Defender For Cloud – Security alerts – a reference guide (Containers)

QID NAME DESCRIPTION REMEDIATION CATEGORY SUBASSESSMENTIMPACT SEVERITY
105095 User(s) With Blank Password The users have the blank password in the shadow file. These users connect to the system without entering a password. Set the password for all the users. Security Policy An attacker may connect to the system by knowing just the username. High
105936 OpenSSH Command Injection Vulnerability (Generic) OpenSSH is the premier connectivity tool for remote login with the SSH protocol.  <P>

scp in OpenSSH through 8.6p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. <P>
Affected Versions:<BR>
8.6p1 and prior versions of OpenSSH <P>

QID Detection Logic:<BR>
The QID checks for the vulnerable versions of OpenSSH and checks the presence of scp command by executing ‘which scp'<P>
Note : Affected version checked till 8.6p1 as per PoC.

No solution available from Linux vendors yet.<P>Workaround:<BR>As per upstream, because of the way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems. Making changes to how the scp command line works breaks the pattern used by scp consumers. Upstream therefore recommends the use of rsync in the place of scp for better security. More details about supported alternatives available at <A HREF=”https://access.redhat.com/articles/5284081″ TARGET=”_blank”>Red Hat guide</A>. Security Policy Successful exploitation could disclose sensitive information.<P> Medium
105936 OpenSSH Command Injection Vulnerability (Generic) OpenSSH is the premier connectivity tool for remote login with the SSH protocol.  <P>

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. <P>
Affected Versions:<BR>
8.3p1 and prior versions of OpenSSH <P>

QID Detection Logic:<BR>
The QID checks for the vulnerable versions of OpenSSH and checks the presence of scp command by executing ‘which scp'<P>
Note : Affected version checked till 8.3p1 as per PoC.

No solution available from Linux vendors yet.<P>Workaround:<BR>As per upstream, because of the way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems. Making changes to how the scp command line works breaks the pattern used by scp consumers. Upstream therefore recommends the use of rsync in the place of scp for better security. More details about supported alternatives available at <A HREF=”https://access.redhat.com/articles/5284081″ TARGET=”_blank”>Red Hat guide</A>. Security Policy Successful exploitation could disclose sensitive information.<P> Medium
105936 OpenSSH Command Injection Vulnerability (Generic) OpenSSH is the premier connectivity tool for remote login with the SSH protocol.  <P>

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. <P>
Affected Versions:<BR>
8.3p1 and prior versions of OpenSSH <P>

QID Detection Logic:<BR>
The QID checks for the vulnerable versions of OpenSSH and checks the presence of scp command by executing ‘which scp'<P>
Note : Affected version checked till 8.6p1 as per PoC.

No solution available from Linux vendors yet.<P>Workaround:<BR>As per upstream, because of the way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems. Making changes to how the scp command line works breaks the pattern used by scp consumers. Upstream therefore recommends the use of rsync in the place of scp for better security. More details about supported alternatives available at <A HREF=”https://access.redhat.com/articles/5284081″ TARGET=”_blank”>Red Hat guide</A>. Security Policy Successful exploitation could disclose sensitive information.<P> Medium
106072 EOL/Obsolete Operating System: Alpine Linux Version 3.12 Detected Alpine Linux up to 3.12 is obsolete from 1st May 2022 <P>

Affected versions:<BR>
Alpine Linux 3.12 <BR>

Refer to Alpine Linux advisory <A HREF=”https://alpinelinux.org/releases/” TARGET=”_blank”>Alpine Linux </A> and update to latest available software.<P> Security Policy Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
106078 EOL/Obsolete Operating System: Alpine Linux Version 3.8 Detected Alpine Linux Version 3.8 is obsolete from 1st May 2020 <P>

Affected versions:<BR>
Alpine Linux 3.8 <BR><P>

QID Detection Logic (authenticated):
The QID checks for Alpine Linux version using &quot;cat /etc/alpine-release&quot; command.

Refer to Alpine Linux advisory <A HREF=”https://alpinelinux.org/releases/” TARGET=”_blank”>Alpine Linux </A> and update to latest available software.<P> Security Policy Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
106084 EOL/Obsolete Operating System: Alpine Linux Version 3.6 Detected Alpine Linux Version 3.6 is obsolete from 1st May 2019 <P>

Affected versions:<BR>
Alpine Linux 3.6 <BR><P>

QID Detection Logic (authenticated):
The QID checks for Alpine Linux version using &quot;cat /etc/alpine-release&quot; command..

