)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-43785", + "ruleIndex": 276, + "level": "warning", + "message": { + "text": "Package: libX11\nInstalled Version: 1.6.5-2.el7\nVulnerability CVE-2023-43785\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-43785](https://access.redhat.com/security/cve/CVE-2023-43785)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-43786", + "ruleIndex": 277, + "level": "warning", + "message": { + "text": "Package: libX11\nInstalled Version: 1.6.5-2.el7\nVulnerability CVE-2023-43786\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-43786](https://access.redhat.com/security/cve/CVE-2023-43786)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-43787", + "ruleIndex": 278, + "level": "warning", + "message": { + "text": "Package: libX11\nInstalled Version: 1.6.5-2.el7\nVulnerability CVE-2023-43787\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-43787](https://access.redhat.com/security/cve/CVE-2023-43787)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4908", + "ruleIndex": 272, + "level": "error", + "message": { + "text": "Package: libX11-common\nInstalled Version: 1.6.5-2.el7\nVulnerability RHSA-2020:4908\nSeverity: high\nFixed Version: 1.6.7-3.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4908](https://access.redhat.com/security/cve/CVE-2020-14363)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11-common@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2021:3296", + "ruleIndex": 273, + "level": "error", + "message": { + "text": "Package: libX11-common\nInstalled Version: 1.6.5-2.el7\nVulnerability RHSA-2021:3296\nSeverity: high\nFixed Version: 1.6.7-4.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3296](https://access.redhat.com/security/cve/CVE-2021-31535)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11-common@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2079", + "ruleIndex": 274, + "level": "warning", + "message": { + "text": "Package: libX11-common\nInstalled Version: 1.6.5-2.el7\nVulnerability RHSA-2019:2079\nSeverity: medium\nFixed Version: 1.6.7-2.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2079](https://access.redhat.com/security/cve/CVE-2018-14600)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11-common@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-3138", + "ruleIndex": 275, + "level": "warning", + "message": { + "text": "Package: libX11-common\nInstalled Version: 1.6.5-2.el7\nVulnerability CVE-2023-3138\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-3138](https://access.redhat.com/security/cve/CVE-2023-3138)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11-common@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-43785", + "ruleIndex": 276, + "level": "warning", + "message": { + "text": "Package: libX11-common\nInstalled Version: 1.6.5-2.el7\nVulnerability CVE-2023-43785\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-43785](https://access.redhat.com/security/cve/CVE-2023-43785)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11-common@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-43786", + "ruleIndex": 277, + "level": "warning", + "message": { + "text": "Package: libX11-common\nInstalled Version: 1.6.5-2.el7\nVulnerability CVE-2023-43786\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-43786](https://access.redhat.com/security/cve/CVE-2023-43786)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11-common@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-43787", + "ruleIndex": 278, + "level": "warning", + "message": { + "text": "Package: libX11-common\nInstalled Version: 1.6.5-2.el7\nVulnerability CVE-2023-43787\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-43787](https://access.redhat.com/security/cve/CVE-2023-43787)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libX11-common", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libX11-common@1.6.5-2.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:0203", + "ruleIndex": 36, + "level": "error", + "message": { + "text": "Package: libarchive\nInstalled Version: 3.1.2-10.el7_2\nVulnerability RHSA-2020:0203\nSeverity: high\nFixed Version: 3.1.2-14.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:0203](https://access.redhat.com/security/cve/CVE-2019-18408)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libarchive", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libarchive@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2298", + "ruleIndex": 37, + "level": "warning", + "message": { + "text": "Package: libarchive\nInstalled Version: 3.1.2-10.el7_2\nVulnerability RHSA-2019:2298\nSeverity: medium\nFixed Version: 3.1.2-12.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2298](https://access.redhat.com/security/cve/CVE-2018-1000878)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libarchive", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libarchive@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "CVE-2021-23177", + "ruleIndex": 38, + "level": "warning", + "message": { + "text": "Package: libarchive\nInstalled Version: 3.1.2-10.el7_2\nVulnerability CVE-2021-23177\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-23177](https://access.redhat.com/security/cve/CVE-2021-23177)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libarchive", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libarchive@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "CVE-2021-31566", + "ruleIndex": 39, + "level": "warning", + "message": { + "text": "Package: libarchive\nInstalled Version: 3.1.2-10.el7_2\nVulnerability CVE-2021-31566\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-31566](https://access.redhat.com/security/cve/CVE-2021-31566)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libarchive", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libarchive@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "CVE-2022-36227", + "ruleIndex": 40, + "level": "note", + "message": { + "text": "Package: libarchive\nInstalled Version: 3.1.2-10.el7_2\nVulnerability CVE-2022-36227\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-36227](https://access.redhat.com/security/cve/CVE-2022-36227)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libarchive", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libarchive@3.1.2-10.el7_2" + } + } + ] + }, + { + "ruleId": "CVE-2020-21583", + "ruleIndex": 279, + "level": "warning", + "message": { + "text": "Package: libblkid\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2020-21583\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-21583](https://access.redhat.com/security/cve/CVE-2020-21583)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libblkid", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libblkid@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-0563", + "ruleIndex": 280, + "level": "warning", + "message": { + "text": "Package: libblkid\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2022-0563\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0563](https://access.redhat.com/security/cve/CVE-2022-0563)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libblkid", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libblkid@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-37600", + "ruleIndex": 281, + "level": "note", + "message": { + "text": "Package: libblkid\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2021-37600\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37600](https://access.redhat.com/security/cve/CVE-2021-37600)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libblkid", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libblkid@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-2603", + "ruleIndex": 282, + "level": "warning", + "message": { + "text": "Package: libcap\nInstalled Version: 2.22-9.el7\nVulnerability CVE-2023-2603\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2603](https://access.redhat.com/security/cve/CVE-2023-2603)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcap@2.22-9.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-2602", + "ruleIndex": 283, + "level": "note", + "message": { + "text": "Package: libcap\nInstalled Version: 2.22-9.el7\nVulnerability CVE-2023-2602\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2602](https://access.redhat.com/security/cve/CVE-2023-2602)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcap@2.22-9.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4011", + "ruleIndex": 284, + "level": "warning", + "message": { + "text": "Package: libcom_err\nInstalled Version: 1.42.9-13.el7\nVulnerability RHSA-2020:4011\nSeverity: medium\nFixed Version: 1.42.9-19.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4011](https://access.redhat.com/security/cve/CVE-2019-5188)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcom_err", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcom_err@1.42.9-13.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-1304", + "ruleIndex": 285, + "level": "warning", + "message": { + "text": "Package: libcom_err\nInstalled Version: 1.42.9-13.el7\nVulnerability CVE-2022-1304\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1304](https://access.redhat.com/security/cve/CVE-2022-1304)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcom_err", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcom_err@1.42.9-13.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27776", + "ruleIndex": 106, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27776\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27776](https://access.redhat.com/security/cve/CVE-2022-27776)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27782", + "ruleIndex": 107, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27782\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27782](https://access.redhat.com/security/cve/CVE-2022-27782)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22947", + "ruleIndex": 108, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22947\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22947](https://access.redhat.com/security/cve/CVE-2021-22947)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3916", + "ruleIndex": 109, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2020:3916\nSeverity: medium\nFixed Version: 7.29.0-59.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3916](https://access.redhat.com/security/cve/CVE-2019-5482)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:5002", + "ruleIndex": 110, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2020:5002\nSeverity: medium\nFixed Version: 7.29.0-59.el7_9.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5002](https://access.redhat.com/security/cve/CVE-2020-8177)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-8284", + "ruleIndex": 111, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2020-8284\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8284](https://access.redhat.com/security/cve/CVE-2020-8284)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-8285", + "ruleIndex": 112, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2020-8285\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-8285](https://access.redhat.com/security/cve/CVE-2020-8285)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22876", + "ruleIndex": 113, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22876\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22876](https://access.redhat.com/security/cve/CVE-2021-22876)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27774", + "ruleIndex": 114, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27774\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27774](https://access.redhat.com/security/cve/CVE-2022-27774)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22924", + "ruleIndex": 115, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22924\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22924](https://access.redhat.com/security/cve/CVE-2021-22924)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-43551", + "ruleIndex": 116, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-43551\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-43551](https://access.redhat.com/security/cve/CVE-2022-43551)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22946", + "ruleIndex": 117, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22946\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22946](https://access.redhat.com/security/cve/CVE-2021-22946)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2024-2398", + "ruleIndex": 118, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2024-2398\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-2398](https://access.redhat.com/security/cve/CVE-2024-2398)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-32208", + "ruleIndex": 119, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-32208\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-32208](https://access.redhat.com/security/cve/CVE-2022-32208)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-30115", + "ruleIndex": 120, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-30115\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-30115](https://access.redhat.com/security/cve/CVE-2022-30115)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27778", + "ruleIndex": 121, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27778\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27778](https://access.redhat.com/security/cve/CVE-2022-27778)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27779", + "ruleIndex": 122, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27779\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27779](https://access.redhat.com/security/cve/CVE-2022-27779)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27780", + "ruleIndex": 123, + "level": "warning", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27780\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27780](https://access.redhat.com/security/cve/CVE-2022-27780)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1880", + "ruleIndex": 124, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2019:1880\nSeverity: low\nFixed Version: 7.29.0-51.el7_6.3\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1880](https://access.redhat.com/security/cve/CVE-2018-14618)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2181", + "ruleIndex": 125, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2019:2181\nSeverity: low\nFixed Version: 7.29.0-54.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2181](https://access.redhat.com/security/cve/CVE-2018-16842)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-27781", + "ruleIndex": 126, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-27781\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-27781](https://access.redhat.com/security/cve/CVE-2022-27781)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-28322", + "ruleIndex": 127, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2023-28322\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-28322](https://access.redhat.com/security/cve/CVE-2023-28322)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-35252", + "ruleIndex": 128, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2022-35252\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-35252](https://access.redhat.com/security/cve/CVE-2022-35252)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22925", + "ruleIndex": 129, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22925\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22925](https://access.redhat.com/security/cve/CVE-2021-22925)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2023:7743", + "ruleIndex": 130, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2023:7743\nSeverity: low\nFixed Version: 7.29.0-59.el7_9.2\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:7743](https://access.redhat.com/security/cve/CVE-2022-43552)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-22898", + "ruleIndex": 131, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2021-22898\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22898](https://access.redhat.com/security/cve/CVE-2021-22898)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-38546", + "ruleIndex": 132, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability CVE-2023-38546\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-38546](https://access.redhat.com/security/cve/CVE-2023-38546)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1020", + "ruleIndex": 133, + "level": "note", + "message": { + "text": "Package: libcurl\nInstalled Version: 7.29.0-51.el7\nVulnerability RHSA-2020:1020\nSeverity: low\nFixed Version: 7.29.0-57.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1020](https://access.redhat.com/security/cve/CVE-2019-5436)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libcurl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libcurl@7.29.0-51.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-28362", + "ruleIndex": 286, + "level": "warning", + "message": { + "text": "Package: libgcc\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2020-28362\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28362](https://access.redhat.com/security/cve/CVE-2020-28362)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libgcc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libgcc@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-28366", + "ruleIndex": 287, + "level": "warning", + "message": { + "text": "Package: libgcc\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2020-28366\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28366](https://access.redhat.com/security/cve/CVE-2020-28366)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libgcc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libgcc@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-28367", + "ruleIndex": 288, + "level": "warning", + "message": { + "text": "Package: libgcc\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2020-28367\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28367](https://access.redhat.com/security/cve/CVE-2020-28367)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libgcc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libgcc@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-27918", + "ruleIndex": 289, + "level": "warning", + "message": { + "text": "Package: libgcc\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2021-27918\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-27918](https://access.redhat.com/security/cve/CVE-2021-27918)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libgcc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libgcc@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3826", + "ruleIndex": 290, + "level": "note", + "message": { + "text": "Package: libgcc\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2021-3826\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3826](https://access.redhat.com/security/cve/CVE-2021-3826)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libgcc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libgcc@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-46195", + "ruleIndex": 291, + "level": "note", + "message": { + "text": "Package: libgcc\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2021-46195\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-46195](https://access.redhat.com/security/cve/CVE-2021-46195)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libgcc", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libgcc@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-33560", + "ruleIndex": 292, + "level": "warning", + "message": { + "text": "Package: libgcrypt\nInstalled Version: 1.5.3-14.el7\nVulnerability CVE-2021-33560\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-33560](https://access.redhat.com/security/cve/CVE-2021-33560)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libgcrypt", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libgcrypt@1.5.3-14.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-40528", + "ruleIndex": 293, + "level": "warning", + "message": { + "text": "Package: libgcrypt\nInstalled Version: 1.5.3-14.el7\nVulnerability CVE-2021-40528\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-40528](https://access.redhat.com/security/cve/CVE-2021-40528)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libgcrypt", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libgcrypt@1.5.3-14.el7" + } + } + ] + }, + { + "ruleId": "CVE-2024-2236", + "ruleIndex": 294, + "level": "warning", + "message": { + "text": "Package: libgcrypt\nInstalled Version: 1.5.3-14.el7\nVulnerability CVE-2024-2236\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-2236](https://access.redhat.com/security/cve/CVE-2024-2236)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libgcrypt", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libgcrypt@1.5.3-14.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2052", + "ruleIndex": 295, + "level": "warning", + "message": { + "text": "Package: libjpeg-turbo\nInstalled Version: 1.2.90-6.el7\nVulnerability RHSA-2019:2052\nSeverity: medium\nFixed Version: 1.2.90-8.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2052](https://access.redhat.com/security/cve/CVE-2016-3616)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libjpeg-turbo", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libjpeg-turbo@1.2.90-6.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-17541", + "ruleIndex": 296, + "level": "warning", + "message": { + "text": "Package: libjpeg-turbo\nInstalled Version: 1.2.90-6.el7\nVulnerability CVE-2020-17541\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-17541](https://access.redhat.com/security/cve/CVE-2020-17541)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libjpeg-turbo", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libjpeg-turbo@1.2.90-6.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-29390", + "ruleIndex": 297, + "level": "warning", + "message": { + "text": "Package: libjpeg-turbo\nInstalled Version: 1.2.90-6.el7\nVulnerability CVE-2021-29390\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-29390](https://access.redhat.com/security/cve/CVE-2021-29390)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libjpeg-turbo", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libjpeg-turbo@1.2.90-6.