Refer to Alpine Linux advisory <A HREF=”https://alpinelinux.org/releases/” TARGET=”_blank”>Alpine Linux </A> and update to latest available software.<P> Security Policy Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
11845 PHP gd_gif_in.c Memory Corruption Vulnerability PHP is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.<P>
The vulnerability exists because the gdImageCreateFromGifCtx() GIF decoding function implemented in in gd_gif_in.c source file uses constant-sized color tables of size 3 * 256, but does not zero-out these arrays before use. An  unauthenticated, remote attacker could exploit this vulnerability by enticing a targeted user into visiting a malicious image and access sensitive information such as private keys.<P>
Affected Versions:<BR>
PHP versions prior to 5.6.31, 7.0.21 and 7.1.7<P>
QID Detection Login:<BR>
This unauthenticated detection remotely detects the version of PHP and the authenticated detection obtains PHP version by running &quot;php -v&quot; command.
Customers are advised to upgrade to <A HREF=”http://php.net/downloads.php” TARGET=”_blank”>PHP 5.6.31, 7.0.21, 7.1.7</A> or later versions to remediate this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”http://php.net/downloads.php” TARGET=”_blank”>PHP 5.6.31, 7.0.21, 7.1.7 or later</A>
CGI Successful exploitation allows an unauthenticated remote attacker to obtain sensitive information or crash the application resulting in a denial-of-service condition. Medium
176197 Debian Security Update for openssl (DSA 4018-1) Debian has released security update for openssl to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00280.html” TARGET=”_blank”>DSA 4018-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00280.html” TARGET=”_blank”>DSA 4018-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
176221 Debian Security Update for procmail (DSA 4041-1) Debian has released security update for procmail to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00304.html” TARGET=”_blank”>DSA 4041-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00304.html” TARGET=”_blank”>DSA 4041-1:Debian</A>
Debian This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Medium
176248 Debian Security Update for php5 (DSA 4081-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00003.html” TARGET=”_blank”>DSA 4081-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00003.html” TARGET=”_blank”>DSA 4081-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system.<P> Medium
176257 Debian Security Update for sensible-utils (DSA 4071-1) Debian has released security update for sensible-utils to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00334.html” TARGET=”_blank”>DSA 4071-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00334.html” TARGET=”_blank”>DSA 4071-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176266 Debian Security Update for libxml2 (DSA 4086-1) Debian has released security update for libxml2 to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00008.html” TARGET=”_blank”>DSA 4086-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00008.html” TARGET=”_blank”>DSA 4086-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176298 Debian Security Update for gcc-4.9 (DSA 4117-1) Debian has released security update for gcc-4.9 to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00042.html” TARGET=”_blank”>DSA 4117-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00042.html” TARGET=”_blank”>DSA 4117-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176339 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4157-1) Debian has released security update for openssl to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00083.html” TARGET=”_blank”>DSA 4157-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00083.html” TARGET=”_blank”>DSA 4157-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176345 Debian Security Update for apache2 (DSA 4164-1) Debian has released security update for apache2 to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00090.html” TARGET=”_blank”>DSA 4164-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00090.html” TARGET=”_blank”>DSA 4164-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176355 Debian Security Update for perl (DSA 4172-1) Debian has released security update for perl to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00099.html” TARGET=”_blank”>DSA 4172-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00099.html” TARGET=”_blank”>DSA 4172-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176389 Debian Security Update for procps (DSA 4208-1) Debian has released security update for procps to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00135.html” TARGET=”_blank”>DSA 4208-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00135.html” TARGET=”_blank”>DSA 4208-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Medium
176407 Debian Security Update for gnupg (DSA 4224-1) Debian has released security update for gnupg to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00153.html” TARGET=”_blank”>DSA 4224-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00153.html” TARGET=”_blank”>DSA 4224-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176409 Debian Security Update for perl (DSA 4226-1) Debian has released security update for perl to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00155.html” TARGET=”_blank”>DSA 4226-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00155.html” TARGET=”_blank”>DSA 4226-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
176633 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 1701-1) Debian has released security update for openssl to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html” TARGET=”_blank”>DLA 1701-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html” TARGET=”_blank”>DLA 1701-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Medium
176641 Debian Security Update for systemd (DLA 1711-1) Debian has released security update for systemd to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html” TARGET=”_blank”>DLA 1711-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html” TARGET=”_blank”>DLA 1711-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176669 Debian Security Update for php5 (DLA 1674-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00020.html” TARGET=”_blank”>DLA 1674-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00020.html” TARGET=”_blank”>DLA 1674-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176674 Debian Security Update for php5 (DLA 1679-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00025.html” TARGET=”_blank”>DLA 1679-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00025.html” TARGET=”_blank”>DLA 1679-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176686 Debian Security Update for systemd (DLA 1684-1) Debian has released security update for systemd to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html” TARGET=”_blank”>DLA 1684-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html” TARGET=”_blank”>DLA 1684-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176692 Debian Security Update for file (DLA 1698-1) Debian has released security update for file to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html” TARGET=”_blank”>DLA 1698-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html” TARGET=”_blank”>DLA 1698-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176704 Debian Security Update for tzdata (DLA 1625-1) Debian has released security update for tzdata to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00001.html” TARGET=”_blank”>DLA 1625-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00001.html” TARGET=”_blank”>DLA 1625-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176711 Debian Security Update for sqlite3 (DLA 1633-1) Debian has released security update for sqlite3 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html” TARGET=”_blank”>DLA 1633-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html” TARGET=”_blank”>DLA 1633-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. High
176713 Debian Security Update for apt (DLA 1637-1) Debian has released security update for apt to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html” TARGET=”_blank”>DLA 1637-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html” TARGET=”_blank”>DLA 1637-1:Debian</A>
Debian This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. High
176715 Debian Security Update for systemd (DLA 1639-1) Debian has released security update for systemd to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html” TARGET=”_blank”>DLA 1639-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html” TARGET=”_blank”>DLA 1639-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176719 Debian Security Update for krb5 (DLA 1643-1) Debian has released security update for krb5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html” TARGET=”_blank”>DLA 1643-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html” TARGET=”_blank”>DLA 1643-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176721 Debian Security Update for apache2 (DLA 1647-1) Debian has released security update for apache2 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html” TARGET=”_blank”>DLA 1647-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html” TARGET=”_blank”>DLA 1647-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
176754 Debian Security Update for bash (DLA 1726-1) Debian has released security update for bash to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html” TARGET=”_blank”>DLA 1726-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html” TARGET=”_blank”>DLA 1726-1:Debian</A>
Debian This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Medium
176768 Debian Security Update for php5 (DLA 1741-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html” TARGET=”_blank”>DLA 1741-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html” TARGET=”_blank”>DLA 1741-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. High
176771 Debian Security Update for tzdata (DLA 1744-1) Debian has released security update for tzdata to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00001.html” TARGET=”_blank”>DLA 1744-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00001.html” TARGET=”_blank”>DLA 1744-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176777 Debian Security Update for apache2 (DLA 1748-1) Debian has released security update for apache2 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html” TARGET=”_blank”>DLA 1748-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html” TARGET=”_blank”>DLA 1748-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176781 Debian Security Update for gcc-4.9 (DLA 1606-1) Debian has released security update for gcc-4.9 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00003.html” TARGET=”_blank”>DLA 1606-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00003.html” TARGET=”_blank”>DLA 1606-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176782 Debian Security Update for php5 (DLA 1608-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html” TARGET=”_blank”>DLA 1608-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html” TARGET=”_blank”>DLA 1608-1:Debian</A>
Debian This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. High
176787 Debian Security Update for sqlite3 (DLA 1613-1) Debian has released security update for sqlite3 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html” TARGET=”_blank”>DLA 1613-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html” TARGET=”_blank”>DLA 1613-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176801 Debian Security Update for tar (DLA 1623-1) Debian has released security update for tar to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html” TARGET=”_blank”>DLA 1623-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html” TARGET=”_blank”>DLA 1623-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176809 Debian Security Update for tzdata (DLA 1563-1) Debian has released security update for tzdata to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00000.html” TARGET=”_blank”>DLA 1563-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00000.html” TARGET=”_blank”>DLA 1563-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
176823 Debian Security Update for systemd (DLA 1580-1) Debian has released security update for systemd to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html” TARGET=”_blank”>DLA 1580-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html” TARGET=”_blank”>DLA 1580-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. High
176828 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 1586-1) Debian has released security update for openssl to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html” TARGET=”_blank”>DLA 1586-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html” TARGET=”_blank”>DLA 1586-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Medium
176849 Debian Security Update for perl (DLA 1601-1) Debian has released security update for perl to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html” TARGET=”_blank”>DLA 1601-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html” TARGET=”_blank”>DLA 1601-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. High
176866 Debian Security Update for systemd (DLA 1762-1) Debian has released security update for systemd to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html” TARGET=”_blank”>DLA 1762-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html” TARGET=”_blank”>DLA 1762-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176923 Debian Security Update for systemd (DLA 1762-2) Debian has released security update for systemd to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00026.html” TARGET=”_blank”>DLA 1762-2</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00026.html” TARGET=”_blank”>DLA 1762-2:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176945 Debian Security Update for php5 (DLA 1803-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html” TARGET=”_blank”>DLA 1803-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html” TARGET=”_blank”>DLA 1803-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
176985 Debian Security Update for php5 (DLA 1813-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00000.html” TARGET=”_blank”>DLA 1813-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00000.html” TARGET=”_blank”>DLA 1813-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
177020 Debian Security Update for bzip2 (DLA 1833-1) Debian has released security update for bzip2 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html” TARGET=”_blank”>DLA 1833-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html” TARGET=”_blank”>DLA 1833-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. High
177021 Debian Security Update for python2.7 (DLA 1834-1) Debian has released security update for python2.7 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html” TARGET=”_blank”>DLA 1834-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html” TARGET=”_blank”>DLA 1834-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Medium
177042 Debian Security Update for expat (DLA 1839-1) Debian has released security update for expat to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html” TARGET=”_blank”>DLA 1839-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html” TARGET=”_blank”>DLA 1839-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
177054 Debian Security Update for libonig (DLA 1854-1) Debian has released security update for libonig to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html” TARGET=”_blank”>DLA 1854-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html” TARGET=”_blank”>DLA 1854-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177090 Debian Security Update for php5 (DLA 1878-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html” TARGET=”_blank”>DLA 1878-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html” TARGET=”_blank”>DLA 1878-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
177117 Debian Security Update for gnutls28 (DLA 1560-1) Debian has released security update for gnutls28 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html” TARGET=”_blank”>DLA 1560-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html” TARGET=”_blank”>DLA 1560-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Medium
177119 Debian Security Update for php5 (DLA 1490-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html” TARGET=”_blank”>DLA 1490-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html” TARGET=”_blank”>DLA 1490-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Medium
177136 Debian Security Update for php5 (DLA 1509-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html” TARGET=”_blank”>DLA 1509-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html” TARGET=”_blank”>DLA 1509-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
177205 Debian Security Update for php5 (DLA 1397-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html” TARGET=”_blank”>DLA 1397-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html” TARGET=”_blank”>DLA 1397-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. High
177217 Debian Security Update for libgcrypt20 (DLA 1405-1) Debian has released security update for libgcrypt20 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html” TARGET=”_blank”>DLA 1405-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html” TARGET=”_blank”>DLA 1405-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Low
177229 Debian Security Update for libxml2 (DLA 1524-1) Debian has released security update for libxml2 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html” TARGET=”_blank”>DLA 1524-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html” TARGET=”_blank”>DLA 1524-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177256 Debian Long Term Support (LTS) Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 1449-1) Debian has released security update for openssl to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html” TARGET=”_blank”>DLA 1449-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html” TARGET=”_blank”>DLA 1449-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177291 Debian Security Update for openldap (DLA 1891-1) Debian has released security update for openldap to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html” TARGET=”_blank”>DLA 1891-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html” TARGET=”_blank”>DLA 1891-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Medium
177299 Debian Security Update for apache2 (DLA 1900-1) Debian has released security update for apache2 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html” TARGET=”_blank”>DLA 1900-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html” TARGET=”_blank”>DLA 1900-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
177320 Debian Security Update for python2.7 (DLA 1925-1) Debian has released security update for python2.7 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html” TARGET=”_blank”>DLA 1925-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html” TARGET=”_blank”>DLA 1925-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Medium
177324 Debian Security Update for expat (DLA 1912-1) Debian has released security update for expat to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00005.html” TARGET=”_blank”>DLA 1912-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00005.html” TARGET=”_blank”>DLA 1912-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177326 Debian Security Update for libonig (DLA 1918-1) Debian has released security update for libonig to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html” TARGET=”_blank”>DLA 1918-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html” TARGET=”_blank”>DLA 1918-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177348 Debian Security Update for php5 (DLA 1928-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00023.html” TARGET=”_blank”>DLA 1928-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00023.html” TARGET=”_blank”>DLA 1928-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
177349 Debian Security Update for libgcrypt20 (DLA 1931-1) Debian has released security update for libgcrypt20 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html” TARGET=”_blank”>DLA 1931-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html” TARGET=”_blank”>DLA 1931-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177351 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 1932-1) Debian has released security update for openssl to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html” TARGET=”_blank”>DLA 1932-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html” TARGET=”_blank”>DLA 1932-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Medium
177354 Debian Security Update for e2fsprogs (DLA 1935-1) Debian has released security update for e2fsprogs to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html” TARGET=”_blank”>DLA 1935-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html” TARGET=”_blank”>DLA 1935-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177359 Debian Security Update for apache2 (DLA 1900-2) Debian has released security update for apache2 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html” TARGET=”_blank”>DLA 1900-2</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html” TARGET=”_blank”>DLA 1900-2:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
177380 Debian Security Update for apt (DLA 1637-1) Debian has released security update for apt to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html” TARGET=”_blank”>DLA 1637-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html” TARGET=”_blank”>DLA 1637-1:Debian</A>
Debian This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. High
177412 Debian Security Update for tzdata (DLA 1957-1) Debian has released security update for tzdata to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00016.html” TARGET=”_blank”>DLA 1957-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00016.html” TARGET=”_blank”>DLA 1957-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
177425 Debian Security Update for file (DLA 1969-1) Debian has released security update for file to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html” TARGET=”_blank”>DLA 1969-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html” TARGET=”_blank”>DLA 1969-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. High
177426 Debian Security Update for php5 (DLA 1970-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00033.html” TARGET=”_blank”>DLA 1970-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00033.html” TARGET=”_blank”>DLA 1970-1:Debian</A>
Debian Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on vulnerable server. High
177442 Microsoft Defender For Cloud mock vulnerability (not a threat) Microsoft Defender For Cloud mock vulnerability (not a threat) This is a simulated vulnerability. No action required Debian This is simulated vulnerability. No impact. High
177509 Debian Security Update for libonig (DLA 2020-1) Debian has released security update for libonig to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html” TARGET=”_blank”>DLA 2020-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html” TARGET=”_blank”>DLA 2020-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. High
177559 Debian Security Update for php5 (DLA 2050-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html” TARGET=”_blank”>DLA 2050-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html” TARGET=”_blank”>DLA 2050-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
177560 Debian Security Update for libbsd (DLA 2052-1) Debian has released security update for libbsd to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html” TARGET=”_blank”>DLA 2052-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html” TARGET=”_blank”>DLA 2052-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. High
177564 Debian Security Update for cyrus-sasl2 (DLA 2044-1) Debian has released security update for cyrus-sasl2 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html” TARGET=”_blank”>DLA 2044-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html” TARGET=”_blank”>DLA 2044-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
177566 Debian Security Update for libxml2 (DLA 2048-1) Debian has released security update for libxml2 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html” TARGET=”_blank”>DLA 2048-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html” TARGET=”_blank”>DLA 2048-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177571 Debian Security Update for libgcrypt20 (DLA 1931-2) Debian has released security update for libgcrypt20 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html” TARGET=”_blank”>DLA 1931-2</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html” TARGET=”_blank”>DLA 1931-2:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177622 Debian Security Update for zlib (DLA 2085-1) Debian has released security update for zlib to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html” TARGET=”_blank”>DLA 2085-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html” TARGET=”_blank”>DLA 2085-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. High
177676 Debian Security Update for php5 (DLA 2124-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html” TARGET=”_blank”>DLA 2124-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html” TARGET=”_blank”>DLA 2124-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177707 Debian Security Update for e2fsprogs (DLA 2156-1) Debian has released security update for e2fsprogs to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html” TARGET=”_blank”>DLA 2156-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html” TARGET=”_blank”>DLA 2156-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177725 Debian Security Update for icu (DSA 4646-1) Debian has released security update for icu to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00049.html” TARGET=”_blank”>DSA 4646-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00049.html” TARGET=”_blank”>DSA 4646-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
177732 Debian Security Update for gnutls28 (DSA 4652-1) Debian has released security update for gnutls28 to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00055.html” TARGET=”_blank”>DSA 4652-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00055.html” TARGET=”_blank”>DSA 4652-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
177741 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4661-1) Debian has released security update for openssl to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00064.html” TARGET=”_blank”>DSA 4661-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00064.html” TARGET=”_blank”>DSA 4661-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
177742 Debian Security Update for php5 (DLA 2160-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html” TARGET=”_blank”>DLA 2160-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html” TARGET=”_blank”>DLA 2160-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
177762 Debian Security Update for php5 (DLA 2188-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html” TARGET=”_blank”>DLA 2188-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html” TARGET=”_blank”>DLA 2188-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177781 Debian Security Update for openldap (DSA 4666-1) Debian has released security update for openldap to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00069.html” TARGET=”_blank”>DSA 4666-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00069.html” TARGET=”_blank”>DSA 4666-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
177804 Debian Security Update for apt (DSA 4685-1) Debian has released security update for apt to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00089.html” TARGET=”_blank”>DSA 4685-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00089.html” TARGET=”_blank”>DSA 4685-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Medium
177817 Debian Security Update for inetutils (DLA 2176-1) Debian has released security update for inetutils to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00012.html” TARGET=”_blank”>DLA 2176-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00012.html” TARGET=”_blank”>DLA 2176-1:Debian</A>
Debian This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. High
177829 Debian Security Update for openldap (DLA 2199-1) Debian has released security update for openldap to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html” TARGET=”_blank”>DLA 2199-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html” TARGET=”_blank”>DLA 2199-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177831 Debian Security Update for sqlite3 (DLA 2203-1) Debian has released security update for sqlite3 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html” TARGET=”_blank”>DLA 2203-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html” TARGET=”_blank”>DLA 2203-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177832 Debian Security Update for apt (DLA 2210-1) Debian has released security update for apt to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00013.html” TARGET=”_blank”>DLA 2210-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00013.html” TARGET=”_blank”>DLA 2210-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177834 Debian Security Update for sqlite3 (DLA 2221-1) Debian has released security update for sqlite3 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html” TARGET=”_blank”>DLA 2221-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html” TARGET=”_blank”>DLA 2221-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177837 Debian Security Update for gnutls28 (DSA 4697-1) Debian has released security update for gnutls28 to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00101.html” TARGET=”_blank”>DSA 4697-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00101.html” TARGET=”_blank”>DSA 4697-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
177847 Debian Security Update for json-c (DLA 2228-1) Debian has released security update for json-c to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html” TARGET=”_blank”>DLA 2228-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html” TARGET=”_blank”>DLA 2228-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177849 Debian Security Update for json-c (DLA 2228-2) Debian has released security update for json-c to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html” TARGET=”_blank”>DLA 2228-2</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html” TARGET=”_blank”>DLA 2228-2:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177913 Debian Security Update for libtasn1-6 (DLA 2255-1) Debian has released security update for libtasn1-6 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html” TARGET=”_blank”>DLA 2255-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html” TARGET=”_blank”>DLA 2255-1:Debian</A>
Debian This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
177922 Debian Security Update for php5 (DLA 2261-1) Debian has released security update for php5 to fix the vulnerabilities.<P> Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/06/msg00033.html” TARGET=”_blank”>DLA 2261-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/06/msg00033.html” TARGET=”_blank”>DLA 2261-1:Debian</A>
Debian This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. High
178179 Debian Security Update for openldap (DSA 4782-1) Debian has released security update for openldap to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00189.html” TARGET=”_blank”>msg00189</A>  for patching details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00189.html” TARGET=”_blank”>DSA 4782-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
178212 Debian Security Update for krb5 (DSA 4795-1) Debian has released security update for krb5 to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00202.html” TARGET=”_blank”>DSA 4795-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00202.html” TARGET=”_blank”>DSA 4795-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
178215 Debian Security Update for openldap (DSA 4792-1) Debian has released security update foropenldap to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00199.html” TARGET=”_blank”>DSA 4792-1</A>  for patching details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00199.html” TARGET=”_blank”>DSA 4792-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. High
178254 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4807-1) Debian has released security update for openssl to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00214.html” TARGET=”_blank”>DSA 4807-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00214.html” TARGET=”_blank”>DSA 4807-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
178268 Debian Security Update for apt (DSA 4808-1) Debian has released security update forapt
to fix the vulnerabilities.
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00215.html” TARGET=”_blank”>DSA 4808-1</A>  for patching details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00215.html” TARGET=”_blank”>DSA 4808-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
178316 Debian Security Update for p11-kit (DSA 4822-1) Debian has released security update forp11-kit
to fix the vulnerabilities.
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00000.html” TARGET=”_blank”>DSA 4822-1</A>  for patching details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00000.html” TARGET=”_blank”>DSA 4822-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
178391 Debian Security Update Multiple Vulnerabilities for perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.<BR>Perl is found to be affected by Heap based buffer overflow and integer overflow vulnerability.<P>