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-21583", + "ruleIndex": 279, + "level": "warning", + "message": { + "text": "Package: libmount\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2020-21583\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-21583](https://access.redhat.com/security/cve/CVE-2020-21583)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libmount", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libmount@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-0563", + "ruleIndex": 280, + "level": "warning", + "message": { + "text": "Package: libmount\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2022-0563\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0563](https://access.redhat.com/security/cve/CVE-2022-0563)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libmount", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libmount@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-37600", + "ruleIndex": 281, + "level": "note", + "message": { + "text": "Package: libmount\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2021-37600\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37600](https://access.redhat.com/security/cve/CVE-2021-37600)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libmount", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libmount@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3901", + "ruleIndex": 298, + "level": "note", + "message": { + "text": "Package: libpng\nInstalled Version: 2:1.5.13-7.el7_2\nVulnerability RHSA-2020:3901\nSeverity: low\nFixed Version: 2:1.5.13-8.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3901](https://access.redhat.com/security/cve/CVE-2017-12652)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libpng", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libpng@2:1.5.13-7.el7_2" + } + } + ] + }, + { + "ruleId": "CVE-2021-36084", + "ruleIndex": 299, + "level": "warning", + "message": { + "text": "Package: libsepol\nInstalled Version: 2.5-10.el7\nVulnerability CVE-2021-36084\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36084](https://access.redhat.com/security/cve/CVE-2021-36084)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libsepol", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libsepol@2.5-10.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-36085", + "ruleIndex": 300, + "level": "warning", + "message": { + "text": "Package: libsepol\nInstalled Version: 2.5-10.el7\nVulnerability CVE-2021-36085\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36085](https://access.redhat.com/security/cve/CVE-2021-36085)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libsepol", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libsepol@2.5-10.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-36086", + "ruleIndex": 301, + "level": "warning", + "message": { + "text": "Package: libsepol\nInstalled Version: 2.5-10.el7\nVulnerability CVE-2021-36086\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36086](https://access.redhat.com/security/cve/CVE-2021-36086)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libsepol", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libsepol@2.5-10.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-36087", + "ruleIndex": 302, + "level": "warning", + "message": { + "text": "Package: libsepol\nInstalled Version: 2.5-10.el7\nVulnerability CVE-2021-36087\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-36087](https://access.redhat.com/security/cve/CVE-2021-36087)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libsepol", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libsepol@2.5-10.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0679", + "ruleIndex": 303, + "level": "error", + "message": { + "text": "Package: libssh2\nInstalled Version: 1.4.3-12.el7\nVulnerability RHSA-2019:0679\nSeverity: high\nFixed Version: 1.4.3-12.el7_6.2\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0679](https://access.redhat.com/security/cve/CVE-2019-3863)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libssh2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libssh2@1.4.3-12.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3915", + "ruleIndex": 304, + "level": "warning", + "message": { + "text": "Package: libssh2\nInstalled Version: 1.4.3-12.el7\nVulnerability RHSA-2020:3915\nSeverity: medium\nFixed Version: 1.8.0-4.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3915](https://access.redhat.com/security/cve/CVE-2019-17498)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libssh2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libssh2@1.4.3-12.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2136", + "ruleIndex": 305, + "level": "warning", + "message": { + "text": "Package: libssh2\nInstalled Version: 1.4.3-12.el7\nVulnerability RHSA-2019:2136\nSeverity: medium\nFixed Version: 1.8.0-3.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2136](https://access.redhat.com/security/cve/CVE-2019-3861)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libssh2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libssh2@1.4.3-12.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1884", + "ruleIndex": 306, + "level": "warning", + "message": { + "text": "Package: libssh2\nInstalled Version: 1.4.3-12.el7\nVulnerability RHSA-2019:1884\nSeverity: medium\nFixed Version: 1.4.3-12.el7_6.3\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1884](https://access.redhat.com/security/cve/CVE-2019-3862)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libssh2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libssh2@1.4.3-12.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2023:5615", + "ruleIndex": 307, + "level": "warning", + "message": { + "text": "Package: libssh2\nInstalled Version: 1.4.3-12.el7\nVulnerability RHSA-2023:5615\nSeverity: medium\nFixed Version: 1.8.0-4.el7_9.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:5615](https://access.redhat.com/security/cve/CVE-2020-22218)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libssh2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libssh2@1.4.3-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-2283", + "ruleIndex": 308, + "level": "warning", + "message": { + "text": "Package: libssh2\nInstalled Version: 1.4.3-12.el7\nVulnerability CVE-2023-2283\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2283](https://access.redhat.com/security/cve/CVE-2023-2283)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libssh2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libssh2@1.4.3-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-48795", + "ruleIndex": 309, + "level": "warning", + "message": { + "text": "Package: libssh2\nInstalled Version: 1.4.3-12.el7\nVulnerability CVE-2023-48795\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-48795](https://access.redhat.com/security/cve/CVE-2023-48795)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libssh2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libssh2@1.4.3-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-6918", + "ruleIndex": 310, + "level": "note", + "message": { + "text": "Package: libssh2\nInstalled Version: 1.4.3-12.el7\nVulnerability CVE-2023-6918\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-6918](https://access.redhat.com/security/cve/CVE-2023-6918)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libssh2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libssh2@1.4.3-12.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-28362", + "ruleIndex": 286, + "level": "warning", + "message": { + "text": "Package: libstdc++\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2020-28362\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28362](https://access.redhat.com/security/cve/CVE-2020-28362)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libstdc++", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libstdc++@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-28366", + "ruleIndex": 287, + "level": "warning", + "message": { + "text": "Package: libstdc++\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2020-28366\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28366](https://access.redhat.com/security/cve/CVE-2020-28366)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libstdc++", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libstdc++@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-28367", + "ruleIndex": 288, + "level": "warning", + "message": { + "text": "Package: libstdc++\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2020-28367\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-28367](https://access.redhat.com/security/cve/CVE-2020-28367)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libstdc++", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libstdc++@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-27918", + "ruleIndex": 289, + "level": "warning", + "message": { + "text": "Package: libstdc++\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2021-27918\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-27918](https://access.redhat.com/security/cve/CVE-2021-27918)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libstdc++", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libstdc++@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3826", + "ruleIndex": 290, + "level": "note", + "message": { + "text": "Package: libstdc++\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2021-3826\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3826](https://access.redhat.com/security/cve/CVE-2021-3826)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libstdc++", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libstdc++@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-46195", + "ruleIndex": 291, + "level": "note", + "message": { + "text": "Package: libstdc++\nInstalled Version: 4.8.5-36.el7\nVulnerability CVE-2021-46195\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-46195](https://access.redhat.com/security/cve/CVE-2021-46195)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libstdc++", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libstdc++@4.8.5-36.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-46848", + "ruleIndex": 311, + "level": "warning", + "message": { + "text": "Package: libtasn1\nInstalled Version: 4.10-1.el7\nVulnerability CVE-2021-46848\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-46848](https://access.redhat.com/security/cve/CVE-2021-46848)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libtasn1", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libtasn1@4.10-1.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-21583", + "ruleIndex": 279, + "level": "warning", + "message": { + "text": "Package: libuuid\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2020-21583\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-21583](https://access.redhat.com/security/cve/CVE-2020-21583)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libuuid", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libuuid@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-0563", + "ruleIndex": 280, + "level": "warning", + "message": { + "text": "Package: libuuid\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2022-0563\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0563](https://access.redhat.com/security/cve/CVE-2022-0563)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libuuid", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libuuid@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-37600", + "ruleIndex": 281, + "level": "note", + "message": { + "text": "Package: libuuid\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2021-37600\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37600](https://access.redhat.com/security/cve/CVE-2021-37600)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libuuid", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libuuid@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1190", + "ruleIndex": 312, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability RHSA-2020:1190\nSeverity: medium\nFixed Version: 2.9.1-6.el7.4\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1190](https://access.redhat.com/security/cve/CVE-2017-15412)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2016-3709", + "ruleIndex": 313, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2016-3709\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-3709](https://access.redhat.com/security/cve/CVE-2016-3709)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "RHSA-2021:3810", + "ruleIndex": 314, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability RHSA-2021:3810\nSeverity: medium\nFixed Version: 2.9.1-6.el7_9.6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3810](https://access.redhat.com/security/cve/CVE-2016-4658)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3996", + "ruleIndex": 315, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability RHSA-2020:3996\nSeverity: medium\nFixed Version: 2.9.1-6.el7.5\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3996](https://access.redhat.com/security/cve/CVE-2020-7595)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3516", + "ruleIndex": 316, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2021-3516\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3516](https://access.redhat.com/security/cve/CVE-2021-3516)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3517", + "ruleIndex": 317, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2021-3517\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3517](https://access.redhat.com/security/cve/CVE-2021-3517)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3518", + "ruleIndex": 318, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2021-3518\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3518](https://access.redhat.com/security/cve/CVE-2021-3518)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3537", + "ruleIndex": 319, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2021-3537\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3537](https://access.redhat.com/security/cve/CVE-2021-3537)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-23308", + "ruleIndex": 320, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2022-23308\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23308](https://access.redhat.com/security/cve/CVE-2022-23308)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-40303", + "ruleIndex": 321, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2022-40303\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40303](https://access.redhat.com/security/cve/CVE-2022-40303)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-40304", + "ruleIndex": 322, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2022-40304\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40304](https://access.redhat.com/security/cve/CVE-2022-40304)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-28484", + "ruleIndex": 323, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2023-28484\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-28484](https://access.redhat.com/security/cve/CVE-2023-28484)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-29469", + "ruleIndex": 324, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2023-29469\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-29469](https://access.redhat.com/security/cve/CVE-2023-29469)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-39615", + "ruleIndex": 325, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2023-39615\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-39615](https://access.redhat.com/security/cve/CVE-2023-39615)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-25062", + "ruleIndex": 326, + "level": "warning", + "message": { + "text": "Package: libxml2\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2024-25062\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-25062](https://access.redhat.com/security/cve/CVE-2024-25062)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1190", + "ruleIndex": 312, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability RHSA-2020:1190\nSeverity: medium\nFixed Version: 2.9.1-6.el7.4\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1190](https://access.redhat.com/security/cve/CVE-2017-15412)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2016-3709", + "ruleIndex": 313, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2016-3709\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-3709](https://access.redhat.com/security/cve/CVE-2016-3709)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "RHSA-2021:3810", + "ruleIndex": 314, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability RHSA-2021:3810\nSeverity: medium\nFixed Version: 2.9.1-6.el7_9.6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3810](https://access.redhat.com/security/cve/CVE-2016-4658)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3996", + "ruleIndex": 315, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability RHSA-2020:3996\nSeverity: medium\nFixed Version: 2.9.1-6.el7.5\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3996](https://access.redhat.com/security/cve/CVE-2020-7595)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3516", + "ruleIndex": 316, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2021-3516\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3516](https://access.redhat.com/security/cve/CVE-2021-3516)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3517", + "ruleIndex": 317, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2021-3517\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3517](https://access.redhat.com/security/cve/CVE-2021-3517)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3518", + "ruleIndex": 318, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2021-3518\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3518](https://access.redhat.com/security/cve/CVE-2021-3518)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2021-3537", + "ruleIndex": 319, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2021-3537\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3537](https://access.redhat.com/security/cve/CVE-2021-3537)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-23308", + "ruleIndex": 320, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2022-23308\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23308](https://access.redhat.com/security/cve/CVE-2022-23308)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-40303", + "ruleIndex": 321, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2022-40303\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40303](https://access.redhat.com/security/cve/CVE-2022-40303)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-40304", + "ruleIndex": 322, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2022-40304\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40304](https://access.redhat.com/security/cve/CVE-2022-40304)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-28484", + "ruleIndex": 323, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2023-28484\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-28484](https://access.redhat.com/security/cve/CVE-2023-28484)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-29469", + "ruleIndex": 324, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2023-29469\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-29469](https://access.redhat.com/security/cve/CVE-2023-29469)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-39615", + "ruleIndex": 325, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2023-39615\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-39615](https://access.redhat.com/security/cve/CVE-2023-39615)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "CVE-2024-25062", + "ruleIndex": 326, + "level": "warning", + "message": { + "text": "Package: libxml2-python\nInstalled Version: 2.9.1-6.el7_2.3\nVulnerability CVE-2024-25062\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-25062](https://access.redhat.com/security/cve/CVE-2024-25062)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxml2-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxml2-python@2.9.1-6.el7_2.3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4005", + "ruleIndex": 327, + "level": "warning", + "message": { + "text": "Package: libxslt\nInstalled Version: 1.1.28-5.el7\nVulnerability RHSA-2020:4005\nSeverity: medium\nFixed Version: 1.1.28-6.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4005](https://access.redhat.com/security/cve/CVE-2019-18197)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "libxslt", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": libxslt@1.1.28-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-43519", + "ruleIndex": 328, + "level": "warning", + "message": { + "text": "Package: lua\nInstalled Version: 5.1.4-15.el7\nVulnerability CVE-2021-43519\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-43519](https://access.redhat.com/security/cve/CVE-2021-43519)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lua", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": lua@5.1.4-15.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3520", + "ruleIndex": 329, + "level": "warning", + "message": { + "text": "Package: lz4\nInstalled Version: 1.7.5-2.el7\nVulnerability CVE-2021-3520\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3520](https://access.redhat.com/security/cve/CVE-2021-3520)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lz4", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": lz4@1.7.5-2.