Affected OS:<BR>
Debian 9<BR>
Debian 10<P>

The Customers are advised to update Perl <A HREF=”https://tracker.debian.org/pkg/perl” TARGET=”_blank”>here</A>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://packages.debian.org/source/buster/perl” TARGET=”_blank”>Debian 10</A><P> <A HREF=”https://packages.debian.org/source/stretch/perl” TARGET=”_blank”>Debian 9</A>
Debian Successful exploitation can result in disruption of service. High
178399 Debian Security Update for openldap (DSA 4845-1) Debian has released security update for openldap to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00025.html” TARGET=”_blank”>DSA 4845-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00025.html” TARGET=”_blank”>DSA 4845-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
178423 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4855-1) Debian has released security update foropenssl
to fix the vulnerabilities.
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00035.html” TARGET=”_blank”>DSA 4855-1</A>  for patching details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00035.html” TARGET=”_blank”>DSA 4855-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
178448 Debian Security Update for subversion (DSA 4851-1) Debian has released security update forsubversion
to fix the vulnerabilities.
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00032.html” TARGET=”_blank”>DSA 4851-1</A>  for patching details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00032.html” TARGET=”_blank”>DSA 4851-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. High
178450 Debian Security Update for openldap (DSA 4860-1) Debian has released security update foropenldap
to fix the vulnerabilities.
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00041.html” TARGET=”_blank”>DSA 4860-1</A>  for patching details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00041.html” TARGET=”_blank”>DSA 4860-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
178486 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4875-1) Debian has released security update foropenssl
to fix the vulnerabilities.
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00056.html” TARGET=”_blank”>DSA 4875-1</A>  for patching details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00056.html” TARGET=”_blank”>DSA 4875-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. High
178522 Debian Security Update for curl (DSA 4881-1) Debian has released security update forcurl
to fix the vulnerabilities.
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00062.html” TARGET=”_blank”>DSA 4881-1</A>  for patching details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00062.html” TARGET=”_blank”>DSA 4881-1:Debian</A>
Debian Successful exploitation allows attacker to compromise the system. Medium
178626 Debian Security Update for libzstd (DSA 4850-1) Debian has released security update for libzstd to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00031.html” TARGET=”_blank”>DSA 4850-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00031.html” TARGET=”_blank”>DSA 4850-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
178628 Debian Security Update for libzstd (DSA 4859-1) Debian has released security update for libzstd to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00040.html” TARGET=”_blank”>DSA 4859-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00040.html” TARGET=”_blank”>DSA 4859-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
178632 Debian Security Update for lz4 (DSA 4919-1) Debian has released security update for lz4 to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00100.html” TARGET=”_blank”>DSA 4919-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00100.html” TARGET=”_blank”>DSA 4919-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
178677 Debian Security Update for nettle (DSA 4933-1) Debian has released security update for nettle to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00116.html” TARGET=”_blank”>DSA 4933-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00116.html” TARGET=”_blank”>DSA 4933-1:Debian</A>
Debian This vulnerability could be exploited to gain remote access to sensitive information and execute commands. Medium
178709 Debian Security Update for systemd (DSA 4942-1) Debian has released security update for systemd to fix the vulnerabilities.<P> Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00125.html” TARGET=”_blank”>DSA 4942-1</A> to address this issue and obtain further details.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00125.html” TARGET=”_blank”>DSA 4942-1:Debian</A>
Debian Successful exploitation allows an attacker to compromise the system. Medium
178721 Debian Security Update for krb5 (DSA 4944-1) Debian has released security update for krb5 to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00127.html” TARGET=”_blank”>DSA 4944-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00127.html” TARGET=”_blank”>DSA 4944-1:Debian</A>
Debian Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. Medium
178774 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4963-1) Debian has released security update for openssl to fix the vulnerabilities.<P><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00147.html” TARGET=”_blank”>DSA 4963-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00147.html” TARGET=”_blank”>DSA 4963-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. Medium
178915 Debian Security Update for icu (DSA 5014-1) Debian has released security update for icu to fix the vulnerabilities.<P><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00200.html” TARGET=”_blank”>DSA 5014-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00200.html” TARGET=”_blank”>DSA 5014-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. Medium
179068 Debian Security Update for expat (DSA 5073-1) Debian has released a security update for expat to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00040.html” TARGET=”_blank”>DSA 5073-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00040.html” TARGET=”_blank”>DSA 5073-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179091 Debian Security Update for expat (DSA 5085-1) Debian has released a security update for expat to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00052.html” TARGET=”_blank”>DSA 5085-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00052.html” TARGET=”_blank”>DSA 5085-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179093 Debian Security Update for cyrus-sasl2 (DSA 5087-1) Debian has released a security update for cyrus-sasl2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00054.html” TARGET=”_blank”>DSA 5087-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00054.html” TARGET=”_blank”>DSA 5087-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179127 Debian Security Update for debian-archive-keyring (DLA 2948-1) Debian has released a security update for debian-archive-keyring to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/03/msg00019.html” TARGET=”_blank”>DLA 2948-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/03/msg00019.html” TARGET=”_blank”>DLA 2948-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179142 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5103-1) Debian has released a security update for openssl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00071.html” TARGET=”_blank”>DSA 5103-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00071.html” TARGET=”_blank”>DSA 5103-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179143 Debian Security Update for expat (DSA 5085-2) Debian has released a security update for expat to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00069.html” TARGET=”_blank”>DSA 5085-2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00069.html” TARGET=”_blank”>DSA 5085-2:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179158 Debian Security Update for tiff (DSA 5108-1) Debian has released a security update for tiff to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00076.html” TARGET=”_blank”>DSA 5108-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00076.html” TARGET=”_blank”>DSA 5108-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179162 Debian Security Update for tzdata (DLA 2963-1) Debian has released a security update for tzdata to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/03/msg00036.html” TARGET=”_blank”>DLA 2963-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/03/msg00036.html” TARGET=”_blank”>DLA 2963-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179168 Debian Security Update for zlib (DSA 5111-1) Debian has released a security update for zlib to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00079.html” TARGET=”_blank”>DSA 5111-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00079.html” TARGET=”_blank”>DSA 5111-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179169 Debian Security Update for zlib (DLA 2968-1) Debian has released a security update for zlib to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html” TARGET=”_blank”>DLA 2968-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html” TARGET=”_blank”>DLA 2968-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179180 Debian Security Update for gzip (DLA 2976-1) Debian has released a security update for gzip to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00007.html” TARGET=”_blank”>DLA 2976-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00007.html” TARGET=”_blank”>DLA 2976-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179184 Debian Security Update for xz-utils (DLA 2977-1) Debian has released a security update for xz-utils to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00008.html” TARGET=”_blank”>DLA 2977-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00008.html” TARGET=”_blank”>DLA 2977-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179188 Debian Security Update for subversion (DSA 5119-1) Debian has released a security update for subversion to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00087.html” TARGET=”_blank”>DSA 5119-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00087.html” TARGET=”_blank”>DSA 5119-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179199 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-24048) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24048″ TARGET=”_blank”>CVE-2022-24048</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24048″ TARGET=”_blank”>CVE-2022-24048:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179207 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-24051) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24051″ TARGET=”_blank”>CVE-2022-24051</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24051″ TARGET=”_blank”>CVE-2022-24051:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179208 Debian Security Update for libxml2 (CVE-2022-23308) Debian has released a security update for libxml2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23308″ TARGET=”_blank”>CVE-2022-23308</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23308″ TARGET=”_blank”>CVE-2022-23308:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179218 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-24052) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24052″ TARGET=”_blank”>CVE-2022-24052</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24052″ TARGET=”_blank”>CVE-2022-24052:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179226 Debian Security Update for glibc (CVE-2022-23218) Debian has released a security update for glibc to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23218″ TARGET=”_blank”>CVE-2022-23218</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23218″ TARGET=”_blank”>CVE-2022-23218:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179233 Debian Security Update for glibc (CVE-2022-23219) Debian has released a security update for glibc to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23219″ TARGET=”_blank”>CVE-2022-23219</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23219″ TARGET=”_blank”>CVE-2022-23219:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179243 Debian Security Update for gzip (DSA 5122-1) Debian has released a security update for gzip to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00090.html” TARGET=”_blank”>DSA 5122-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00090.html” TARGET=”_blank”>DSA 5122-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179244 Debian Security Update for xz-utils (DSA 5123-1) Debian has released a security update for xz-utils to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00091.html” TARGET=”_blank”>DSA 5123-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00091.html” TARGET=”_blank”>DSA 5123-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179294 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5139-1) Debian has released a security update for openssl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00107.html” TARGET=”_blank”>DSA 5139-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00107.html” TARGET=”_blank”>DSA 5139-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179300 Debian Security Update for openldap (DSA 5140-1) Debian has released a security update for openldap to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00108.html” TARGET=”_blank”>DSA 5140-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00108.html” TARGET=”_blank”>DSA 5140-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179303 Debian Security Update for libxml2 (DSA 5142-1) Debian has released a security update for libxml2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00110.html” TARGET=”_blank”>DSA 5142-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00110.html” TARGET=”_blank”>DSA 5142-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179314 Debian Security Update for dpkg (DLA 3022-1) Debian has released a security update for dpkg to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html” TARGET=”_blank”>DLA 3022-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html” TARGET=”_blank”>DLA 3022-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179316 Debian Security Update for dpkg (DSA 5147-1) Debian has released a security update for dpkg to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00115.html” TARGET=”_blank”>DSA 5147-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00115.html” TARGET=”_blank”>DSA 5147-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179331 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-31624) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31624″ TARGET=”_blank”>CVE-2022-31624</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31624″ TARGET=”_blank”>CVE-2022-31624:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179332 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-31621) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31621″ TARGET=”_blank”>CVE-2022-31621</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31621″ TARGET=”_blank”>CVE-2022-31621:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179333 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-31623) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31623″ TARGET=”_blank”>CVE-2022-31623</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31623″ TARGET=”_blank”>CVE-2022-31623:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179334 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-31622) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31622″ TARGET=”_blank”>CVE-2022-31622</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31622″ TARGET=”_blank”>CVE-2022-31622:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179383 Debian Security Update for tzdata (DLA 3051-1) Debian has released a security update for tzdata to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/06/msg00016.html” TARGET=”_blank”>DLA 3051-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/06/msg00016.html” TARGET=”_blank”>DLA 3051-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179390 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46658) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46658″ TARGET=”_blank”>CVE-2021-46658</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46658″ TARGET=”_blank”>CVE-2021-46658:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179391 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46667) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46667″ TARGET=”_blank”>CVE-2021-46667</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46667″ TARGET=”_blank”>CVE-2021-46667:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179493 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5169-1) Debian has released a security update for openssl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00137.html” TARGET=”_blank”>DSA 5169-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00137.html” TARGET=”_blank”>DSA 5169-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179511 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-3449) Debian has released a security update for openssl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3449″ TARGET=”_blank”>CVE-2021-3449</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3449″ TARGET=”_blank”>CVE-2021-3449:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179583 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-23841) Debian has released a security update for openssl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23841″ TARGET=”_blank”>CVE-2021-23841</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23841″ TARGET=”_blank”>CVE-2021-23841:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179586 Debian Security Update for systemd (CVE-2021-3997) Debian has released a security update for systemd to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3997″ TARGET=”_blank”>CVE-2021-3997</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3997″ TARGET=”_blank”>CVE-2021-3997:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179602 Debian Security Update for postgresql-13postgresql-11 (CVE-2021-3677) Debian has released a security update for postgresql-13,postgresql-11 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3677″ TARGET=”_blank”>CVE-2021-3677</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3677″ TARGET=”_blank”>CVE-2021-3677:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179639 Debian Security Update for git (CVE-2021-40330) Debian has released a security update for git to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-40330″ TARGET=”_blank”>CVE-2021-40330</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-40330″ TARGET=”_blank”>CVE-2021-40330:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179664 Debian Security Update for git (CVE-2021-21300) Debian has released a security update for git to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-21300″ TARGET=”_blank”>CVE-2021-21300</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-21300″ TARGET=”_blank”>CVE-2021-21300:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179673 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2166) Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2166″ TARGET=”_blank”>CVE-2021-2166</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2166″ TARGET=”_blank”>CVE-2021-2166:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179677 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2389) Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2389″ TARGET=”_blank”>CVE-2021-2389</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2389″ TARGET=”_blank”>CVE-2021-2389:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179683 Debian Security Update for glib2.0 (CVE-2021-27218) Debian has released a security update for glib2.0 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27218″ TARGET=”_blank”>CVE-2021-27218</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27218″ TARGET=”_blank”>CVE-2021-27218:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179731 Debian Security Update for postgresql-13postgresql-11 (CVE-2021-3393) Debian has released a security update for postgresql-13,postgresql-11 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3393″ TARGET=”_blank”>CVE-2021-3393</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3393″ TARGET=”_blank”>CVE-2021-3393:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179739 Debian Security Update for glib2.0 (CVE-2021-27219) Debian has released a security update for glib2.0 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27219″ TARGET=”_blank”>CVE-2021-27219</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27219″ TARGET=”_blank”>CVE-2021-27219:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179744 Debian Security Update for openexr (CVE-2021-23169) Debian has released a security update for openexr to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23169″ TARGET=”_blank”>CVE-2021-23169</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23169″ TARGET=”_blank”>CVE-2021-23169:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179762 Debian Security Update for python3.7python2.7python3.9 (CVE-2021-3177) Debian has released a security update for python3.7,python2.7,python3.9 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3177″ TARGET=”_blank”>CVE-2021-3177</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3177″ TARGET=”_blank”>CVE-2021-3177:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179849 Debian Security Update for mariadb-10.1mariadb-10.3mariadb-10.5 (CVE-2021-2022) Debian has released a security update for mariadb-10.1,mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2022″ TARGET=”_blank”>CVE-2021-2022</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2022″ TARGET=”_blank”>CVE-2021-2022:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179856 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-27928) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27928″ TARGET=”_blank”>CVE-2021-27928</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27928″ TARGET=”_blank”>CVE-2021-27928:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179917 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46657) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46657″ TARGET=”_blank”>CVE-2021-46657</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46657″ TARGET=”_blank”>CVE-2021-46657:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179935 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-3450) Debian has released a security update for openssl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3450″ TARGET=”_blank”>CVE-2021-3450</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3450″ TARGET=”_blank”>CVE-2021-3450:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
179948 Debian Security Update for libzstd (CVE-2021-24031) Debian has released a security update for libzstd to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-24031″ TARGET=”_blank”>CVE-2021-24031</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-24031″ TARGET=”_blank”>CVE-2021-24031:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179967 Debian Security Update for curl (CVE-2021-22890) Debian has released a security update for curl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-22890″ TARGET=”_blank”>CVE-2021-22890</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-22890″ TARGET=”_blank”>CVE-2021-22890:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
179969 Debian Security Update for libxml2 (CVE-2021-3517) Debian has released a security update for libxml2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3517″ TARGET=”_blank”>CVE-2021-3517</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3517″ TARGET=”_blank”>CVE-2021-3517:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180057 Debian Security Update for postgresql-13 (CVE-2021-32029) Debian has released a security update for postgresql-13 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32029″ TARGET=”_blank”>CVE-2021-32029</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32029″ TARGET=”_blank”>CVE-2021-32029:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180068 Debian Security Update for curl (CVE-2021-22876) Debian has released a security update for curl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-22876″ TARGET=”_blank”>CVE-2021-22876</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-22876″ TARGET=”_blank”>CVE-2021-22876:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180134 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-23839) Debian has released a security update for openssl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23839″ TARGET=”_blank”>CVE-2021-23839</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23839″ TARGET=”_blank”>CVE-2021-23839:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180141 Debian Security Update for postgresql-13 (CVE-2021-32028) Debian has released a security update for postgresql-13 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32028″ TARGET=”_blank”>CVE-2021-32028</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32028″ TARGET=”_blank”>CVE-2021-32028:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180164 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2154) Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2154″ TARGET=”_blank”>CVE-2021-2154</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2154″ TARGET=”_blank”>CVE-2021-2154:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180169 Debian Security Update for gnutls28 (CVE-2021-20232) Debian has released a security update for gnutls28 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20232″ TARGET=”_blank”>CVE-2021-20232</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20232″ TARGET=”_blank”>CVE-2021-20232:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180179 Debian Security Update for systemd (DLA 3063-1) Debian has released a security update for systemd to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html” TARGET=”_blank”>DLA 3063-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html” TARGET=”_blank”>DLA 3063-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180182 Debian Security Update for libxml2 (CVE-2021-3518) Debian has released a security update for libxml2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3518″ TARGET=”_blank”>CVE-2021-3518</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3518″ TARGET=”_blank”>CVE-2021-3518:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180209 Debian Security Update for krb5 (CVE-2021-36222) Debian has released a security update for krb5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-36222″ TARGET=”_blank”>CVE-2021-36222</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-36222″ TARGET=”_blank”>CVE-2021-36222:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180224 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46662) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46662″ TARGET=”_blank”>CVE-2021-46662</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46662″ TARGET=”_blank”>CVE-2021-46662:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180240 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46661) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46661″ TARGET=”_blank”>CVE-2021-46661</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46661″ TARGET=”_blank”>CVE-2021-46661:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180242 Debian Security Update for libxml2 (CVE-2021-3537) Debian has released a security update for libxml2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3537″ TARGET=”_blank”>CVE-2021-3537</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3537″ TARGET=”_blank”>CVE-2021-3537:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180276 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46663) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46663″ TARGET=”_blank”>CVE-2021-46663</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46663″ TARGET=”_blank”>CVE-2021-46663:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180301 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46668) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46668″ TARGET=”_blank”>CVE-2021-46668</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46668″ TARGET=”_blank”>CVE-2021-46668:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180305 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-35604) Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-35604″ TARGET=”_blank”>CVE-2021-35604</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-35604″ TARGET=”_blank”>CVE-2021-35604:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180332 Debian Security Update for glibc (CVE-2021-33574) Debian has released a security update for glibc to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-33574″ TARGET=”_blank”>CVE-2021-33574</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-33574″ TARGET=”_blank”>CVE-2021-33574:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180347 Debian Security Update for libxml2 (CVE-2021-3516) Debian has released a security update for libxml2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3516″ TARGET=”_blank”>CVE-2021-3516</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3516″ TARGET=”_blank”>CVE-2021-3516:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180369 Debian Security Update for gmp (CVE-2021-43618) Debian has released a security update for gmp to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-43618″ TARGET=”_blank”>CVE-2021-43618</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-43618″ TARGET=”_blank”>CVE-2021-43618:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180373 Debian Security Update for glib2.0 (CVE-2021-28153) Debian has released a security update for glib2.0 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-28153″ TARGET=”_blank”>CVE-2021-28153</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-28153″ TARGET=”_blank”>CVE-2021-28153:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180390 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46665) Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46665″ TARGET=”_blank”>CVE-2021-46665</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46665″ TARGET=”_blank”>CVE-2021-46665:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180396 Debian Security Update for openldap (CVE-2021-27212) Debian has released a security update for openldap to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27212″ TARGET=”_blank”>CVE-2021-27212</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27212″ TARGET=”_blank”>CVE-2021-27212:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180421 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46664) Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46664″ TARGET=”_blank”>CVE-2021-46664</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46664″ TARGET=”_blank”>CVE-2021-46664:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180441 Debian Security Update for sqlite3 (CVE-2021-20227) Debian has released a security update for sqlite3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20227″ TARGET=”_blank”>CVE-2021-20227</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20227″ TARGET=”_blank”>CVE-2021-20227:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180459 Debian Security Update for glibc (CVE-2021-43396) Debian has released a security update for glibc to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-43396″ TARGET=”_blank”>CVE-2021-43396</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-43396″ TARGET=”_blank”>CVE-2021-43396:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180473 Debian Security Update for postgresql-13 (CVE-2021-32027) Debian has released a security update for postgresql-13 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32027″ TARGET=”_blank”>CVE-2021-32027</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32027″ TARGET=”_blank”>CVE-2021-32027:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180479 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46659) Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46659″ TARGET=”_blank”>CVE-2021-46659</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46659″ TARGET=”_blank”>CVE-2021-46659:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180517 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2194) Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2194″ TARGET=”_blank”>CVE-2021-2194</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2194″ TARGET=”_blank”>CVE-2021-2194:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180528 Debian Security Update for icuchromium (CVE-2021-30535) Debian has released a security update for icu,chromium to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-30535″ TARGET=”_blank”>CVE-2021-30535</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-30535″ TARGET=”_blank”>CVE-2021-30535:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180540 Debian Security Update for libxml2 (CVE-2021-3541) Debian has released a security update for libxml2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3541″ TARGET=”_blank”>CVE-2021-3541</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3541″ TARGET=”_blank”>CVE-2021-3541:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180548 Debian Security Update for gnutls28 (CVE-2021-20231) Debian has released a security update for gnutls28 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20231″ TARGET=”_blank”>CVE-2021-20231</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20231″ TARGET=”_blank”>CVE-2021-20231:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180558 Debian Security Update for libgcrypt20 (CVE-2021-40528) Debian has released a security update for libgcrypt20 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-40528″ TARGET=”_blank”>CVE-2021-40528</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-40528″ TARGET=”_blank”>CVE-2021-40528:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180566 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-23840) Debian has released a security update for openssl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23840″ TARGET=”_blank”>CVE-2021-23840</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23840″ TARGET=”_blank”>CVE-2021-23840:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180574 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2372) Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2372″ TARGET=”_blank”>CVE-2021-2372</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2372″ TARGET=”_blank”>CVE-2021-2372:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180578 Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46666) Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46666″ TARGET=”_blank”>CVE-2021-46666</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46666″ TARGET=”_blank”>CVE-2021-46666:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180600 Debian Security Update for krb5 (CVE-2021-37750) Debian has released a security update for krb5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-37750″ TARGET=”_blank”>CVE-2021-37750</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-37750″ TARGET=”_blank”>CVE-2021-37750:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180842 Debian Security Update for gnutls28 (CVE-2021-4209) Debian has released a security update for gnutls28 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-4209″ TARGET=”_blank”>CVE-2021-4209</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-4209″ TARGET=”_blank”>CVE-2021-4209:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180843 Debian Security Update for freetype (CVE-2022-27404) Debian has released a security update for freetype to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27404″ TARGET=”_blank”>CVE-2022-27404</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27404″ TARGET=”_blank”>CVE-2022-27404:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180848 Debian Security Update for freetype (CVE-2022-27406) Debian has released a security update for freetype to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27406″ TARGET=”_blank”>CVE-2022-27406</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27406″ TARGET=”_blank”>CVE-2022-27406:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180880 Debian Security Update for freetype (CVE-2022-27405) Debian has released a security update for freetype to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27405″ TARGET=”_blank”>CVE-2022-27405</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27405″ TARGET=”_blank”>CVE-2022-27405:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180909 Debian Security Update for curl (DSA 5197-1) Debian has released a security update for curl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00166.html” TARGET=”_blank”>DSA 5197-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00166.html” TARGET=”_blank”>DSA 5197-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180920 Debian Security Update for libtirpc (DSA 5200-1) Debian has released a security update for libtirpc to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00170.html” TARGET=”_blank”>DSA 5200-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00170.html” TARGET=”_blank”>DSA 5200-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180922 Debian Security Update for gnutls28 (DSA 5203-1) Debian has released a security update for gnutls28 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00172.html” TARGET=”_blank”>DSA 5203-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00172.html” TARGET=”_blank”>DSA 5203-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180923 Debian Security Update for unzip (DSA 5202-1) Debian has released a security update for unzip to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00171.html” TARGET=”_blank”>DSA 5202-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00171.html” TARGET=”_blank”>DSA 5202-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180935 Debian Security Update for postgresql-11 (DLA 3072-1) Debian has released a security update for postgresql-11 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00003.html” TARGET=”_blank”>DLA 3072-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00003.html” TARGET=”_blank”>DLA 3072-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180936 Debian Security Update for gnutls28 (DLA 3070-1) Debian has released a security update for gnutls28 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html” TARGET=”_blank”>DLA 3070-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html” TARGET=”_blank”>DLA 3070-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180942 Debian Security Update for net-snmp (DSA 5209-1) Debian has released a security update for net-snmp to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00178.html” TARGET=”_blank”>DSA 5209-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00178.html” TARGET=”_blank”>DSA 5209-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180952 Debian Security Update for systemd (CVE-2022-2526) Debian has released a security update for systemd to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-2526″ TARGET=”_blank”>CVE-2022-2526</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-2526″ TARGET=”_blank”>CVE-2022-2526:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
180960 Debian Security Update for libxslt (DSA 5216-1) Debian has released a security update for libxslt to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00185.html” TARGET=”_blank”>DSA 5216-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00185.html” TARGET=”_blank”>DSA 5216-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180965 Debian Security Update for zlib (DSA 5218-1) Debian has released a security update for zlib to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00187.html” TARGET=”_blank”>DSA 5218-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00187.html” TARGET=”_blank”>DSA 5218-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
180969 Debian Security Update for curl (DLA 3085-1) Debian has released a security update for curl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html” TARGET=”_blank”>DLA 3085-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html” TARGET=”_blank”>DLA 3085-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181001 Debian Security Update for libxslt (DLA 3101-1) Debian has released a security update for libxslt to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html” TARGET=”_blank”>DLA 3101-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html” TARGET=”_blank”>DLA 3101-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181006 Debian Security Update for glibc (CVE-2021-3999) Debian has released a security update for glibc to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3999″ TARGET=”_blank”>CVE-2021-3999</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3999″ TARGET=”_blank”>CVE-2021-3999:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181024 Debian Security Update for pcre2 (CVE-2022-1586) Debian has released a security update for pcre2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-1586″ TARGET=”_blank”>CVE-2022-1586</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-1586″ TARGET=”_blank”>CVE-2022-1586:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181032 Debian Security Update for pcre2 (CVE-2022-1587) Debian has released a security update for pcre2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-1587″ TARGET=”_blank”>CVE-2022-1587</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-1587″ TARGET=”_blank”>CVE-2022-1587:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181037 Debian Security Update for curl (CVE-2022-35252) Debian has released a security update for curl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-35252″ TARGET=”_blank”>CVE-2022-35252</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-35252″ TARGET=”_blank”>CVE-2022-35252:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