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-29491", + "ruleIndex": 330, + "level": "warning", + "message": { + "text": "Package: ncurses\nInstalled Version: 5.9-14.20130511.el7_4\nVulnerability CVE-2023-29491\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-29491](https://access.redhat.com/security/cve/CVE-2023-29491)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ncurses", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ncurses@5.9-14.20130511.el7_4" + } + } + ] + }, + { + "ruleId": "CVE-2020-19188", + "ruleIndex": 331, + "level": "note", + "message": { + "text": "Package: ncurses\nInstalled Version: 5.9-14.20130511.el7_4\nVulnerability CVE-2020-19188\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-19188](https://access.redhat.com/security/cve/CVE-2020-19188)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ncurses", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ncurses@5.9-14.20130511.el7_4" + } + } + ] + }, + { + "ruleId": "CVE-2021-39537", + "ruleIndex": 332, + "level": "note", + "message": { + "text": "Package: ncurses\nInstalled Version: 5.9-14.20130511.el7_4\nVulnerability CVE-2021-39537\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-39537](https://access.redhat.com/security/cve/CVE-2021-39537)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ncurses", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ncurses@5.9-14.20130511.el7_4" + } + } + ] + }, + { + "ruleId": "CVE-2023-29491", + "ruleIndex": 330, + "level": "warning", + "message": { + "text": "Package: ncurses-base\nInstalled Version: 5.9-14.20130511.el7_4\nVulnerability CVE-2023-29491\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-29491](https://access.redhat.com/security/cve/CVE-2023-29491)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ncurses-base", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ncurses-base@5.9-14.20130511.el7_4" + } + } + ] + }, + { + "ruleId": "CVE-2020-19188", + "ruleIndex": 331, + "level": "note", + "message": { + "text": "Package: ncurses-base\nInstalled Version: 5.9-14.20130511.el7_4\nVulnerability CVE-2020-19188\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-19188](https://access.redhat.com/security/cve/CVE-2020-19188)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ncurses-base", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ncurses-base@5.9-14.20130511.el7_4" + } + } + ] + }, + { + "ruleId": "CVE-2021-39537", + "ruleIndex": 332, + "level": "note", + "message": { + "text": "Package: ncurses-base\nInstalled Version: 5.9-14.20130511.el7_4\nVulnerability CVE-2021-39537\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-39537](https://access.redhat.com/security/cve/CVE-2021-39537)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ncurses-base", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ncurses-base@5.9-14.20130511.el7_4" + } + } + ] + }, + { + "ruleId": "CVE-2023-29491", + "ruleIndex": 330, + "level": "warning", + "message": { + "text": "Package: ncurses-libs\nInstalled Version: 5.9-14.20130511.el7_4\nVulnerability CVE-2023-29491\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-29491](https://access.redhat.com/security/cve/CVE-2023-29491)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ncurses-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ncurses-libs@5.9-14.20130511.el7_4" + } + } + ] + }, + { + "ruleId": "CVE-2020-19188", + "ruleIndex": 331, + "level": "note", + "message": { + "text": "Package: ncurses-libs\nInstalled Version: 5.9-14.20130511.el7_4\nVulnerability CVE-2020-19188\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-19188](https://access.redhat.com/security/cve/CVE-2020-19188)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ncurses-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ncurses-libs@5.9-14.20130511.el7_4" + } + } + ] + }, + { + "ruleId": "CVE-2021-39537", + "ruleIndex": 332, + "level": "note", + "message": { + "text": "Package: ncurses-libs\nInstalled Version: 5.9-14.20130511.el7_4\nVulnerability CVE-2021-39537\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-39537](https://access.redhat.com/security/cve/CVE-2021-39537)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "ncurses-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": ncurses-libs@5.9-14.20130511.el7_4" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2237", + "ruleIndex": 333, + "level": "warning", + "message": { + "text": "Package: nspr\nInstalled Version: 4.19.0-1.el7_5\nVulnerability RHSA-2019:2237\nSeverity: medium\nFixed Version: 4.21.0-1.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2237](https://access.redhat.com/security/cve/CVE-2019-17007)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nspr", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nspr@4.19.0-1.el7_5" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4076", + "ruleIndex": 334, + "level": "warning", + "message": { + "text": "Package: nspr\nInstalled Version: 4.19.0-1.el7_5\nVulnerability RHSA-2020:4076\nSeverity: medium\nFixed Version: 4.25.0-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4076](https://access.redhat.com/security/cve/CVE-2019-17006)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nspr", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nspr@4.19.0-1.el7_5" + } + } + ] + }, + { + "ruleId": "RHSA-2021:4904", + "ruleIndex": 335, + "level": "error", + "message": { + "text": "Package: nss\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2021:4904\nSeverity: critical\nFixed Version: 3.67.0-4.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4904](https://access.redhat.com/security/cve/CVE-2021-43527)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2014-3566", + "ruleIndex": 336, + "level": "error", + "message": { + "text": "Package: nss\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability CVE-2014-3566\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3566](https://access.redhat.com/security/cve/CVE-2014-3566)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:4190", + "ruleIndex": 337, + "level": "error", + "message": { + "text": "Package: nss\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2019:4190\nSeverity: high\nFixed Version: 3.44.0-7.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:4190](https://access.redhat.com/security/cve/CVE-2019-11745)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:1332", + "ruleIndex": 338, + "level": "error", + "message": { + "text": "Package: nss\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2023:1332\nSeverity: high\nFixed Version: 3.79.0-5.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1332](https://access.redhat.com/security/cve/CVE-2023-0767)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2237", + "ruleIndex": 333, + "level": "warning", + "message": { + "text": "Package: nss\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2019:2237\nSeverity: medium\nFixed Version: 3.44.0-4.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2237](https://access.redhat.com/security/cve/CVE-2019-17007)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4076", + "ruleIndex": 334, + "level": "warning", + "message": { + "text": "Package: nss\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2020:4076\nSeverity: medium\nFixed Version: 3.53.1-3.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4076](https://access.redhat.com/security/cve/CVE-2019-17006)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:1384", + "ruleIndex": 339, + "level": "warning", + "message": { + "text": "Package: nss\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2021:1384\nSeverity: medium\nFixed Version: 3.53.1-7.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1384](https://access.redhat.com/security/cve/CVE-2020-25648)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2023-5388", + "ruleIndex": 340, + "level": "warning", + "message": { + "text": "Package: nss\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability CVE-2023-5388\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5388](https://access.redhat.com/security/cve/CVE-2023-5388)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:4190", + "ruleIndex": 337, + "level": "error", + "message": { + "text": "Package: nss-softokn\nInstalled Version: 3.36.0-5.el7_5\nVulnerability RHSA-2019:4190\nSeverity: high\nFixed Version: 3.44.0-8.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:4190](https://access.redhat.com/security/cve/CVE-2019-11745)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-softokn", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-softokn@3.36.0-5.el7_5" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2237", + "ruleIndex": 333, + "level": "warning", + "message": { + "text": "Package: nss-softokn\nInstalled Version: 3.36.0-5.el7_5\nVulnerability RHSA-2019:2237\nSeverity: medium\nFixed Version: 3.44.0-5.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2237](https://access.redhat.com/security/cve/CVE-2019-17007)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-softokn", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-softokn@3.36.0-5.el7_5" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4076", + "ruleIndex": 334, + "level": "warning", + "message": { + "text": "Package: nss-softokn\nInstalled Version: 3.36.0-5.el7_5\nVulnerability RHSA-2020:4076\nSeverity: medium\nFixed Version: 3.53.1-6.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4076](https://access.redhat.com/security/cve/CVE-2019-17006)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-softokn", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-softokn@3.36.0-5.el7_5" + } + } + ] + }, + { + "ruleId": "RHSA-2019:4190", + "ruleIndex": 337, + "level": "error", + "message": { + "text": "Package: nss-softokn-freebl\nInstalled Version: 3.36.0-5.el7_5\nVulnerability RHSA-2019:4190\nSeverity: high\nFixed Version: 3.44.0-8.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:4190](https://access.redhat.com/security/cve/CVE-2019-11745)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-softokn-freebl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-softokn-freebl@3.36.0-5.el7_5" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2237", + "ruleIndex": 333, + "level": "warning", + "message": { + "text": "Package: nss-softokn-freebl\nInstalled Version: 3.36.0-5.el7_5\nVulnerability RHSA-2019:2237\nSeverity: medium\nFixed Version: 3.44.0-5.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2237](https://access.redhat.com/security/cve/CVE-2019-17007)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-softokn-freebl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-softokn-freebl@3.36.0-5.el7_5" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4076", + "ruleIndex": 334, + "level": "warning", + "message": { + "text": "Package: nss-softokn-freebl\nInstalled Version: 3.36.0-5.el7_5\nVulnerability RHSA-2020:4076\nSeverity: medium\nFixed Version: 3.53.1-6.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4076](https://access.redhat.com/security/cve/CVE-2019-17006)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-softokn-freebl", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-softokn-freebl@3.36.0-5.el7_5" + } + } + ] + }, + { + "ruleId": "RHSA-2021:4904", + "ruleIndex": 335, + "level": "error", + "message": { + "text": "Package: nss-sysinit\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2021:4904\nSeverity: critical\nFixed Version: 3.67.0-4.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4904](https://access.redhat.com/security/cve/CVE-2021-43527)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-sysinit", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-sysinit@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2014-3566", + "ruleIndex": 336, + "level": "error", + "message": { + "text": "Package: nss-sysinit\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability CVE-2014-3566\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3566](https://access.redhat.com/security/cve/CVE-2014-3566)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-sysinit", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-sysinit@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:4190", + "ruleIndex": 337, + "level": "error", + "message": { + "text": "Package: nss-sysinit\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2019:4190\nSeverity: high\nFixed Version: 3.44.0-7.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:4190](https://access.redhat.com/security/cve/CVE-2019-11745)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-sysinit", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-sysinit@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:1332", + "ruleIndex": 338, + "level": "error", + "message": { + "text": "Package: nss-sysinit\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2023:1332\nSeverity: high\nFixed Version: 3.79.0-5.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1332](https://access.redhat.com/security/cve/CVE-2023-0767)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-sysinit", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-sysinit@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2237", + "ruleIndex": 333, + "level": "warning", + "message": { + "text": "Package: nss-sysinit\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2019:2237\nSeverity: medium\nFixed Version: 3.44.0-4.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2237](https://access.redhat.com/security/cve/CVE-2019-17007)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-sysinit", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-sysinit@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4076", + "ruleIndex": 334, + "level": "warning", + "message": { + "text": "Package: nss-sysinit\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2020:4076\nSeverity: medium\nFixed Version: 3.53.1-3.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4076](https://access.redhat.com/security/cve/CVE-2019-17006)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-sysinit", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-sysinit@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:1384", + "ruleIndex": 339, + "level": "warning", + "message": { + "text": "Package: nss-sysinit\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2021:1384\nSeverity: medium\nFixed Version: 3.53.1-7.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1384](https://access.redhat.com/security/cve/CVE-2020-25648)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-sysinit", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-sysinit@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2023-5388", + "ruleIndex": 340, + "level": "warning", + "message": { + "text": "Package: nss-sysinit\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability CVE-2023-5388\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5388](https://access.redhat.com/security/cve/CVE-2023-5388)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-sysinit", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-sysinit@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:4904", + "ruleIndex": 335, + "level": "error", + "message": { + "text": "Package: nss-tools\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2021:4904\nSeverity: critical\nFixed Version: 3.67.0-4.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4904](https://access.redhat.com/security/cve/CVE-2021-43527)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-tools", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-tools@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2014-3566", + "ruleIndex": 336, + "level": "error", + "message": { + "text": "Package: nss-tools\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability CVE-2014-3566\nSeverity: high\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3566](https://access.redhat.com/security/cve/CVE-2014-3566)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-tools", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-tools@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:4190", + "ruleIndex": 337, + "level": "error", + "message": { + "text": "Package: nss-tools\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2019:4190\nSeverity: high\nFixed Version: 3.44.0-7.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:4190](https://access.redhat.com/security/cve/CVE-2019-11745)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-tools", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-tools@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2023:1332", + "ruleIndex": 338, + "level": "error", + "message": { + "text": "Package: nss-tools\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2023:1332\nSeverity: high\nFixed Version: 3.79.0-5.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1332](https://access.redhat.com/security/cve/CVE-2023-0767)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-tools", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-tools@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2237", + "ruleIndex": 333, + "level": "warning", + "message": { + "text": "Package: nss-tools\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2019:2237\nSeverity: medium\nFixed Version: 3.44.0-4.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2237](https://access.redhat.com/security/cve/CVE-2019-17007)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-tools", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-tools@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4076", + "ruleIndex": 334, + "level": "warning", + "message": { + "text": "Package: nss-tools\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2020:4076\nSeverity: medium\nFixed Version: 3.53.1-3.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4076](https://access.redhat.com/security/cve/CVE-2019-17006)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-tools", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-tools@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:1384", + "ruleIndex": 339, + "level": "warning", + "message": { + "text": "Package: nss-tools\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability RHSA-2021:1384\nSeverity: medium\nFixed Version: 3.53.1-7.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1384](https://access.redhat.com/security/cve/CVE-2020-25648)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-tools", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-tools@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2023-5388", + "ruleIndex": 340, + "level": "warning", + "message": { + "text": "Package: nss-tools\nInstalled Version: 3.36.0-7.1.el7_6\nVulnerability CVE-2023-5388\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5388](https://access.redhat.com/security/cve/CVE-2023-5388)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-tools", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-tools@3.36.0-7.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:4190", + "ruleIndex": 337, + "level": "error", + "message": { + "text": "Package: nss-util\nInstalled Version: 3.36.0-1.1.el7_6\nVulnerability RHSA-2019:4190\nSeverity: high\nFixed Version: 3.44.0-4.el7_7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:4190](https://access.redhat.com/security/cve/CVE-2019-11745)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-util", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-util@3.36.0-1.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2237", + "ruleIndex": 333, + "level": "warning", + "message": { + "text": "Package: nss-util\nInstalled Version: 3.36.0-1.1.el7_6\nVulnerability RHSA-2019:2237\nSeverity: medium\nFixed Version: 3.44.0-3.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2237](https://access.redhat.com/security/cve/CVE-2019-17007)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-util", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-util@3.36.0-1.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4076", + "ruleIndex": 334, + "level": "warning", + "message": { + "text": "Package: nss-util\nInstalled Version: 3.36.0-1.1.el7_6\nVulnerability RHSA-2020:4076\nSeverity: medium\nFixed Version: 3.53.1-1.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4076](https://access.redhat.com/security/cve/CVE-2019-17006)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "nss-util", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": nss-util@3.36.0-1.1.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4041", + "ruleIndex": 341, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability RHSA-2020:4041\nSeverity: medium\nFixed Version: 2.4.44-22.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4041](https://access.redhat.com/security/cve/CVE-2020-12243)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2021:1389", + "ruleIndex": 342, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability RHSA-2021:1389\nSeverity: medium\nFixed Version: 2.4.44-23.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:1389](https://access.redhat.com/security/cve/CVE-2020-25692)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2022:0621", + "ruleIndex": 343, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability RHSA-2022:0621\nSeverity: medium\nFixed Version: 2.4.44-25.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0621](https://access.redhat.com/security/cve/CVE-2020-25710)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36221", + "ruleIndex": 344, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36221\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36221](https://access.redhat.com/security/cve/CVE-2020-36221)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36222", + "ruleIndex": 345, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36222\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36222](https://access.redhat.com/security/cve/CVE-2020-36222)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36223", + "ruleIndex": 346, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36223\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36223](https://access.redhat.com/security/cve/CVE-2020-36223)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36224", + "ruleIndex": 347, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36224\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36224](https://access.redhat.com/security/cve/CVE-2020-36224)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36225", + "ruleIndex": 348, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36225\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36225](https://access.redhat.com/security/cve/CVE-2020-36225)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36226", + "ruleIndex": 349, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36226\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36226](https://access.redhat.com/security/cve/CVE-2020-36226)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36227", + "ruleIndex": 350, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36227\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36227](https://access.redhat.com/security/cve/CVE-2020-36227)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36228", + "ruleIndex": 351, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36228\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36228](https://access.redhat.com/security/cve/CVE-2020-36228)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36229", + "ruleIndex": 352, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36229\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36229](https://access.redhat.com/security/cve/CVE-2020-36229)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2020-36230", + "ruleIndex": 353, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2020-36230\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-36230](https://access.redhat.com/security/cve/CVE-2020-36230)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2021-27212", + "ruleIndex": 354, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2021-27212\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-27212](https://access.redhat.com/security/cve/CVE-2021-27212)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2022-29155", + "ruleIndex": 355, + "level": "warning", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2022-29155\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-29155](https://access.redhat.com/security/cve/CVE-2022-29155)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "CVE-2023-2953", + "ruleIndex": 356, + "level": "note", + "message": { + "text": "Package: openldap\nInstalled Version: 2.4.44-21.el7_6\nVulnerability CVE-2023-2953\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-2953](https://access.redhat.com/security/cve/CVE-2023-2953)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openldap", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openldap@2.4.44-21.el7_6" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0483", + "ruleIndex": 357, + "level": "warning", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability RHSA-2019:0483\nSeverity: medium\nFixed Version: 1:1.0.2k-16.el7_6.1\nExploit Available: [http://www.exploit-db.com/exploits/45785](http://www.exploit-db.com/exploits/45785)\nExploit Type: local\nLink: [RHSA-2019:0483](https://access.redhat.com/security/cve/CVE-2018-0735)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2022:1066", + "ruleIndex": 358, + "level": "error", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability RHSA-2022:1066\nSeverity: high\nFixed Version: 1:1.0.2k-25.