181046 Debian Security Update for zlib (DLA 3103-1) Debian has released a security update for zlib to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html” TARGET=”_blank”>DLA 3103-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html” TARGET=”_blank”>DLA 3103-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181051 Debian Security Update for sqlite3 (DLA 3107-1) Debian has released a security update for sqlite3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00016.html” TARGET=”_blank”>DLA 3107-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00016.html” TARGET=”_blank”>DLA 3107-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181058 Debian Security Update for glib2.0 (DLA 3110-1) Debian has released a security update for glib2.0 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html” TARGET=”_blank”>DLA 3110-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html” TARGET=”_blank”>DLA 3110-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181060 Debian Security Update for bzip2 (DLA 3112-1) Debian has released a security update for bzip2 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00022.html” TARGET=”_blank”>DLA 3112-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00022.html” TARGET=”_blank”>DLA 3112-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
181070 Debian Security Update for unzip (DLA 3118-1) Debian has released a security update for unzip to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html” TARGET=”_blank”>DLA 3118-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html” TARGET=”_blank”>DLA 3118-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
181073 Debian Security Update for expat (DSA 5236-1) Debian has released a security update for expat to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00205.html” TARGET=”_blank”>DSA 5236-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00205.html” TARGET=”_blank”>DSA 5236-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181088 Debian Security Update for mariadb-10.3 (DLA 3114-2) Debian has released a security update for mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00037.html” TARGET=”_blank”>DLA 3114-2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00037.html” TARGET=”_blank”>DLA 3114-2:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
181097 Debian Security Update for mariadb-10.3 (DLA 3114-1) Debian has released a security update for mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html” TARGET=”_blank”>DLA 3114-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html” TARGET=”_blank”>DLA 3114-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181102 Debian Security Update for tzdata (DLA 3134-1) Debian has released a security update for tzdata to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00003.html” TARGET=”_blank”>DLA 3134-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00003.html” TARGET=”_blank”>DLA 3134-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
181127 Debian Security Update for git (DLA 3145-1) Debian has released a security update for git to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html” TARGET=”_blank”>DLA 3145-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html” TARGET=”_blank”>DLA 3145-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181130 Debian Security Update for expat (DLA 3119-1) Debian has released a security update for expat to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html” TARGET=”_blank”>DLA 3119-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html” TARGET=”_blank”>DLA 3119-1</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181138 Debian Security Update for glibc (DLA 3152-1) Debian has released a security update for glibc to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html” TARGET=”_blank”>DLA 3152-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html” TARGET=”_blank”>DLA 3152-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181141 Debian Security Update for postgresql-13 (CVE-2022-2625) Debian has released a security update for postgresql-13 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-2625″ TARGET=”_blank”>CVE-2022-2625</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-2625″ TARGET=”_blank”>CVE-2022-2625:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181165 Debian Security Update for tzdata (DLA 3161-1) Debian has released a security update for tzdata to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00030.html” TARGET=”_blank”>DLA 3161-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00030.html” TARGET=”_blank”>DLA 3161-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
181170 Debian Security Update for expat (DLA 3165-1) Debian has released a security update for expat to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html” TARGET=”_blank”>DLA 3165-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html” TARGET=”_blank”>DLA 3165-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181173 Debian Security Update for ncurses (DLA 3167-1) Debian has released a security update for ncurses to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html” TARGET=”_blank”>DLA 3167-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html” TARGET=”_blank”>DLA 3167-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181183 Debian Security Update for python3.7 (DLA 3175-1) Debian has released a security update for python3.7 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html” TARGET=”_blank”>DLA 3175-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html” TARGET=”_blank”>DLA 3175-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181186 Debian Security Update for sqlite3 (CVE-2019-8457) Debian has released a security update for SQLite3 from 3.6.0 to and including 3.27.2 which are vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.<BR> Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2019-8457″ TARGET=”_blank”>CVE-2019-8457</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2019-8457″ TARGET=”_blank”>CVE-2019-8457</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.<BR> High
181197 Debian Security Update for pixman (DLA 3179-1) Debian has released a security update for pixman to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html” TARGET=”_blank”>DLA 3179-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html” TARGET=”_blank”>DLA 3179-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181214 Debian Security Update for postgresql-11 (DLA 3189-1) Debian has released a security update for postgresql-11 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00017.html” TARGET=”_blank”>DLA 3189-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00017.html” TARGET=”_blank”>DLA 3189-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
181259 Debian Security Update for krb5 (DLA 3213-1) Debian has released a security update for krb5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00041.html” TARGET=”_blank”>DLA 3213-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00041.html” TARGET=”_blank”>DLA 3213-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181315 Debian Security Update for openexr (DLA 3236-1) Debian has released a security update for openexr to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html” TARGET=”_blank”>DLA 3236-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html” TARGET=”_blank”>DLA 3236-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181320 Debian Security Update for git (DLA 3239-1) Debian has released a security update for git to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html” TARGET=”_blank”>DLA 3239-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html” TARGET=”_blank”>DLA 3239-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181321 Debian Security Update for git (DLA 3239-2) Debian has released a security update for git to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00026.html” TARGET=”_blank”>DLA 3239-2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00026.html” TARGET=”_blank”>DLA 3239-2:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181331 Debian Security Update for libde265 (DLA 3240-1) Debian has released a security update for libde265 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html” TARGET=”_blank”>DLA 3240-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html” TARGET=”_blank”>DLA 3240-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181340 Debian Security Update for mariadb-10.5 (CVE-2022-27378) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27378″ TARGET=”_blank”>CVE-2022-27378</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27378″ TARGET=”_blank”>CVE-2022-27378:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181343 Debian Security Update for mariadb-10.5 (CVE-2021-46669) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46669″ TARGET=”_blank”>CVE-2021-46669</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46669″ TARGET=”_blank”>CVE-2021-46669:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181344 Debian Security Update for mariadb-10.5 (CVE-2022-32087) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32087″ TARGET=”_blank”>CVE-2022-32087</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32087″ TARGET=”_blank”>CVE-2022-32087:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181345 Debian Security Update for mariadb-10.5 (CVE-2022-32088) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32088″ TARGET=”_blank”>CVE-2022-32088</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32088″ TARGET=”_blank”>CVE-2022-32088:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181349 Debian Security Update for mariadb-10.5 (CVE-2022-27380) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27380″ TARGET=”_blank”>CVE-2022-27380</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27380″ TARGET=”_blank”>CVE-2022-27380:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181350 Debian Security Update for mariadb-10.5 (CVE-2022-32091) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32091″ TARGET=”_blank”>CVE-2022-32091</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32091″ TARGET=”_blank”>CVE-2022-32091:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181351 Debian Security Update for mariadb-10.5 (CVE-2022-32082) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32082″ TARGET=”_blank”>CVE-2022-32082</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32082″ TARGET=”_blank”>CVE-2022-32082:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181355 Debian Security Update for mariadb-10.5 (CVE-2022-27457) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27457″ TARGET=”_blank”>CVE-2022-27457</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27457″ TARGET=”_blank”>CVE-2022-27457:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181359 Debian Security Update for mariadb-10.5 (CVE-2022-32085) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32085″ TARGET=”_blank”>CVE-2022-32085</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32085″ TARGET=”_blank”>CVE-2022-32085:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181360 Debian Security Update for mariadb-10.5 (CVE-2022-27377) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27377″ TARGET=”_blank”>CVE-2022-27377</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27377″ TARGET=”_blank”>CVE-2022-27377:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181368 Debian Security Update for mariadb-10.5 (CVE-2022-27451) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27451″ TARGET=”_blank”>CVE-2022-27451</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27451″ TARGET=”_blank”>CVE-2022-27451:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181369 Debian Security Update for mariadb-10.5 (CVE-2022-32084) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32084″ TARGET=”_blank”>CVE-2022-32084</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32084″ TARGET=”_blank”>CVE-2022-32084:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181370 Debian Security Update for mariadb-10.5 (CVE-2022-27456) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27456″ TARGET=”_blank”>CVE-2022-27456</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27456″ TARGET=”_blank”>CVE-2022-27456:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181378 Debian Security Update for mariadb-10.5 (CVE-2022-27386) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27386″ TARGET=”_blank”>CVE-2022-27386</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27386″ TARGET=”_blank”>CVE-2022-27386:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181380 Debian Security Update for mariadb-10.5 (CVE-2022-27452) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27452″ TARGET=”_blank”>CVE-2022-27452</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27452″ TARGET=”_blank”>CVE-2022-27452:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181382 Debian Security Update for mariadb-10.5 (CVE-2022-32081) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32081″ TARGET=”_blank”>CVE-2022-32081</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32081″ TARGET=”_blank”>CVE-2022-32081:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181384 Debian Security