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:1066](https://access.redhat.com/security/cve/CVE-2022-0778)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:5566", + "ruleIndex": 359, + "level": "error", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability RHSA-2020:5566\nSeverity: high\nFixed Version: 1:1.0.2k-21.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5566](https://access.redhat.com/security/cve/CVE-2020-1971)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2023:1335", + "ruleIndex": 360, + "level": "error", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability RHSA-2023:1335\nSeverity: high\nFixed Version: 1:1.0.2k-26.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1335](https://access.redhat.com/security/cve/CVE-2023-0286)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2021:3798", + "ruleIndex": 361, + "level": "warning", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability RHSA-2021:3798\nSeverity: medium\nFixed Version: 1:1.0.2k-22.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:3798](https://access.redhat.com/security/cve/CVE-2021-23840)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2022:0064", + "ruleIndex": 362, + "level": "warning", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability RHSA-2022:0064\nSeverity: medium\nFixed Version: 1:1.0.2k-23.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:0064](https://access.redhat.com/security/cve/CVE-2021-3712)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-1292", + "ruleIndex": 363, + "level": "warning", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability CVE-2022-1292\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1292](https://access.redhat.com/security/cve/CVE-2022-1292)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-2068", + "ruleIndex": 364, + "level": "warning", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability CVE-2022-2068\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2068](https://access.redhat.com/security/cve/CVE-2022-2068)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-4304", + "ruleIndex": 365, + "level": "warning", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability CVE-2022-4304\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-4304](https://access.redhat.com/security/cve/CVE-2022-4304)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-0215", + "ruleIndex": 366, + "level": "warning", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability CVE-2023-0215\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-0215](https://access.redhat.com/security/cve/CVE-2023-0215)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2304", + "ruleIndex": 367, + "level": "warning", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability RHSA-2019:2304\nSeverity: medium\nFixed Version: 1:1.0.2k-19.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2304](https://access.redhat.com/security/cve/CVE-2019-1559)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3601", + "ruleIndex": 368, + "level": "note", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability CVE-2021-3601\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3601](https://access.redhat.com/security/cve/CVE-2021-3601)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-3358", + "ruleIndex": 369, + "level": "note", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability CVE-2022-3358\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-3358](https://access.redhat.com/security/cve/CVE-2022-3358)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-6129", + "ruleIndex": 370, + "level": "note", + "message": { + "text": "Package: openssl-libs\nInstalled Version: 1:1.0.2k-16.el7\nVulnerability CVE-2023-6129\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-6129](https://access.redhat.com/security/cve/CVE-2023-6129)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "openssl-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": openssl-libs@1:1.0.2k-16.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-39410", + "ruleIndex": 371, + "level": "error", + "message": { + "text": "Package: avro\nInstalled Version: 1.7.6\nVulnerability CVE-2023-39410\nSeverity: high\nFixed Version: 1.11.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-39410](https://nvd.nist.gov/vuln/detail/CVE-2023-39410)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/avro/main/avro-1.7.6.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/avro/main/avro-1.7.6.jar: avro@1.7.6" + } + } + ] + }, + { + "ruleId": "CVE-2022-46364", + "ruleIndex": 372, + "level": "error", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2022-46364\nSeverity: critical\nFixed Version: 3.4.10, 3.5.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-46364](https://nvd.nist.gov/vuln/detail/CVE-2022-46364)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2021-22696", + "ruleIndex": 373, + "level": "error", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2021-22696\nSeverity: high\nFixed Version: 3.3.10, 3.4.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22696](https://nvd.nist.gov/vuln/detail/CVE-2021-22696)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2019-12423", + "ruleIndex": 374, + "level": "error", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2019-12423\nSeverity: high\nFixed Version: 3.2.12, 3.3.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12423](https://nvd.nist.gov/vuln/detail/CVE-2019-12423)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2022-46363", + "ruleIndex": 375, + "level": "error", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2022-46363\nSeverity: high\nFixed Version: 3.4.10, 3.5.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-46363](https://nvd.nist.gov/vuln/detail/CVE-2022-46363)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2017-5656", + "ruleIndex": 376, + "level": "error", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2017-5656\nSeverity: high\nFixed Version: 3.0.13, 3.1.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-5656](https://nvd.nist.gov/vuln/detail/CVE-2017-5656)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2018-8039", + "ruleIndex": 377, + "level": "error", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2018-8039\nSeverity: high\nFixed Version: 3.1.16, 3.2.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-8039](https://nvd.nist.gov/vuln/detail/CVE-2018-8039)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2016-8739", + "ruleIndex": 378, + "level": "error", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2016-8739\nSeverity: high\nFixed Version: 3.0.12, 3.1.9\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-8739](https://nvd.nist.gov/vuln/detail/CVE-2016-8739)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2016-6812", + "ruleIndex": 379, + "level": "warning", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2016-6812\nSeverity: medium\nFixed Version: 3.0.12, 3.1.9\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6812](https://nvd.nist.gov/vuln/detail/CVE-2016-6812)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2015-5253", + "ruleIndex": 380, + "level": "warning", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2015-5253\nSeverity: medium\nFixed Version: 2.7.18, 3.0.7, 3.1.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-5253](https://nvd.nist.gov/vuln/detail/CVE-2015-5253)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2017-12624", + "ruleIndex": 381, + "level": "warning", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2017-12624\nSeverity: medium\nFixed Version: 3.1.14, 3.2.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-12624](https://nvd.nist.gov/vuln/detail/CVE-2017-12624)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2020-13954", + "ruleIndex": 382, + "level": "warning", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2020-13954\nSeverity: medium\nFixed Version: 3.3.8, 3.4.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13954](https://nvd.nist.gov/vuln/detail/CVE-2020-13954)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2017-5653", + "ruleIndex": 383, + "level": "warning", + "message": { + "text": "Package: cxf-core\nInstalled Version: 3.0.5\nVulnerability CVE-2017-5653\nSeverity: medium\nFixed Version: 3.0.13, 3.1.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-5653](https://nvd.nist.gov/vuln/detail/CVE-2017-5653)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/main/cxf-core-3.0.5.jar: cxf-core@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2020-1954", + "ruleIndex": 384, + "level": "warning", + "message": { + "text": "Package: cxf-rt-management\nInstalled Version: 3.0.5\nVulnerability CVE-2020-1954\nSeverity: medium\nFixed Version: 3.2.13, 3.3.6\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1954](https://nvd.nist.gov/vuln/detail/CVE-2020-1954)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-management-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-management-3.0.5.jar: cxf-rt-management@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2017-5656", + "ruleIndex": 376, + "level": "error", + "message": { + "text": "Package: cxf-rt-security\nInstalled Version: 3.0.5\nVulnerability CVE-2017-5656\nSeverity: high\nFixed Version: 3.0.13, 3.1.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-5656](https://nvd.nist.gov/vuln/detail/CVE-2017-5656)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-security-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-security-3.0.5.jar: cxf-rt-security@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2021-22696", + "ruleIndex": 373, + "level": "error", + "message": { + "text": "Package: cxf-rt-transports-http\nInstalled Version: 3.0.5\nVulnerability CVE-2021-22696\nSeverity: high\nFixed Version: 3.3.10, 3.4.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-22696](https://nvd.nist.gov/vuln/detail/CVE-2021-22696)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar: cxf-rt-transports-http@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2018-8039", + "ruleIndex": 377, + "level": "error", + "message": { + "text": "Package: cxf-rt-transports-http\nInstalled Version: 3.0.5\nVulnerability CVE-2018-8039\nSeverity: high\nFixed Version: 3.1.16, 3.2.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-8039](https://nvd.nist.gov/vuln/detail/CVE-2018-8039)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar: cxf-rt-transports-http@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2019-17573", + "ruleIndex": 385, + "level": "warning", + "message": { + "text": "Package: cxf-rt-transports-http\nInstalled Version: 3.0.5\nVulnerability CVE-2019-17573\nSeverity: medium\nFixed Version: 3.2.12, 3.3.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-17573](https://nvd.nist.gov/vuln/detail/CVE-2019-17573)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar: cxf-rt-transports-http@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2016-6812", + "ruleIndex": 379, + "level": "warning", + "message": { + "text": "Package: cxf-rt-transports-http\nInstalled Version: 3.0.5\nVulnerability CVE-2016-6812\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6812](https://nvd.nist.gov/vuln/detail/CVE-2016-6812)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar: cxf-rt-transports-http@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2020-13954", + "ruleIndex": 382, + "level": "warning", + "message": { + "text": "Package: cxf-rt-transports-http\nInstalled Version: 3.0.5\nVulnerability CVE-2020-13954\nSeverity: medium\nFixed Version: 3.3.8, 3.4.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13954](https://nvd.nist.gov/vuln/detail/CVE-2020-13954)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-transports-http-3.0.5.jar: cxf-rt-transports-http@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2017-5656", + "ruleIndex": 376, + "level": "error", + "message": { + "text": "Package: cxf-rt-ws-security\nInstalled Version: 3.0.5\nVulnerability CVE-2017-5656\nSeverity: high\nFixed Version: 3.0.14, 3.1.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-5656](https://nvd.nist.gov/vuln/detail/CVE-2017-5656)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-ws-security-3.0.5.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/cxf/impl/main/cxf-rt-ws-security-3.0.5.jar: cxf-rt-ws-security@3.0.5" + } + } + ] + }, + { + "ruleId": "CVE-2020-13956", + "ruleIndex": 386, + "level": "warning", + "message": { + "text": "Package: httpclient\nInstalled Version: 4.3.6\nVulnerability CVE-2020-13956\nSeverity: medium\nFixed Version: 4.5.13, 5.0.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13956](https://nvd.nist.gov/vuln/detail/CVE-2020-13956)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/httpcomponents/main/httpclient-4.3.6.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/httpcomponents/main/httpclient-4.3.6.jar: httpclient@4.3.6" + } + } + ] + }, + { + "ruleId": "CVE-2022-45787", + "ruleIndex": 387, + "level": "warning", + "message": { + "text": "Package: apache-mime4j\nInstalled Version: 0.6\nVulnerability CVE-2022-45787\nSeverity: medium\nFixed Version: 0.8.9\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45787](https://nvd.nist.gov/vuln/detail/CVE-2022-45787)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/james/mime4j/main/apache-mime4j-0.6.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/james/mime4j/main/apache-mime4j-0.6.jar: apache-mime4j@0.6" + } + } + ] + }, + { + "ruleId": "CVE-2018-17187", + "ruleIndex": 388, + "level": "error", + "message": { + "text": "Package: proton-api\nInstalled Version: 0.4\nVulnerability CVE-2018-17187\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-17187](https://nvd.nist.gov/vuln/detail/CVE-2018-17187)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/qpid/proton/main/proton-api-0.4.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/qpid/proton/main/proton-api-0.4.jar: proton-api@0.4" + } + } + ] + }, + { + "ruleId": "CVE-2021-40690", + "ruleIndex": 389, + "level": "error", + "message": { + "text": "Package: xmlsec\nInstalled Version: 2.0.4\nVulnerability CVE-2021-40690\nSeverity: high\nFixed Version: 2.1.7, 2.2.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-40690](https://nvd.nist.gov/vuln/detail/CVE-2021-40690)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/santuario/xmlsec/main/xmlsec-2.0.4.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/santuario/xmlsec/main/xmlsec-2.0.4.jar: xmlsec@2.0.4" + } + } + ] + }, + { + "ruleId": "CVE-2019-12400", + "ruleIndex": 390, + "level": "warning", + "message": { + "text": "Package: xmlsec\nInstalled Version: 2.0.4\nVulnerability CVE-2019-12400\nSeverity: medium\nFixed Version: 2.1.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-12400](https://nvd.nist.gov/vuln/detail/CVE-2019-12400)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/santuario/xmlsec/main/xmlsec-2.0.4.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/santuario/xmlsec/main/xmlsec-2.0.4.jar: xmlsec@2.0.4" + } + } + ] + }, + { + "ruleId": "CVE-2023-44483", + "ruleIndex": 391, + "level": "warning", + "message": { + "text": "Package: xmlsec\nInstalled Version: 2.0.4\nVulnerability CVE-2023-44483\nSeverity: medium\nFixed Version: 2.2.6, 2.3.4, 3.0.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-44483](https://nvd.nist.gov/vuln/detail/CVE-2023-44483)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/santuario/xmlsec/main/xmlsec-2.0.4.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/santuario/xmlsec/main/xmlsec-2.0.4.jar: xmlsec@2.0.4" + } + } + ] + }, + { + "ruleId": "CVE-2020-13936", + "ruleIndex": 392, + "level": "error", + "message": { + "text": "Package: velocity\nInstalled Version: 1.7\nVulnerability CVE-2020-13936\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13936](https://nvd.nist.gov/vuln/detail/CVE-2020-13936)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/velocity/main/velocity-1.7.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/velocity/main/velocity-1.7.jar: velocity@1.7" + } + } + ] + }, + { + "ruleId": "CVE-2015-0226", + "ruleIndex": 393, + "level": "error", + "message": { + "text": "Package: wss4j-ws-security-dom\nInstalled Version: 2.0.4\nVulnerability CVE-2015-0226\nSeverity: high\nFixed Version: 2.02\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-0226](https://nvd.nist.gov/vuln/detail/CVE-2015-0226)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/ws/security/main/wss4j-ws-security-dom-2.0.4.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/ws/security/main/wss4j-ws-security-dom-2.0.4.jar: wss4j-ws-security-dom@2.0.4" + } + } + ] + }, + { + "ruleId": "CVE-2023-33202", + "ruleIndex": 394, + "level": "warning", + "message": { + "text": "Package: bcpkix-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2023-33202\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-33202](https://nvd.nist.gov/vuln/detail/CVE-2023-33202)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcpkix-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcpkix-jdk15on-1.52.jar: bcpkix-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000352", + "ruleIndex": 395, + "level": "error", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000352\nSeverity: high\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000352](https://nvd.nist.gov/vuln/detail/CVE-2016-1000352)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000338", + "ruleIndex": 396, + "level": "error", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000338\nSeverity: high\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000338](https://nvd.nist.gov/vuln/detail/CVE-2016-1000338)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000342", + "ruleIndex": 397, + "level": "error", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000342\nSeverity: high\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000342](https://nvd.nist.gov/vuln/detail/CVE-2016-1000342)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000344", + "ruleIndex": 398, + "level": "error", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000344\nSeverity: high\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000344](https://nvd.nist.gov/vuln/detail/CVE-2016-1000344)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000340", + "ruleIndex": 399, + "level": "error", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000340\nSeverity: high\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000340](https://nvd.nist.gov/vuln/detail/CVE-2016-1000340)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000343", + "ruleIndex": 400, + "level": "error", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000343\nSeverity: high\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000343](https://nvd.nist.gov/vuln/detail/CVE-2016-1000343)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000339", + "ruleIndex": 401, + "level": "warning", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000339\nSeverity: medium\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000339](https://nvd.nist.gov/vuln/detail/CVE-2016-1000339)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000341", + "ruleIndex": 402, + "level": "warning", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000341\nSeverity: medium\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000341](https://nvd.nist.gov/vuln/detail/CVE-2016-1000341)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2020-15522", + "ruleIndex": 403, + "level": "warning", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2020-15522\nSeverity: medium\nFixed Version: 1.66\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-15522](https://nvd.nist.gov/vuln/detail/CVE-2020-15522)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2020-26939", + "ruleIndex": 404, + "level": "warning", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2020-26939\nSeverity: medium\nFixed Version: 1.61\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-26939](https://nvd.nist.gov/vuln/detail/CVE-2020-26939)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2023-33201", + "ruleIndex": 405, + "level": "warning", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2023-33201\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-33201](https://nvd.nist.gov/vuln/detail/CVE-2023-33201)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2023-33202", + "ruleIndex": 394, + "level": "warning", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2023-33202\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-33202](https://nvd.nist.gov/vuln/detail/CVE-2023-33202)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000345", + "ruleIndex": 406, + "level": "warning", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000345\nSeverity: medium\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000345](https://nvd.nist.gov/vuln/detail/CVE-2016-1000345)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2015-6644", + "ruleIndex": 407, + "level": "note", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2015-6644\nSeverity: low\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-6644](https://nvd.nist.gov/vuln/detail/CVE-2015-6644)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2016-1000346", + "ruleIndex": 408, + "level": "note", + "message": { + "text": "Package: bcprov-jdk15on\nInstalled Version: 1.52\nVulnerability CVE-2016-1000346\nSeverity: low\nFixed Version: 1.56\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-1000346](https://nvd.nist.gov/vuln/detail/CVE-2016-1000346)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/bouncycastle/main/bcprov-jdk15on-1.52.jar: bcprov-jdk15on@1.52" + } + } + ] + }, + { + "ruleId": "CVE-2019-10202", + "ruleIndex": 409, + "level": "error", + "message": { + "text": "Package: jackson-mapper-asl\nInstalled Version: 1.9.13\nVulnerability CVE-2019-10202\nSeverity: critical\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10202](https://nvd.nist.gov/vuln/detail/CVE-2019-10202)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jackson/jackson-mapper-asl/main/jackson-mapper-asl-1.9.13.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jackson/jackson-mapper-asl/main/jackson-mapper-asl-1.9.13.jar: jackson-mapper-asl@1.9.13" + } + } + ] + }, + { + "ruleId": "CVE-2019-10172", + "ruleIndex": 410, + "level": "error", + "message": { + "text": "Package: jackson-mapper-asl\nInstalled Version: 1.9.13\nVulnerability CVE-2019-10172\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10172](https://nvd.nist.gov/vuln/detail/CVE-2019-10172)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jackson/jackson-mapper-asl/main/jackson-mapper-asl-1.9.13.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jackson/jackson-mapper-asl/main/jackson-mapper-asl-1.9.13.jar: jackson-mapper-asl@1.9.13" + } + } + ] + }, + { + "ruleId": "CVE-2022-40149", + "ruleIndex": 411, + "level": "error", + "message": { + "text": "Package: jettison\nInstalled Version: 1.3.3\nVulnerability CVE-2022-40149\nSeverity: high\nFixed Version: 1.5.1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40149](https://nvd.nist.gov/vuln/detail/CVE-2022-40149)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar: jettison@1.3.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-40150", + "ruleIndex": 412, + "level": "error", + "message": { + "text": "Package: jettison\nInstalled Version: 1.3.3\nVulnerability CVE-2022-40150\nSeverity: high\nFixed Version: 1.5.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-40150](https://nvd.nist.gov/vuln/detail/CVE-2022-40150)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar: jettison@1.3.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-45685", + "ruleIndex": 413, + "level": "error", + "message": { + "text": "Package: jettison\nInstalled Version: 1.3.3\nVulnerability CVE-2022-45685\nSeverity: high\nFixed Version: 1.5.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45685](https://nvd.nist.gov/vuln/detail/CVE-2022-45685)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar: jettison@1.3.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-45693", + "ruleIndex": 414, + "level": "error", + "message": { + "text": "Package: jettison\nInstalled Version: 1.3.3\nVulnerability CVE-2022-45693\nSeverity: high\nFixed Version: 1.5.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45693](https://nvd.nist.gov/vuln/detail/CVE-2022-45693)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar: jettison@1.3.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-1436", + "ruleIndex": 415, + "level": "error", + "message": { + "text": "Package: jettison\nInstalled Version: 1.3.3\nVulnerability CVE-2023-1436\nSeverity: high\nFixed Version: 1.5.4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-1436](https://nvd.nist.gov/vuln/detail/CVE-2023-1436)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/codehaus/jettison/main/jettison-1.3.3.jar: jettison@1.3.3" + } + } + ] + }, + { + "ruleId": "CVE-2013-2035", + "ruleIndex": 416, + "level": "warning", + "message": { + "text": "Package: hawtjni-runtime\nInstalled Version: 1.5\nVulnerability CVE-2013-2035\nSeverity: medium\nFixed Version: 1.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2013-2035](https://nvd.nist.gov/vuln/detail/CVE-2013-2035)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/fusesource/jansi/main/jansi-1.9.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/fusesource/jansi/main/jansi-1.9.jar: hawtjni-runtime@1.5" + } + } + ] + }, + { + "ruleId": "CVE-2013-2035", + "ruleIndex": 416, + "level": "warning", + "message": { + "text": "Package: hawtjni-runtime\nInstalled Version: 1.5\nVulnerability CVE-2013-2035\nSeverity: medium\nFixed Version: 1.8\nExploit Available: []()\nExploit Type: \nLink: [CVE-2013-2035](https://nvd.nist.gov/vuln/detail/CVE-2013-2035)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: hawtjni-runtime@1.5" + } + } + ] + }, + { + "ruleId": "CVE-2013-2035", + "ruleIndex": 416, + "level": "warning", + "message": { + "text": "Package: jansi\nInstalled Version: 1.9\nVulnerability CVE-2013-2035\nSeverity: medium\nFixed Version: 1.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2013-2035](https://nvd.nist.gov/vuln/detail/CVE-2013-2035)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/fusesource/jansi/main/jansi-1.9.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/fusesource/jansi/main/jansi-1.9.jar: jansi@1.9" + } + } + ] + }, + { + "ruleId": "CVE-2013-2035", + "ruleIndex": 416, + "level": "warning", + "message": { + "text": "Package: jansi\nInstalled Version: 1.9\nVulnerability CVE-2013-2035\nSeverity: medium\nFixed Version: 1.11\nExploit Available: []()\nExploit Type: \nLink: [CVE-2013-2035](https://nvd.nist.gov/vuln/detail/CVE-2013-2035)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: jansi@1.9" + } + } + ] + }, + { + "ruleId": "CVE-2020-25638", + "ruleIndex": 417, + "level": "error", + "message": { + "text": "Package: hibernate-core\nInstalled Version: 4.3.10.Final\nVulnerability CVE-2020-25638\nSeverity: high\nFixed Version: 5.3.20.Final, 5.4.24.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-25638](https://nvd.nist.gov/vuln/detail/CVE-2020-25638)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/hibernate/main/hibernate-core-4.3.10.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/hibernate/main/hibernate-core-4.3.10.Final.jar: hibernate-core@4.3.10.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-14900", + "ruleIndex": 418, + "level": "warning", + "message": { + "text": "Package: hibernate-core\nInstalled Version: 4.3.10.Final\nVulnerability CVE-2019-14900\nSeverity: medium\nFixed Version: 5.3.18, 5.4.18, 5.5.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14900](https://nvd.nist.gov/vuln/detail/CVE-2019-14900)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/hibernate/main/hibernate-core-4.3.10.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/hibernate/main/hibernate-core-4.3.10.Final.jar: hibernate-core@4.3.10.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10693", + "ruleIndex": 419, + "level": "warning", + "message": { + "text": "Package: hibernate-validator\nInstalled Version: 5.1.3.Final\nVulnerability CVE-2020-10693\nSeverity: medium\nFixed Version: 6.0.20.Final, 6.1.5.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10693](https://nvd.nist.gov/vuln/detail/CVE-2020-10693)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/hibernate/validator/main/hibernate-validator-5.1.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/hibernate/validator/main/hibernate-validator-5.1.3.Final.jar: hibernate-validator@5.1.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-10219", + "ruleIndex": 420, + "level": "warning", + "message": { + "text": "Package: hibernate-validator\nInstalled Version: 5.1.3.Final\nVulnerability CVE-2019-10219\nSeverity: medium\nFixed Version: 6.0.18.Final, 6.1.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10219](https://nvd.nist.gov/vuln/detail/CVE-2019-10219)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/hibernate/validator/main/hibernate-validator-5.1.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/hibernate/validator/main/hibernate-validator-5.1.3.Final.jar: hibernate-validator@5.1.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-15089", + "ruleIndex": 421, + "level": "error", + "message": { + "text": "Package: infinispan-client-hotrod\nInstalled Version: 7.2.3.Final\nVulnerability CVE-2017-15089\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-15089](https://nvd.nist.gov/vuln/detail/CVE-2017-15089)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/client/hotrod/main/infinispan-client-hotrod-7.2.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/client/hotrod/main/infinispan-client-hotrod-7.2.3.Final.jar: infinispan-client-hotrod@7.2.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-0750", + "ruleIndex": 422, + "level": "error", + "message": { + "text": "Package: infinispan-client-hotrod\nInstalled Version: 7.2.3.Final\nVulnerability CVE-2016-0750\nSeverity: high\nFixed Version: 9.1.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-0750](https://nvd.nist.gov/vuln/detail/CVE-2016-0750)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/client/hotrod/main/infinispan-client-hotrod-7.2.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/client/hotrod/main/infinispan-client-hotrod-7.2.3.Final.jar: infinispan-client-hotrod@7.2.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-15089", + "ruleIndex": 421, + "level": "error", + "message": { + "text": "Package: infinispan-commons\nInstalled Version: 7.2.3.Final\nVulnerability CVE-2017-15089\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-15089](https://nvd.nist.gov/vuln/detail/CVE-2017-15089)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/commons/main/infinispan-commons-7.2.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/commons/main/infinispan-commons-7.2.3.Final.jar: infinispan-commons@7.2.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-10174", + "ruleIndex": 423, + "level": "error", + "message": { + "text": "Package: infinispan-commons\nInstalled Version: 7.2.3.Final\nVulnerability CVE-2019-10174\nSeverity: high\nFixed Version: 10.0.0.Final, 9.4.17.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10174](https://nvd.nist.gov/vuln/detail/CVE-2019-10174)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/commons/main/infinispan-commons-7.2.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/commons/main/infinispan-commons-7.2.3.Final.jar: infinispan-commons@7.2.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-10158", + "ruleIndex": 424, + "level": "error", + "message": { + "text": "Package: infinispan-core\nInstalled Version: 7.2.3.Final\nVulnerability CVE-2019-10158\nSeverity: critical\nFixed Version: 9.4.15.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10158](https://nvd.nist.gov/vuln/detail/CVE-2019-10158)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/main/infinispan-core-7.2.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/main/infinispan-core-7.2.3.Final.jar: infinispan-core@7.2.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-10174", + "ruleIndex": 423, + "level": "error", + "message": { + "text": "Package: infinispan-core\nInstalled Version: 7.2.3.Final\nVulnerability CVE-2019-10174\nSeverity: high\nFixed Version: 8.2.12.Final, 9.4.17.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-10174](https://nvd.nist.gov/vuln/detail/CVE-2019-10174)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/main/infinispan-core-7.2.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/main/infinispan-core-7.2.3.Final.jar: infinispan-core@7.2.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-15089", + "ruleIndex": 421, + "level": "error", + "message": { + "text": "Package: infinispan-core\nInstalled Version: 7.2.3.Final\nVulnerability CVE-2017-15089\nSeverity: high\nFixed Version: 9.2.0.CR1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-15089](https://nvd.nist.gov/vuln/detail/CVE-2017-15089)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/main/infinispan-core-7.2.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/main/infinispan-core-7.2.3.Final.jar: infinispan-core@7.2.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-25711", + "ruleIndex": 425, + "level": "warning", + "message": { + "text": "Package: infinispan-core\nInstalled Version: 7.2.3.Final\nVulnerability CVE-2020-25711\nSeverity: medium\nFixed Version: 11.0.6.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-25711](https://nvd.nist.gov/vuln/detail/CVE-2020-25711)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/main/infinispan-core-7.2.3.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/infinispan/main/infinispan-core-7.2.3.Final.jar: infinispan-core@7.2.3.Final" + } + } + ] + }, + { + "ruleId": "CVE-2014-9970", + "ruleIndex": 426, + "level": "error", + "message": { + "text": "Package: jasypt\nInstalled Version: 1.9.1\nVulnerability CVE-2014-9970\nSeverity: high\nFixed Version: 1.9.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-9970](https://nvd.nist.gov/vuln/detail/CVE-2014-9970)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/ws/security/main/jasypt-1.9.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/ws/security/main/jasypt-1.9.1.jar: jasypt@1.9.1" + } + } + ] + }, + { + "ruleId": "CVE-2024-1102", + "ruleIndex": 427, + "level": "warning", + "message": { + "text": "Package: jberet-core\nInstalled Version: 1.1.0.Final\nVulnerability CVE-2024-1102\nSeverity: medium\nFixed Version: 2.2.1.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-1102](https://nvd.nist.gov/vuln/detail/CVE-2024-1102)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jberet/jberet-core/main/jberet-core-1.1.0.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jberet/jberet-core/main/jberet-core-1.1.0.Final.jar: jberet-core@1.1.0.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-20250", + "ruleIndex": 428, + "level": "warning", + "message": { + "text": "Package: jboss-ejb-client\nInstalled Version: 2.1.1.Final\nVulnerability CVE-2021-20250\nSeverity: medium\nFixed Version: 4.0.39\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20250](https://nvd.nist.gov/vuln/detail/CVE-2021-20250)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/ejb-client/main/jboss-ejb-client-2.1.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/ejb-client/main/jboss-ejb-client-2.1.1.Final.jar: jboss-ejb-client@2.1.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-14297", + "ruleIndex": 429, + "level": "warning", + "message": { + "text": "Package: jboss-ejb-client\nInstalled Version: 2.1.1.Final\nVulnerability CVE-2020-14297\nSeverity: medium\nFixed Version: 4.0.34.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-14297](https://nvd.nist.gov/vuln/detail/CVE-2020-14297)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/ejb-client/main/jboss-ejb-client-2.1.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/ejb-client/main/jboss-ejb-client-2.1.1.Final.jar: jboss-ejb-client@2.1.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-20250", + "ruleIndex": 428, + "level": "warning", + "message": { + "text": "Package: jboss-ejb-client\nInstalled Version: 2.1.1.Final\nVulnerability CVE-2021-20250\nSeverity: medium\nFixed Version: 4.0.39\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20250](https://nvd.nist.gov/vuln/detail/CVE-2021-20250)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: jboss-ejb-client@2.1.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-14297", + "ruleIndex": 429, + "level": "warning", + "message": { + "text": "Package: jboss-ejb-client\nInstalled Version: 2.1.1.Final\nVulnerability CVE-2020-14297\nSeverity: medium\nFixed Version: 4.0.34.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-14297](https://nvd.nist.gov/vuln/detail/CVE-2020-14297)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: jboss-ejb-client@2.1.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-35510", + "ruleIndex": 430, + "level": "warning", + "message": { + "text": "Package: jboss-remoting\nInstalled Version: 4.0.9.Final\nVulnerability CVE-2020-35510\nSeverity: medium\nFixed Version: 5.0.20.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35510](https://nvd.nist.gov/vuln/detail/CVE-2020-35510)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: jboss-remoting@4.0.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-35510", + "ruleIndex": 430, + "level": "warning", + "message": { + "text": "Package: jboss-remoting\nInstalled Version: 4.0.9.Final\nVulnerability CVE-2020-35510\nSeverity: medium\nFixed Version: 5.0.20.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35510](https://nvd.nist.gov/vuln/detail/CVE-2020-35510)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: jboss-remoting@4.0.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-35510", + "ruleIndex": 430, + "level": "warning", + "message": { + "text": "Package: jboss-remoting\nInstalled Version: 4.0.9.Final\nVulnerability CVE-2020-35510\nSeverity: medium\nFixed Version: 5.0.20.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35510](https://nvd.nist.gov/vuln/detail/CVE-2020-35510)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/remoting/main/jboss-remoting-4.0.9.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/remoting/main/jboss-remoting-4.0.9.Final.jar: jboss-remoting@4.0.9.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-1695", + "ruleIndex": 431, + "level": "error", + "message": { + "text": "Package: resteasy-client\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2020-1695\nSeverity: high\nFixed Version: 3.12.0, 4.6.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1695](https://nvd.nist.gov/vuln/detail/CVE-2020-1695)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar: resteasy-client@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-25633", + "ruleIndex": 432, + "level": "warning", + "message": { + "text": "Package: resteasy-client\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2020-25633\nSeverity: medium\nFixed Version: 3.14.0.Final, 4.5.7.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-25633](https://nvd.nist.gov/vuln/detail/CVE-2020-25633)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar: resteasy-client@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-20289", + "ruleIndex": 433, + "level": "warning", + "message": { + "text": "Package: resteasy-client\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2021-20289\nSeverity: medium\nFixed Version: 3.11.5.Final, 3.15.2.Final, 4.5.10.Final, 4.7.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20289](https://nvd.nist.gov/vuln/detail/CVE-2021-20289)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar: resteasy-client@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-6345", + "ruleIndex": 434, + "level": "warning", + "message": { + "text": "Package: resteasy-client\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2016-6345\nSeverity: medium\nFixed Version: 3.0.20.Final, 3.1.0.CR1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6345](https://nvd.nist.gov/vuln/detail/CVE-2016-6345)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar: resteasy-client@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-6347", + "ruleIndex": 435, + "level": "warning", + "message": { + "text": "Package: resteasy-client\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2016-6347\nSeverity: medium\nFixed Version: 3.0.20.Final, 3.1.0.CR1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6347](https://nvd.nist.gov/vuln/detail/CVE-2016-6347)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar: resteasy-client@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-6348", + "ruleIndex": 436, + "level": "warning", + "message": { + "text": "Package: resteasy-client\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2016-6348\nSeverity: medium\nFixed Version: 3.0.20.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6348](https://nvd.nist.gov/vuln/detail/CVE-2016-6348)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.0.11.Final.jar: resteasy-client@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-6346", + "ruleIndex": 437, + "level": "error", + "message": { + "text": "Package: resteasy-jaxrs\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2016-6346\nSeverity: high\nFixed Version: 3.0.20.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6346](https://nvd.nist.gov/vuln/detail/CVE-2016-6346)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar: resteasy-jaxrs@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2017-7561", + "ruleIndex": 438, + "level": "error", + "message": { + "text": "Package: resteasy-jaxrs\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2017-7561\nSeverity: high\nFixed Version: 3.0.25.Final, 3.5.0.CR1, 4.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-7561](https://nvd.nist.gov/vuln/detail/CVE-2017-7561)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar: resteasy-jaxrs@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-1695", + "ruleIndex": 431, + "level": "error", + "message": { + "text": "Package: resteasy-jaxrs\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2020-1695\nSeverity: high\nFixed Version: 3.11.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1695](https://nvd.nist.gov/vuln/detail/CVE-2020-1695)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar: resteasy-jaxrs@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-6347", + "ruleIndex": 435, + "level": "warning", + "message": { + "text": "Package: resteasy-jaxrs\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2016-6347\nSeverity: medium\nFixed Version: 3.1.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-6347](https://nvd.nist.gov/vuln/detail/CVE-2016-6347)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar: resteasy-jaxrs@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10688", + "ruleIndex": 439, + "level": "warning", + "message": { + "text": "Package: resteasy-jaxrs\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2020-10688\nSeverity: medium\nFixed Version: 3.11.1.Final, 4.5.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10688](https://nvd.nist.gov/vuln/detail/CVE-2020-10688)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar: resteasy-jaxrs@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-25633", + "ruleIndex": 432, + "level": "warning", + "message": { + "text": "Package: resteasy-jaxrs\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2020-25633\nSeverity: medium\nFixed Version: 3.14.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-25633](https://nvd.nist.gov/vuln/detail/CVE-2020-25633)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar: resteasy-jaxrs@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-20289", + "ruleIndex": 433, + "level": "warning", + "message": { + "text": "Package: resteasy-jaxrs\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2021-20289\nSeverity: medium\nFixed Version: 3.11.5.Final, 3.15.2.Final, 4.5.10.Final, 4.7.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20289](https://nvd.nist.gov/vuln/detail/CVE-2021-20289)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.0.11.Final.jar: resteasy-jaxrs@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-1051", + "ruleIndex": 440, + "level": "error", + "message": { + "text": "Package: resteasy-yaml-provider\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2018-1051\nSeverity: high\nFixed Version: 3.0.26.Final, 3.6.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1051](https://nvd.nist.gov/vuln/detail/CVE-2018-1051)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-yaml-provider/main/resteasy-yaml-provider-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-yaml-provider/main/resteasy-yaml-provider-3.0.11.Final.jar: resteasy-yaml-provider@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-9606", + "ruleIndex": 441, + "level": "error", + "message": { + "text": "Package: resteasy-yaml-provider\nInstalled Version: 3.0.11.Final\nVulnerability CVE-2016-9606\nSeverity: high\nFixed Version: 3.1.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-9606](https://nvd.nist.gov/vuln/detail/CVE-2016-9606)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-yaml-provider/main/resteasy-yaml-provider-3.0.11.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-yaml-provider/main/resteasy-yaml-provider-3.0.11.Final.jar: resteasy-yaml-provider@3.0.11.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-5685", + "ruleIndex": 442, + "level": "error", + "message": { + "text": "Package: xnio-api\nInstalled Version: 3.3.1.Final\nVulnerability CVE-2023-5685\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5685](https://nvd.nist.gov/vuln/detail/CVE-2023-5685)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/xnio/main/xnio-api-3.3.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/xnio/main/xnio-api-3.3.1.Final.jar: xnio-api@3.3.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-5685", + "ruleIndex": 442, + "level": "error", + "message": { + "text": "Package: xnio-api\nInstalled Version: 3.3.1.Final\nVulnerability CVE-2023-5685\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5685](https://nvd.nist.gov/vuln/detail/CVE-2023-5685)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: xnio-api@3.3.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-5685", + "ruleIndex": 442, + "level": "error", + "message": { + "text": "Package: xnio-api\nInstalled Version: 3.3.1.Final\nVulnerability CVE-2023-5685\nSeverity: high\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-5685](https://nvd.nist.gov/vuln/detail/CVE-2023-5685)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: xnio-api@3.3.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-2141", + "ruleIndex": 443, + "level": "error", + "message": { + "text": "Package: jgroups\nInstalled Version: 3.6.4.Final\nVulnerability CVE-2016-2141\nSeverity: critical\nFixed Version: 3.2.16.Final, 3.6.10.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-2141](https://nvd.nist.gov/vuln/detail/CVE-2016-2141)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-client.jar: jgroups@3.6.4.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-2141", + "ruleIndex": 443, + "level": "error", + "message": { + "text": "Package: jgroups\nInstalled Version: 3.6.4.Final\nVulnerability CVE-2016-2141\nSeverity: critical\nFixed Version: 3.2.16.Final, 3.6.10.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-2141](https://nvd.nist.gov/vuln/detail/CVE-2016-2141)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jgroups/main/jgroups-3.6.4.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jgroups/main/jgroups-3.6.4.Final.jar: jgroups@3.6.4.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-37714", + "ruleIndex": 444, + "level": "error", + "message": { + "text": "Package: jsoup\nInstalled Version: 1.8.1\nVulnerability CVE-2021-37714\nSeverity: high\nFixed Version: 1.14.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37714](https://nvd.nist.gov/vuln/detail/CVE-2021-37714)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jsoup/main/jsoup-1.8.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jsoup/main/jsoup-1.8.1.jar: jsoup@1.8.1" + } + } + ] + }, + { + "ruleId": "CVE-2015-6748", + "ruleIndex": 445, + "level": "warning", + "message": { + "text": "Package: jsoup\nInstalled Version: 1.8.1\nVulnerability CVE-2015-6748\nSeverity: medium\nFixed Version: 1.8.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-6748](https://nvd.nist.gov/vuln/detail/CVE-2015-6748)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jsoup/main/jsoup-1.8.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jsoup/main/jsoup-1.8.1.jar: jsoup@1.8.1" + } + } + ] + }, + { + "ruleId": "CVE-2022-36033", + "ruleIndex": 446, + "level": "warning", + "message": { + "text": "Package: jsoup\nInstalled Version: 1.8.1\nVulnerability CVE-2022-36033\nSeverity: medium\nFixed Version: 1.15.3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-36033](https://nvd.nist.gov/vuln/detail/CVE-2022-36033)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jsoup/main/jsoup-1.8.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jsoup/main/jsoup-1.8.1.jar: jsoup@1.8.1" + } + } + ] + }, + { + "ruleId": "CVE-2014-3603", + "ruleIndex": 447, + "level": "warning", + "message": { + "text": "Package: opensaml\nInstalled Version: 2.6.1\nVulnerability CVE-2014-3603\nSeverity: medium\nFixed Version: 2.6.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-3603](https://nvd.nist.gov/vuln/detail/CVE-2014-3603)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/opensaml/main/opensaml-2.6.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/opensaml/main/opensaml-2.6.1.jar: opensaml@2.6.1" + } + } + ] + }, + { + "ruleId": "CVE-2015-1796", + "ruleIndex": 448, + "level": "warning", + "message": { + "text": "Package: opensaml\nInstalled Version: 2.6.1\nVulnerability CVE-2015-1796\nSeverity: medium\nFixed Version: 2.6.5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2015-1796](https://nvd.nist.gov/vuln/detail/CVE-2015-1796)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/opensaml/main/opensaml-2.6.1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/opensaml/main/opensaml-2.6.1.jar: opensaml@2.6.1" + } + } + ] + }, + { + "ruleId": "CVE-2014-7827", + "ruleIndex": 449, + "level": "note", + "message": { + "text": "Package: picketlink-federation\nInstalled Version: 2.7.0.Final\nVulnerability CVE-2014-7827\nSeverity: low\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2014-7827](https://nvd.nist.gov/vuln/detail/CVE-2014-7827)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/picketlink/federation/main/picketlink-federation-2.7.0.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/picketlink/federation/main/picketlink-federation-2.7.0.Final.jar: picketlink-federation@2.7.0.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-8088", + "ruleIndex": 450, + "level": "error", + "message": { + "text": "Package: slf4j-ext\nInstalled Version: 1.7.7.jbossorg-1\nVulnerability CVE-2018-8088\nSeverity: critical\nFixed Version: 1.7.26, 1.8.0-beta4\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-8088](https://nvd.nist.gov/vuln/detail/CVE-2018-8088)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/slf4j/ext/main/slf4j-ext-1.7.7.jbossorg-1.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/slf4j/ext/main/slf4j-ext-1.7.7.jbossorg-1.jar: slf4j-ext@1.7.7.jbossorg-1" + } + } + ] + }, + { + "ruleId": "CVE-2020-1719", + "ruleIndex": 451, + "level": "warning", + "message": { + "text": "Package: wildfly-ejb3\nInstalled Version: 9.0.1.Final\nVulnerability CVE-2020-1719\nSeverity: medium\nFixed Version: 20.0.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-1719](https://nvd.nist.gov/vuln/detail/CVE-2020-1719)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/ejb3/main/wildfly-ejb3-9.0.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/ejb3/main/wildfly-ejb3-9.0.1.Final.jar: wildfly-ejb3@9.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2016-9589", + "ruleIndex": 452, + "level": "error", + "message": { + "text": "Package: wildfly-undertow\nInstalled Version: 9.0.1.Final\nVulnerability CVE-2016-9589\nSeverity: high\nFixed Version: 11.0.0.Beta1\nExploit Available: []()\nExploit Type: \nLink: [CVE-2016-9589](https://nvd.nist.gov/vuln/detail/CVE-2016-9589)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/wildfly/extension/undertow/main/wildfly-undertow-9.0.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/wildfly/extension/undertow/main/wildfly-undertow-9.0.1.Final.jar: wildfly-undertow@9.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-1047", + "ruleIndex": 453, + "level": "warning", + "message": { + "text": "Package: wildfly-undertow\nInstalled Version: 9.0.1.Final\nVulnerability CVE-2018-1047\nSeverity: medium\nFixed Version: 12.0.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-1047](https://nvd.nist.gov/vuln/detail/CVE-2018-1047)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/wildfly/extension/undertow/main/wildfly-undertow-9.0.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/wildfly/extension/undertow/main/wildfly-undertow-9.0.1.Final.jar: wildfly-undertow@9.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-4061", + "ruleIndex": 454, + "level": "warning", + "message": { + "text": "Package: wildfly-controller\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2023-4061\nSeverity: medium\nFixed Version: 22.0.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-4061](https://nvd.nist.gov/vuln/detail/CVE-2023-4061)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/controller/main/wildfly-controller-1.0.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/controller/main/wildfly-controller-1.0.1.Final.jar: wildfly-controller@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2023-4061", + "ruleIndex": 454, + "level": "warning", + "message": { + "text": "Package: wildfly-controller\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2023-4061\nSeverity: medium\nFixed Version: 22.0.0.Final\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-4061](https://nvd.nist.gov/vuln/detail/CVE-2023-4061)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: wildfly-controller@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-10862", + "ruleIndex": 455, + "level": "warning", + "message": { + "text": "Package: wildfly-deployment-repository\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2018-10862\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-10862](https://nvd.nist.gov/vuln/detail/CVE-2018-10862)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/deployment-repository/main/wildfly-deployment-repository-1.0.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/deployment-repository/main/wildfly-deployment-repository-1.0.1.Final.jar: wildfly-deployment-repository@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-10862", + "ruleIndex": 455, + "level": "warning", + "message": { + "text": "Package: wildfly-deployment-repository\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2018-10862\nSeverity: medium\nFixed Version: \nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-10862](https://nvd.nist.gov/vuln/detail/CVE-2018-10862)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: wildfly-deployment-repository@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10718", + "ruleIndex": 456, + "level": "error", + "message": { + "text": "Package: wildfly-embedded\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2020-10718\nSeverity: high\nFixed Version: 13.0.0.Beta5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10718](https://nvd.nist.gov/vuln/detail/CVE-2020-10718)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/wildfly/embedded/main/wildfly-embedded-1.0.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/wildfly/embedded/main/wildfly-embedded-1.0.1.Final.jar: wildfly-embedded@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2020-10718", + "ruleIndex": 456, + "level": "error", + "message": { + "text": "Package: wildfly-embedded\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2020-10718\nSeverity: high\nFixed Version: 13.0.0.Beta5\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10718](https://nvd.nist.gov/vuln/detail/CVE-2020-10718)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: wildfly-embedded@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2019-14838", + "ruleIndex": 457, + "level": "warning", + "message": { + "text": "Package: wildfly-host-controller\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2019-14838\nSeverity: medium\nFixed Version: 7.2.5.GA\nExploit Available: []()\nExploit Type: \nLink: [CVE-2019-14838](https://nvd.nist.gov/vuln/detail/CVE-2019-14838)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/host-controller/main/wildfly-host-controller-1.0.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/host-controller/main/wildfly-host-controller-1.0.1.Final.jar: wildfly-host-controller@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-10862", + "ruleIndex": 455, + "level": "warning", + "message": { + "text": "Package: wildfly-server\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2018-10862\nSeverity: medium\nFixed Version: 6.0.0.Alpha3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-10862](https://nvd.nist.gov/vuln/detail/CVE-2018-10862)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: wildfly-server@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3644", + "ruleIndex": 458, + "level": "note", + "message": { + "text": "Package: wildfly-server\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2021-3644\nSeverity: low\nFixed Version: 16.0.1.Final, 17.0.0.Beta3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3644](https://nvd.nist.gov/vuln/detail/CVE-2021-3644)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/bin/client/jboss-cli-client.jar: wildfly-server@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2018-10862", + "ruleIndex": 455, + "level": "warning", + "message": { + "text": "Package: wildfly-server\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2018-10862\nSeverity: medium\nFixed Version: 6.0.0.Alpha3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2018-10862](https://nvd.nist.gov/vuln/detail/CVE-2018-10862)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/server/main/wildfly-server-1.0.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/server/main/wildfly-server-1.0.1.Final.jar: wildfly-server@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2021-3644", + "ruleIndex": 458, + "level": "note", + "message": { + "text": "Package: wildfly-server\nInstalled Version: 1.0.1.Final\nVulnerability CVE-2021-3644\nSeverity: low\nFixed Version: 16.0.1.Final, 17.0.0.Beta3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3644](https://nvd.nist.gov/vuln/detail/CVE-2021-3644)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/server/main/wildfly-server-1.0.1.Final.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/jboss/as/server/main/wildfly-server-1.0.1.Final.jar: wildfly-server@1.0.1.Final" + } + } + ] + }, + { + "ruleId": "CVE-2022-1471", + "ruleIndex": 459, + "level": "error", + "message": { + "text": "Package: snakeyaml\nInstalled Version: 1.15\nVulnerability CVE-2022-1471\nSeverity: critical\nFixed Version: 2.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1471](https://nvd.nist.gov/vuln/detail/CVE-2022-1471)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar: snakeyaml@1.15" + } + } + ] + }, + { + "ruleId": "CVE-2022-25857", + "ruleIndex": 460, + "level": "error", + "message": { + "text": "Package: snakeyaml\nInstalled Version: 1.15\nVulnerability CVE-2022-25857\nSeverity: high\nFixed Version: 1.31\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-25857](https://nvd.nist.gov/vuln/detail/CVE-2022-25857)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar: snakeyaml@1.15" + } + } + ] + }, + { + "ruleId": "CVE-2017-18640", + "ruleIndex": 461, + "level": "error", + "message": { + "text": "Package: snakeyaml\nInstalled Version: 1.15\nVulnerability CVE-2017-18640\nSeverity: high\nFixed Version: 1.26\nExploit Available: []()\nExploit Type: \nLink: [CVE-2017-18640](https://nvd.nist.gov/vuln/detail/CVE-2017-18640)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar: snakeyaml@1.15" + } + } + ] + }, + { + "ruleId": "CVE-2022-38749", + "ruleIndex": 462, + "level": "warning", + "message": { + "text": "Package: snakeyaml\nInstalled Version: 1.15\nVulnerability CVE-2022-38749\nSeverity: medium\nFixed Version: 1.31\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-38749](https://nvd.nist.gov/vuln/detail/CVE-2022-38749)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar: snakeyaml@1.15" + } + } + ] + }, + { + "ruleId": "CVE-2022-38750", + "ruleIndex": 463, + "level": "warning", + "message": { + "text": "Package: snakeyaml\nInstalled Version: 1.15\nVulnerability CVE-2022-38750\nSeverity: medium\nFixed Version: 1.31\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-38750](https://nvd.nist.gov/vuln/detail/CVE-2022-38750)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar: snakeyaml@1.15" + } + } + ] + }, + { + "ruleId": "CVE-2022-38751", + "ruleIndex": 464, + "level": "warning", + "message": { + "text": "Package: snakeyaml\nInstalled Version: 1.15\nVulnerability CVE-2022-38751\nSeverity: medium\nFixed Version: 1.31\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-38751](https://nvd.nist.gov/vuln/detail/CVE-2022-38751)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar: snakeyaml@1.15" + } + } + ] + }, + { + "ruleId": "CVE-2022-38752", + "ruleIndex": 465, + "level": "warning", + "message": { + "text": "Package: snakeyaml\nInstalled Version: 1.15\nVulnerability CVE-2022-38752\nSeverity: medium\nFixed Version: 1.32\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-38752](https://nvd.nist.gov/vuln/detail/CVE-2022-38752)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar: snakeyaml@1.15" + } + } + ] + }, + { + "ruleId": "CVE-2022-41854", + "ruleIndex": 466, + "level": "warning", + "message": { + "text": "Package: snakeyaml\nInstalled Version: 1.15\nVulnerability CVE-2022-41854\nSeverity: medium\nFixed Version: 1.32\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-41854](https://nvd.nist.gov/vuln/detail/CVE-2022-41854)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/yaml/snakeyaml/main/snakeyaml-1.15.jar: snakeyaml@1.15" + } + } + ] + }, + { + "ruleId": "CVE-2024-22365", + "ruleIndex": 467, + "level": "warning", + "message": { + "text": "Package: pam\nInstalled Version: 1.1.8-22.el7\nVulnerability CVE-2024-22365\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-22365](https://access.redhat.com/security/cve/CVE-2024-22365)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "pam", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": pam@1.1.8-22.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2189", + "ruleIndex": 468, + "level": "warning", + "message": { + "text": "Package: procps-ng\nInstalled Version: 3.3.10-23.el7\nVulnerability RHSA-2019:2189\nSeverity: medium\nFixed Version: 3.3.10-26.el7\nExploit Available: [http://www.exploit-db.com/exploits/44806](http://www.exploit-db.com/exploits/44806)\nExploit Type: local\nLink: [RHSA-2019:2189](https://access.redhat.com/security/cve/CVE-2018-1122)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "procps-ng", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": procps-ng@3.3.10-23.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-4016", + "ruleIndex": 469, + "level": "note", + "message": { + "text": "Package: procps-ng\nInstalled Version: 3.3.10-23.el7\nVulnerability CVE-2023-4016\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-4016](https://access.redhat.com/security/cve/CVE-2023-4016)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "procps-ng", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": procps-ng@3.3.10-23.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0710", + "ruleIndex": 470, + "level": "error", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2019:0710\nSeverity: high\nFixed Version: 2.7.5-77.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0710](https://access.redhat.com/security/cve/CVE-2019-9636)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2023:6885", + "ruleIndex": 471, + "level": "error", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2023:6885\nSeverity: high\nFixed Version: 2.7.5-94.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:6885](https://access.redhat.com/security/cve/CVE-2023-40217)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2023:3555", + "ruleIndex": 472, + "level": "error", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2023:3555\nSeverity: high\nFixed Version: 2.7.5-93.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:3555](https://access.redhat.com/security/cve/CVE-2023-24329)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1587", + "ruleIndex": 473, + "level": "error", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2019:1587\nSeverity: high\nFixed Version: 2.7.5-80.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1587](https://access.redhat.com/security/cve/CVE-2019-10160)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-48566", + "ruleIndex": 474, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-48566\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48566](https://access.redhat.com/security/cve/CVE-2022-48566)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-4189", + "ruleIndex": 475, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2021-4189\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4189](https://access.redhat.com/security/cve/CVE-2021-4189)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3911", + "ruleIndex": 476, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2020:3911\nSeverity: medium\nFixed Version: 2.7.5-89.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3911](https://access.redhat.com/security/cve/CVE-2019-16935)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-10735", + "ruleIndex": 477, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2020-10735\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10735](https://access.redhat.com/security/cve/CVE-2020-10735)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2022:5235", + "ruleIndex": 478, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2022:5235\nSeverity: medium\nFixed Version: 2.7.5-92.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5235](https://access.redhat.com/security/cve/CVE-2020-26137)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-27619", + "ruleIndex": 479, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2020-27619\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-27619](https://access.redhat.com/security/cve/CVE-2020-27619)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-23336", + "ruleIndex": 480, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2021-23336\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-23336](https://access.redhat.com/security/cve/CVE-2021-23336)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3733", + "ruleIndex": 481, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2021-3733\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3733](https://access.redhat.com/security/cve/CVE-2021-3733)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2024-0450", + "ruleIndex": 482, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2024-0450\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-0450](https://access.redhat.com/security/cve/CVE-2024-0450)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:5009", + "ruleIndex": 483, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2020:5009\nSeverity: medium\nFixed Version: 2.7.5-90.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5009](https://access.redhat.com/security/cve/CVE-2019-20907)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-0391", + "ruleIndex": 484, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-0391\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0391](https://access.redhat.com/security/cve/CVE-2022-0391)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-45061", + "ruleIndex": 485, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-45061\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45061](https://access.redhat.com/security/cve/CVE-2022-45061)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-48560", + "ruleIndex": 486, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-48560\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48560](https://access.redhat.com/security/cve/CVE-2022-48560)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-48565", + "ruleIndex": 487, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-48565\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48565](https://access.redhat.com/security/cve/CVE-2022-48565)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2007-4559", + "ruleIndex": 488, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2007-4559\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2007-4559](https://access.redhat.com/security/cve/CVE-2007-4559)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1131", + "ruleIndex": 489, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2020:1131\nSeverity: medium\nFixed Version: 2.7.5-88.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1131](https://access.redhat.com/security/cve/CVE-2019-16056)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-27043", + "ruleIndex": 490, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2023-27043\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-27043](https://access.redhat.com/security/cve/CVE-2023-27043)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-36632", + "ruleIndex": 491, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2023-36632\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-36632](https://access.redhat.com/security/cve/CVE-2023-36632)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2030", + "ruleIndex": 492, + "level": "warning", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2019:2030\nSeverity: medium\nFixed Version: 2.7.5-86.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2030](https://access.redhat.com/security/cve/CVE-2019-5010)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3737", + "ruleIndex": 493, + "level": "note", + "message": { + "text": "Package: python\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2021-3737\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3737](https://access.redhat.com/security/cve/CVE-2021-3737)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0710", + "ruleIndex": 470, + "level": "error", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2019:0710\nSeverity: high\nFixed Version: 2.7.5-77.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0710](https://access.redhat.com/security/cve/CVE-2019-9636)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2023:6885", + "ruleIndex": 471, + "level": "error", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2023:6885\nSeverity: high\nFixed Version: 2.7.5-94.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:6885](https://access.redhat.com/security/cve/CVE-2023-40217)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2023:3555", + "ruleIndex": 472, + "level": "error", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2023:3555\nSeverity: high\nFixed Version: 2.7.5-93.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:3555](https://access.redhat.com/security/cve/CVE-2023-24329)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1587", + "ruleIndex": 473, + "level": "error", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2019:1587\nSeverity: high\nFixed Version: 2.7.5-80.el7_6\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:1587](https://access.redhat.com/security/cve/CVE-2019-10160)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-48566", + "ruleIndex": 474, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-48566\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48566](https://access.redhat.com/security/cve/CVE-2022-48566)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-4189", + "ruleIndex": 475, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2021-4189\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4189](https://access.redhat.com/security/cve/CVE-2021-4189)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:3911", + "ruleIndex": 476, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2020:3911\nSeverity: medium\nFixed Version: 2.7.5-89.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:3911](https://access.redhat.com/security/cve/CVE-2019-16935)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-10735", + "ruleIndex": 477, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2020-10735\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-10735](https://access.redhat.com/security/cve/CVE-2020-10735)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2022:5235", + "ruleIndex": 478, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2022:5235\nSeverity: medium\nFixed Version: 2.7.5-92.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5235](https://access.redhat.com/security/cve/CVE-2020-26137)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-27619", + "ruleIndex": 479, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2020-27619\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-27619](https://access.redhat.com/security/cve/CVE-2020-27619)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-23336", + "ruleIndex": 480, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2021-23336\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-23336](https://access.redhat.com/security/cve/CVE-2021-23336)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3733", + "ruleIndex": 481, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2021-3733\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3733](https://access.redhat.com/security/cve/CVE-2021-3733)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2024-0450", + "ruleIndex": 482, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2024-0450\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-0450](https://access.redhat.com/security/cve/CVE-2024-0450)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:5009", + "ruleIndex": 483, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2020:5009\nSeverity: medium\nFixed Version: 2.7.5-90.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:5009](https://access.redhat.com/security/cve/CVE-2019-20907)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-0391", + "ruleIndex": 484, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-0391\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0391](https://access.redhat.com/security/cve/CVE-2022-0391)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-45061", + "ruleIndex": 485, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-45061\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45061](https://access.redhat.com/security/cve/CVE-2022-45061)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-48560", + "ruleIndex": 486, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-48560\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48560](https://access.redhat.com/security/cve/CVE-2022-48560)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-48565", + "ruleIndex": 487, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2022-48565\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-48565](https://access.redhat.com/security/cve/CVE-2022-48565)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2007-4559", + "ruleIndex": 488, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2007-4559\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2007-4559](https://access.redhat.com/security/cve/CVE-2007-4559)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1131", + "ruleIndex": 489, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2020:1131\nSeverity: medium\nFixed Version: 2.7.5-88.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1131](https://access.redhat.com/security/cve/CVE-2019-16056)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-27043", + "ruleIndex": 490, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2023-27043\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-27043](https://access.redhat.com/security/cve/CVE-2023-27043)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-36632", + "ruleIndex": 491, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2023-36632\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-36632](https://access.redhat.com/security/cve/CVE-2023-36632)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2030", + "ruleIndex": 492, + "level": "warning", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability RHSA-2019:2030\nSeverity: medium\nFixed Version: 2.7.5-86.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2030](https://access.redhat.com/security/cve/CVE-2019-5010)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3737", + "ruleIndex": 493, + "level": "note", + "message": { + "text": "Package: python-libs\nInstalled Version: 2.7.5-76.el7\nVulnerability CVE-2021-3737\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3737](https://access.redhat.com/security/cve/CVE-2021-3737)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-libs@2.7.5-76.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-43818", + "ruleIndex": 494, + "level": "warning", + "message": { + "text": "Package: python-lxml\nInstalled Version: 3.2.1-4.el7\nVulnerability CVE-2021-43818\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-43818](https://access.redhat.com/security/cve/CVE-2021-43818)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "python-lxml", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": python-lxml@3.2.1-4.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2021:4785", + "ruleIndex": 495, + "level": "warning", + "message": { + "text": "Package: rpm\nInstalled Version: 4.11.3-35.el7\nVulnerability RHSA-2021:4785\nSeverity: medium\nFixed Version: 4.11.3-48.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4785](https://access.redhat.com/security/cve/CVE-2021-20271)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3421", + "ruleIndex": 496, + "level": "warning", + "message": { + "text": "Package: rpm\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-3421\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3421](https://access.redhat.com/security/cve/CVE-2021-3421)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3521", + "ruleIndex": 497, + "level": "warning", + "message": { + "text": "Package: rpm\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-3521\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3521](https://access.redhat.com/security/cve/CVE-2021-3521)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35937", + "ruleIndex": 498, + "level": "warning", + "message": { + "text": "Package: rpm\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35937\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35937](https://access.redhat.com/security/cve/CVE-2021-35937)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35938", + "ruleIndex": 499, + "level": "warning", + "message": { + "text": "Package: rpm\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35938\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35938](https://access.redhat.com/security/cve/CVE-2021-35938)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35939", + "ruleIndex": 500, + "level": "warning", + "message": { + "text": "Package: rpm\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35939\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35939](https://access.redhat.com/security/cve/CVE-2021-35939)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-20266", + "ruleIndex": 501, + "level": "note", + "message": { + "text": "Package: rpm\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-20266\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20266](https://access.redhat.com/security/cve/CVE-2021-20266)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2021:4785", + "ruleIndex": 495, + "level": "warning", + "message": { + "text": "Package: rpm-build-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability RHSA-2021:4785\nSeverity: medium\nFixed Version: 4.11.3-48.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4785](https://access.redhat.com/security/cve/CVE-2021-20271)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-build-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-build-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3421", + "ruleIndex": 496, + "level": "warning", + "message": { + "text": "Package: rpm-build-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-3421\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3421](https://access.redhat.com/security/cve/CVE-2021-3421)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-build-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-build-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3521", + "ruleIndex": 497, + "level": "warning", + "message": { + "text": "Package: rpm-build-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-3521\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3521](https://access.redhat.com/security/cve/CVE-2021-3521)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-build-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-build-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35937", + "ruleIndex": 498, + "level": "warning", + "message": { + "text": "Package: rpm-build-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35937\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35937](https://access.redhat.com/security/cve/CVE-2021-35937)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-build-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-build-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35938", + "ruleIndex": 499, + "level": "warning", + "message": { + "text": "Package: rpm-build-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35938\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35938](https://access.redhat.com/security/cve/CVE-2021-35938)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-build-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-build-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35939", + "ruleIndex": 500, + "level": "warning", + "message": { + "text": "Package: rpm-build-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35939\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35939](https://access.redhat.com/security/cve/CVE-2021-35939)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-build-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-build-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-20266", + "ruleIndex": 501, + "level": "note", + "message": { + "text": "Package: rpm-build-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-20266\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20266](https://access.redhat.com/security/cve/CVE-2021-20266)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-build-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-build-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2021:4785", + "ruleIndex": 495, + "level": "warning", + "message": { + "text": "Package: rpm-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability RHSA-2021:4785\nSeverity: medium\nFixed Version: 4.11.3-48.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4785](https://access.redhat.com/security/cve/CVE-2021-20271)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3421", + "ruleIndex": 496, + "level": "warning", + "message": { + "text": "Package: rpm-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-3421\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3421](https://access.redhat.com/security/cve/CVE-2021-3421)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3521", + "ruleIndex": 497, + "level": "warning", + "message": { + "text": "Package: rpm-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-3521\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3521](https://access.redhat.com/security/cve/CVE-2021-3521)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35937", + "ruleIndex": 498, + "level": "warning", + "message": { + "text": "Package: rpm-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35937\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35937](https://access.redhat.com/security/cve/CVE-2021-35937)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35938", + "ruleIndex": 499, + "level": "warning", + "message": { + "text": "Package: rpm-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35938\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35938](https://access.redhat.com/security/cve/CVE-2021-35938)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35939", + "ruleIndex": 500, + "level": "warning", + "message": { + "text": "Package: rpm-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35939\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35939](https://access.redhat.com/security/cve/CVE-2021-35939)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-20266", + "ruleIndex": 501, + "level": "note", + "message": { + "text": "Package: rpm-libs\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-20266\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20266](https://access.redhat.com/security/cve/CVE-2021-20266)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-libs@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2021:4785", + "ruleIndex": 495, + "level": "warning", + "message": { + "text": "Package: rpm-python\nInstalled Version: 4.11.3-35.el7\nVulnerability RHSA-2021:4785\nSeverity: medium\nFixed Version: 4.11.3-48.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2021:4785](https://access.redhat.com/security/cve/CVE-2021-20271)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-python@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3421", + "ruleIndex": 496, + "level": "warning", + "message": { + "text": "Package: rpm-python\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-3421\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3421](https://access.redhat.com/security/cve/CVE-2021-3421)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-python@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3521", + "ruleIndex": 497, + "level": "warning", + "message": { + "text": "Package: rpm-python\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-3521\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3521](https://access.redhat.com/security/cve/CVE-2021-3521)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-python@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35937", + "ruleIndex": 498, + "level": "warning", + "message": { + "text": "Package: rpm-python\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35937\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35937](https://access.redhat.com/security/cve/CVE-2021-35937)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-python@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35938", + "ruleIndex": 499, + "level": "warning", + "message": { + "text": "Package: rpm-python\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35938\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35938](https://access.redhat.com/security/cve/CVE-2021-35938)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-python@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-35939", + "ruleIndex": 500, + "level": "warning", + "message": { + "text": "Package: rpm-python\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-35939\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-35939](https://access.redhat.com/security/cve/CVE-2021-35939)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-python@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-20266", + "ruleIndex": 501, + "level": "note", + "message": { + "text": "Package: rpm-python\nInstalled Version: 4.11.3-35.el7\nVulnerability CVE-2021-20266\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-20266](https://access.redhat.com/security/cve/CVE-2021-20266)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rpm-python", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": rpm-python@4.11.3-35.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-4641", + "ruleIndex": 502, + "level": "note", + "message": { + "text": "Package: shadow-utils\nInstalled Version: 2:4.1.5.1-25.el7\nVulnerability CVE-2023-4641\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-4641](https://access.redhat.com/security/cve/CVE-2023-4641)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "shadow-utils", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": shadow-utils@2:4.1.5.1-25.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1021", + "ruleIndex": 503, + "level": "warning", + "message": { + "text": "Package: shared-mime-info\nInstalled Version: 1.8-4.el7\nVulnerability RHSA-2020:1021\nSeverity: medium\nFixed Version: 1.8-5.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1021](https://access.redhat.com/security/cve/CVE-2019-3820)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "shared-mime-info", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": shared-mime-info@1.8-4.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:0227", + "ruleIndex": 504, + "level": "error", + "message": { + "text": "Package: sqlite\nInstalled Version: 3.7.17-8.el7\nVulnerability RHSA-2020:0227\nSeverity: high\nFixed Version: 3.7.17-8.el7_7.1\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:0227](https://access.redhat.com/security/cve/CVE-2019-13734)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "sqlite", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": sqlite@3.7.17-8.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-24736", + "ruleIndex": 505, + "level": "warning", + "message": { + "text": "Package: sqlite\nInstalled Version: 3.7.17-8.el7\nVulnerability CVE-2020-24736\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-24736](https://access.redhat.com/security/cve/CVE-2020-24736)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "sqlite", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": sqlite@3.7.17-8.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-35527", + "ruleIndex": 506, + "level": "warning", + "message": { + "text": "Package: sqlite\nInstalled Version: 3.7.17-8.el7\nVulnerability CVE-2020-35527\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35527](https://access.redhat.com/security/cve/CVE-2020-35527)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "sqlite", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": sqlite@3.7.17-8.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-35737", + "ruleIndex": 507, + "level": "warning", + "message": { + "text": "Package: sqlite\nInstalled Version: 3.7.17-8.el7\nVulnerability CVE-2022-35737\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-35737](https://access.redhat.com/security/cve/CVE-2022-35737)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "sqlite", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": sqlite@3.7.17-8.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-35525", + "ruleIndex": 508, + "level": "note", + "message": { + "text": "Package: sqlite\nInstalled Version: 3.7.17-8.el7\nVulnerability CVE-2020-35525\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-35525](https://access.redhat.com/security/cve/CVE-2020-35525)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "sqlite", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": sqlite@3.7.17-8.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-45346", + "ruleIndex": 509, + "level": "note", + "message": { + "text": "Package: sqlite\nInstalled Version: 3.7.17-8.el7\nVulnerability CVE-2021-45346\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-45346](https://access.redhat.com/security/cve/CVE-2021-45346)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "sqlite", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": sqlite@3.7.17-8.el7" + } + } + ] + }, + { + "ruleId": "CVE-2024-0232", + "ruleIndex": 510, + "level": "note", + "message": { + "text": "Package: sqlite\nInstalled Version: 3.7.17-8.el7\nVulnerability CVE-2024-0232\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2024-0232](https://access.redhat.com/security/cve/CVE-2024-0232)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "sqlite", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": sqlite@3.7.17-8.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2091", + "ruleIndex": 511, + "level": "warning", + "message": { + "text": "Package: systemd\nInstalled Version: 219-62.el7_6.3\nVulnerability RHSA-2019:2091\nSeverity: medium\nFixed Version: 219-67.el7\nExploit Available: [http://www.exploit-db.com/exploits/45714](http://www.exploit-db.com/exploits/45714)\nExploit Type: dos\nLink: [RHSA-2019:2091](https://access.redhat.com/security/cve/CVE-2018-16888)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0368", + "ruleIndex": 512, + "level": "error", + "message": { + "text": "Package: systemd\nInstalled Version: 219-62.el7_6.3\nVulnerability RHSA-2019:0368\nSeverity: high\nFixed Version: 219-62.el7_6.5\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0368](https://access.redhat.com/security/cve/CVE-2019-6454)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2022:6160", + "ruleIndex": 513, + "level": "error", + "message": { + "text": "Package: systemd\nInstalled Version: 219-62.el7_6.3\nVulnerability RHSA-2022:6160\nSeverity: high\nFixed Version: 219-78.el7_9.7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:6160](https://access.redhat.com/security/cve/CVE-2022-2526)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2020-13529", + "ruleIndex": 514, + "level": "warning", + "message": { + "text": "Package: systemd\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2020-13529\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13529](https://access.redhat.com/security/cve/CVE-2020-13529)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-3821", + "ruleIndex": 515, + "level": "warning", + "message": { + "text": "Package: systemd\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2022-3821\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-3821](https://access.redhat.com/security/cve/CVE-2022-3821)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-4415", + "ruleIndex": 516, + "level": "warning", + "message": { + "text": "Package: systemd\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2022-4415\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-4415](https://access.redhat.com/security/cve/CVE-2022-4415)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-45873", + "ruleIndex": 517, + "level": "warning", + "message": { + "text": "Package: systemd\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2022-45873\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45873](https://access.redhat.com/security/cve/CVE-2022-45873)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-26604", + "ruleIndex": 518, + "level": "warning", + "message": { + "text": "Package: systemd\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2023-26604\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-26604](https://access.redhat.com/security/cve/CVE-2023-26604)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4007", + "ruleIndex": 519, + "level": "note", + "message": { + "text": "Package: systemd\nInstalled Version: 219-62.el7_6.3\nVulnerability RHSA-2020:4007\nSeverity: low\nFixed Version: 219-78.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4007](https://access.redhat.com/security/cve/CVE-2019-20386)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2091", + "ruleIndex": 511, + "level": "warning", + "message": { + "text": "Package: systemd-libs\nInstalled Version: 219-62.el7_6.3\nVulnerability RHSA-2019:2091\nSeverity: medium\nFixed Version: 219-67.el7\nExploit Available: [http://www.exploit-db.com/exploits/45714](http://www.exploit-db.com/exploits/45714)\nExploit Type: dos\nLink: [RHSA-2019:2091](https://access.redhat.com/security/cve/CVE-2018-16888)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd-libs@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2019:0368", + "ruleIndex": 512, + "level": "error", + "message": { + "text": "Package: systemd-libs\nInstalled Version: 219-62.el7_6.3\nVulnerability RHSA-2019:0368\nSeverity: high\nFixed Version: 219-62.el7_6.5\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:0368](https://access.redhat.com/security/cve/CVE-2019-6454)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd-libs@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2022:6160", + "ruleIndex": 513, + "level": "error", + "message": { + "text": "Package: systemd-libs\nInstalled Version: 219-62.el7_6.3\nVulnerability RHSA-2022:6160\nSeverity: high\nFixed Version: 219-78.el7_9.7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:6160](https://access.redhat.com/security/cve/CVE-2022-2526)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd-libs@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2020-13529", + "ruleIndex": 514, + "level": "warning", + "message": { + "text": "Package: systemd-libs\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2020-13529\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-13529](https://access.redhat.com/security/cve/CVE-2020-13529)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd-libs@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-3821", + "ruleIndex": 515, + "level": "warning", + "message": { + "text": "Package: systemd-libs\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2022-3821\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-3821](https://access.redhat.com/security/cve/CVE-2022-3821)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd-libs@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-4415", + "ruleIndex": 516, + "level": "warning", + "message": { + "text": "Package: systemd-libs\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2022-4415\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-4415](https://access.redhat.com/security/cve/CVE-2022-4415)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd-libs@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2022-45873", + "ruleIndex": 517, + "level": "warning", + "message": { + "text": "Package: systemd-libs\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2022-45873\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-45873](https://access.redhat.com/security/cve/CVE-2022-45873)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd-libs@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "CVE-2023-26604", + "ruleIndex": 518, + "level": "warning", + "message": { + "text": "Package: systemd-libs\nInstalled Version: 219-62.el7_6.3\nVulnerability CVE-2023-26604\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-26604](https://access.redhat.com/security/cve/CVE-2023-26604)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd-libs@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2020:4007", + "ruleIndex": 519, + "level": "note", + "message": { + "text": "Package: systemd-libs\nInstalled Version: 219-62.el7_6.3\nVulnerability RHSA-2020:4007\nSeverity: low\nFixed Version: 219-78.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:4007](https://access.redhat.com/security/cve/CVE-2019-20386)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "systemd-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": systemd-libs@219-62.el7_6.3" + } + } + ] + }, + { + "ruleId": "RHSA-2019:2159", + "ruleIndex": 520, + "level": "note", + "message": { + "text": "Package: unzip\nInstalled Version: 6.0-19.el7\nVulnerability RHSA-2019:2159\nSeverity: low\nFixed Version: 6.0-20.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2019:2159](https://access.redhat.com/security/cve/CVE-2018-18384)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "unzip", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": unzip@6.0-19.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2020:1181", + "ruleIndex": 521, + "level": "note", + "message": { + "text": "Package: unzip\nInstalled Version: 6.0-19.el7\nVulnerability RHSA-2020:1181\nSeverity: low\nFixed Version: 6.0-21.el7\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2020:1181](https://access.redhat.com/security/cve/CVE-2019-13232)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "unzip", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": unzip@6.0-19.el7" + } + } + ] + }, + { + "ruleId": "CVE-2020-21583", + "ruleIndex": 279, + "level": "warning", + "message": { + "text": "Package: util-linux\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2020-21583\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-21583](https://access.redhat.com/security/cve/CVE-2020-21583)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "util-linux", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": util-linux@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-0563", + "ruleIndex": 280, + "level": "warning", + "message": { + "text": "Package: util-linux\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2022-0563\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0563](https://access.redhat.com/security/cve/CVE-2022-0563)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "util-linux", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": util-linux@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-37600", + "ruleIndex": 281, + "level": "note", + "message": { + "text": "Package: util-linux\nInstalled Version: 2.23.2-59.el7\nVulnerability CVE-2021-37600\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-37600](https://access.redhat.com/security/cve/CVE-2021-37600)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "util-linux", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": util-linux@2.23.2-59.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2019:1619", + "ruleIndex": 522, + "level": "error", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability RHSA-2019:1619\nSeverity: high\nFixed Version: 2:7.4.160-6.el7_6\nExploit Available: [http://www.exploit-db.com/exploits/46973](http://www.exploit-db.com/exploits/46973)\nExploit Type: local\nLink: [RHSA-2019:1619](https://access.redhat.com/security/cve/CVE-2019-12735)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-1621", + "ruleIndex": 523, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-1621\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1621](https://access.redhat.com/security/cve/CVE-2022-1621)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3872", + "ruleIndex": 524, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2021-3872\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3872](https://access.redhat.com/security/cve/CVE-2021-3872)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3778", + "ruleIndex": 525, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2021-3778\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3778](https://access.redhat.com/security/cve/CVE-2021-3778)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-0359", + "ruleIndex": 526, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-0359\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-0359](https://access.redhat.com/security/cve/CVE-2022-0359)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3984", + "ruleIndex": 527, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2021-3984\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3984](https://access.redhat.com/security/cve/CVE-2021-3984)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-4019", + "ruleIndex": 528, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2021-4019\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4019](https://access.redhat.com/security/cve/CVE-2021-4019)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3796", + "ruleIndex": 529, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2021-3796\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3796](https://access.redhat.com/security/cve/CVE-2021-3796)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-4192", + "ruleIndex": 530, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2021-4192\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4192](https://access.redhat.com/security/cve/CVE-2021-4192)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-4193", + "ruleIndex": 531, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2021-4193\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4193](https://access.redhat.com/security/cve/CVE-2021-4193)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-1629", + "ruleIndex": 532, + "level": "warning", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-1629\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1629](https://access.redhat.com/security/cve/CVE-2022-1629)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-3591", + "ruleIndex": 533, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-3591\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-3591](https://access.redhat.com/security/cve/CVE-2022-3591)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-4069", + "ruleIndex": 534, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2021-4069\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-4069](https://access.redhat.com/security/cve/CVE-2021-4069)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2021-3903", + "ruleIndex": 535, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2021-3903\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2021-3903](https://access.redhat.com/security/cve/CVE-2021-3903)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-2231", + "ruleIndex": 536, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-2231\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2231](https://access.redhat.com/security/cve/CVE-2022-2231)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-2288", + "ruleIndex": 537, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-2288\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2288](https://access.redhat.com/security/cve/CVE-2022-2288)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-2289", + "ruleIndex": 538, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-2289\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2289](https://access.redhat.com/security/cve/CVE-2022-2289)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-2571", + "ruleIndex": 539, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-2571\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2571](https://access.redhat.com/security/cve/CVE-2022-2571)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-2580", + "ruleIndex": 540, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-2580\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2580](https://access.redhat.com/security/cve/CVE-2022-2580)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-2581", + "ruleIndex": 541, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-2581\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2581](https://access.redhat.com/security/cve/CVE-2022-2581)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-2598", + "ruleIndex": 542, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-2598\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2598](https://access.redhat.com/security/cve/CVE-2022-2598)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-2816", + "ruleIndex": 543, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-2816\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-2816](https://access.redhat.com/security/cve/CVE-2022-2816)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-3520", + "ruleIndex": 544, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-3520\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-3520](https://access.redhat.com/security/cve/CVE-2022-3520)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2022-1154", + "ruleIndex": 545, + "level": "note", + "message": { + "text": "Package: vim-minimal\nInstalled Version: 2:7.4.160-5.el7\nVulnerability CVE-2022-1154\nSeverity: low\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-1154](https://access.redhat.com/security/cve/CVE-2022-1154)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vim-minimal", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": vim-minimal@2:7.4.160-5.el7" + } + } + ] + }, + { + "ruleId": "CVE-2013-4002", + "ruleIndex": 546, + "level": "error", + "message": { + "text": "Package: xercesImpl\nInstalled Version: 2.11.0.SP3\nVulnerability CVE-2013-4002\nSeverity: high\nFixed Version: 2.12.0\nExploit Available: []()\nExploit Type: \nLink: [CVE-2013-4002](https://nvd.nist.gov/vuln/detail/CVE-2013-4002)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/xerces/main/xercesImpl-2.11.0.SP3.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/xerces/main/xercesImpl-2.11.0.SP3.jar: xercesImpl@2.11.0.SP3" + } + } + ] + }, + { + "ruleId": "CVE-2022-23437", + "ruleIndex": 547, + "level": "warning", + "message": { + "text": "Package: xercesImpl\nInstalled Version: 2.11.0.SP3\nVulnerability CVE-2022-23437\nSeverity: medium\nFixed Version: 2.12.2\nExploit Available: []()\nExploit Type: \nLink: [CVE-2022-23437](https://nvd.nist.gov/vuln/detail/CVE-2022-23437)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/xerces/main/xercesImpl-2.11.0.SP3.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/xerces/main/xercesImpl-2.11.0.SP3.jar: xercesImpl@2.11.0.SP3" + } + } + ] + }, + { + "ruleId": "CVE-2020-14338", + "ruleIndex": 548, + "level": "warning", + "message": { + "text": "Package: xercesImpl\nInstalled Version: 2.11.0.SP3\nVulnerability CVE-2020-14338\nSeverity: medium\nFixed Version: 2.12.0.SP3\nExploit Available: []()\nExploit Type: \nLink: [CVE-2020-14338](https://nvd.nist.gov/vuln/detail/CVE-2020-14338)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/xerces/main/xercesImpl-2.11.0.SP3.jar", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "/opt/jboss/wildfly/modules/system/layers/base/org/apache/xerces/main/xercesImpl-2.11.0.SP3.jar: xercesImpl@2.11.0.SP3" + } + } + ] + }, + { + "ruleId": "RHSA-2022:5052", + "ruleIndex": 549, + "level": "error", + "message": { + "text": "Package: xz\nInstalled Version: 5.2.2-1.el7\nVulnerability RHSA-2022:5052\nSeverity: high\nFixed Version: 5.2.2-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5052](https://access.redhat.com/security/cve/CVE-2022-1271)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "xz", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": xz@5.2.2-1.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2022:5052", + "ruleIndex": 549, + "level": "error", + "message": { + "text": "Package: xz-libs\nInstalled Version: 5.2.2-1.el7\nVulnerability RHSA-2022:5052\nSeverity: high\nFixed Version: 5.2.2-2.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:5052](https://access.redhat.com/security/cve/CVE-2022-1271)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "xz-libs", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": xz-libs@5.2.2-1.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2022:2213", + "ruleIndex": 550, + "level": "error", + "message": { + "text": "Package: zlib\nInstalled Version: 1.2.7-18.el7\nVulnerability RHSA-2022:2213\nSeverity: high\nFixed Version: 1.2.7-20.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2022:2213](https://access.redhat.com/security/cve/CVE-2018-25032)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "zlib", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": zlib@1.2.7-18.el7" + } + } + ] + }, + { + "ruleId": "RHSA-2023:1095", + "ruleIndex": 551, + "level": "warning", + "message": { + "text": "Package: zlib\nInstalled Version: 1.2.7-18.el7\nVulnerability RHSA-2023:1095\nSeverity: medium\nFixed Version: 1.2.7-21.el7_9\nExploit Available: []()\nExploit Type: \nLink: [RHSA-2023:1095](https://access.redhat.com/security/cve/CVE-2022-37434)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "zlib", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": zlib@1.2.7-18.el7" + } + } + ] + }, + { + "ruleId": "CVE-2023-45853", + "ruleIndex": 552, + "level": "warning", + "message": { + "text": "Package: zlib\nInstalled Version: 1.2.7-18.el7\nVulnerability CVE-2023-45853\nSeverity: medium\nFixed Version: any in centos 7.6.1810\nExploit Available: []()\nExploit Type: \nLink: [CVE-2023-45853](https://access.redhat.com/security/cve/CVE-2023-45853)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "zlib", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": ": zlib@1.2.7-18.el7" + } + } + ] + } + ], + "columnKind": "utf16CodeUnits", + "originalUriBaseIds": { + "ROOTPATH": { + "uri": "file:///Users/jyothikumarbehara/go/src/bitbucket.org/scalock/server/registry-1.docker.io/jboss/wildfly:9.0.1.Final/" + } + }, + "properties": { + "imageName": "registry-1.docker.io/jboss/wildfly:9.0.1.Final", + "repoDigests": [ + "wildfly@sha256:01d974ae712fd504cc2b73bc02a5ab16a2bac0d2e88905f4af51661de12f3077" + ], + "repoTags": null + } + } + ] +} \ No newline at end of file