Update for mariadb-10.5 (CVE-2022-27449) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27449″ TARGET=”_blank”>CVE-2022-27449</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27449″ TARGET=”_blank”>CVE-2022-27449:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181386 Debian Security Update for mariadb-10.5 (CVE-2022-27387) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27387″ TARGET=”_blank”>CVE-2022-27387</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27387″ TARGET=”_blank”>CVE-2022-27387:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181388 Debian Security Update for mariadb-10.5 (CVE-2022-27455) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27455″ TARGET=”_blank”>CVE-2022-27455</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27455″ TARGET=”_blank”>CVE-2022-27455:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181389 Debian Security Update for mariadb-10.5 (CVE-2022-27376) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27376″ TARGET=”_blank”>CVE-2022-27376</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27376″ TARGET=”_blank”>CVE-2022-27376:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181393 Debian Security Update for mariadb-10.5 (CVE-2022-27379) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27379″ TARGET=”_blank”>CVE-2022-27379</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27379″ TARGET=”_blank”>CVE-2022-27379:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181396 Debian Security Update for mariadb-10.5 (CVE-2022-32086) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32086″ TARGET=”_blank”>CVE-2022-32086</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32086″ TARGET=”_blank”>CVE-2022-32086:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181397 Debian Security Update for mariadb-10.5 (CVE-2022-27382) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27382″ TARGET=”_blank”>CVE-2022-27382</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27382″ TARGET=”_blank”>CVE-2022-27382:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181398 Debian Security Update for mariadb-10.5 (CVE-2022-32083) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32083″ TARGET=”_blank”>CVE-2022-32083</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32083″ TARGET=”_blank”>CVE-2022-32083:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181400 Debian Security Update for mariadb-10.5 (CVE-2022-27445) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27445″ TARGET=”_blank”>CVE-2022-27445</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27445″ TARGET=”_blank”>CVE-2022-27445:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181403 Debian Security Update for mariadb-10.5 (CVE-2022-27381) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27381″ TARGET=”_blank”>CVE-2022-27381</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27381″ TARGET=”_blank”>CVE-2022-27381:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181406 Debian Security Update for mariadb-10.5 (CVE-2022-27447) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27447″ TARGET=”_blank”>CVE-2022-27447</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27447″ TARGET=”_blank”>CVE-2022-27447:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181409 Debian Security Update for mariadb-10.5 (CVE-2022-38791) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-38791″ TARGET=”_blank”>CVE-2022-38791</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-38791″ TARGET=”_blank”>CVE-2022-38791:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
181410 Debian Security Update for mariadb-10.5 (CVE-2022-27458) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27458″ TARGET=”_blank”>CVE-2022-27458</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27458″ TARGET=”_blank”>CVE-2022-27458:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181412 Debian Security Update for mariadb-10.5 (CVE-2022-27446) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27446″ TARGET=”_blank”>CVE-2022-27446</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27446″ TARGET=”_blank”>CVE-2022-27446:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181417 Debian Security Update for mariadb-10.5 (CVE-2022-27448) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27448″ TARGET=”_blank”>CVE-2022-27448</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27448″ TARGET=”_blank”>CVE-2022-27448:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181421 Debian Security Update for mariadb-10.5 (CVE-2022-32089) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32089″ TARGET=”_blank”>CVE-2022-32089</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32089″ TARGET=”_blank”>CVE-2022-32089:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181425 Debian Security Update for mariadb-10.5 (CVE-2022-27383) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27383″ TARGET=”_blank”>CVE-2022-27383</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27383″ TARGET=”_blank”>CVE-2022-27383:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181427 Debian Security Update for mariadb-10.5 (CVE-2022-27384) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27384″ TARGET=”_blank”>CVE-2022-27384</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27384″ TARGET=”_blank”>CVE-2022-27384:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181428 Debian Security Update for mariadb-10.5 (CVE-2022-27444) Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27444″ TARGET=”_blank”>CVE-2022-27444</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27444″ TARGET=”_blank”>CVE-2022-27444:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181445 Debian Security Update for libksba (DLA 3248-1) Debian has released a security update for libksba to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html” TARGET=”_blank”>DLA 3248-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html” TARGET=”_blank”>DLA 3248-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181462 Debian Security Update for libtasn1-6 (DLA 3263-1) Debian has released a security update for libtasn1-6 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html” TARGET=”_blank”>DLA 3263-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html” TARGET=”_blank”>DLA 3263-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181488 Debian Security Update for tiff (DLA 3278-1) Debian has released a security update for tiff to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html” TARGET=”_blank”>DLA 3278-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html” TARGET=”_blank”>DLA 3278-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181500 Debian Security Update for libde265 (DLA 3280-1) Debian has released a security update for libde265 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html” TARGET=”_blank”>DLA 3280-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html” TARGET=”_blank”>DLA 3280-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181505 Debian Security Update for git (DLA 3282-1) Debian has released a security update for git to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00022.html” TARGET=”_blank”>DLA 3282-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00022.html” TARGET=”_blank”>DLA 3282-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181512 Debian Security Update for curl (DLA 3288-1) Debian has released a security update for curl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html” TARGET=”_blank”>DLA 3288-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html” TARGET=”_blank”>DLA 3288-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181525 Debian Security Update for tiff (DLA 3297-1) Debian has released a security update for tiff to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html” TARGET=”_blank”>DLA 3297-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html” TARGET=”_blank”>DLA 3297-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181555 Debian Security Update for postgresql-11 (DLA 3316-1) Debian has released a security update for postgresql-11 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00010.html” TARGET=”_blank”>DLA 3316-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00010.html” TARGET=”_blank”>DLA 3316-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181582 Debian Security Update for gnutls28 (DLA 3321-1) Debian has released a security update for gnutls28 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html” TARGET=”_blank”>DLA 3321-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html” TARGET=”_blank”>DLA 3321-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181593 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 3325-1) Debian has released a security update for openssl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html” TARGET=”_blank”>DLA 3325-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html” TARGET=”_blank”>DLA 3325-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181599 Debian Security Update for apr-util (DLA 3332-1) Debian has released a security update for apr-util to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00024.html” TARGET=”_blank”>DLA 3332-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00024.html” TARGET=”_blank”>DLA 3332-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181600 Debian Security Update for tiff (DLA 3333-1) Debian has released a security update for tiff to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html” TARGET=”_blank”>DLA 3333-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html” TARGET=”_blank”>DLA 3333-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
181605 Debian Security Update for mariadb-10.3 (DLA 3337-1) Debian has released a security update for mariadb-10.3 to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00031.html” TARGET=”_blank”>DLA 3337-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00031.html” TARGET=”_blank”>DLA 3337-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181607 Debian Security Update for git (DLA 3338-1) Debian has released a security update for git to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00032.html” TARGET=”_blank”>DLA 3338-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00032.html” TARGET=”_blank”>DLA 3338-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
181609 Debian Security Update for curl (DLA 3341-1) Debian has released a security update for curl to fix the vulnerabilities. Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html” TARGET=”_blank”>DLA 3341-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html” TARGET=”_blank”>DLA 3341-1:Debian</A>
Debian Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
197885 Ubuntu Security Notification for Apt Vulnerability (USN-4359-1) <P> It was discovered that APT incorrectly handled certain filenames during package installation.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-May/005431.html” TARGET=”_blank”>USN-4359-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.6.12ubuntu0.1″ TARGET=”_blank”>USN-4359-1:18.04 (bionic) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/2.0.2ubuntu0.1″ TARGET=”_blank”>USN-4359-1:20.04 (focal) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.9.4ubuntu0.1″ TARGET=”_blank”>USN-4359-1:19.10 (eoan) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.2.32ubuntu0.1″ TARGET=”_blank”>USN-4359-1:16.04 (Xenial) on src (apt)</A>
Ubuntu <P>  If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash.<P> Medium
197927 Ubuntu Security Notification for Curl Vulnerabilities (USN-4402-1) <P> It was discovered that curl incorrectly handled certain credentials.
<P> It was discovered that curl incorrectly handled certain parameters.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-June/005488.html” TARGET=”_blank”>USN-4402-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.9″ TARGET=”_blank”>USN-4402-1:18.04 (bionic) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.65.3-1ubuntu3.1″ TARGET=”_blank”>USN-4402-1:19.10 (eoan) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.65.3-1ubuntu3.1″ TARGET=”_blank”>USN-4402-1:19.10 (eoan) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.65.3-1ubuntu3.1″ TARGET=”_blank”>USN-4402-1:19.10 (eoan) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.9″ TARGET=”_blank”>USN-4402-1:18.04 (bionic) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.1″ TARGET=”_blank”>USN-4402-1:20.04 (focal) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.1″ TARGET=”_blank”>USN-4402-1:20.04 (focal) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.1″ TARGET=”_blank”>USN-4402-1:20.04 (focal) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.15″ TARGET=”_blank”>USN-4402-1:16.04 (Xenial) on src (libcurl3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.9″ TARGET=”_blank”>USN-4402-1:18.04 (bionic) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.15″ TARGET=”_blank”>USN-4402-1:16.04 (Xenial) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.15″ TARGET=”_blank”>USN-4402-1:16.04 (Xenial) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.65.3-1ubuntu3.1″ TARGET=”_blank”>USN-4402-1:19.10 (eoan) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.1″ TARGET=”_blank”>USN-4402-1:20.04 (focal) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.9″ TARGET=”_blank”>USN-4402-1:18.04 (bionic) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.15″ TARGET=”_blank”>USN-4402-1:16.04 (Xenial) on src (libcurl3-gnutls)</A>
Ubuntu <P>  An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-8169)<P> An attacker could possibly use this issue to overwrite a local file. (CVE-2020-8177)<P> Medium
197941 Ubuntu Security Notification for Glibc Vulnerabilities (USN-4416-1) <P> It was discovered that the GNU C Library incorrectly handled certain memory operations.
<P> It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations.
<P> It was discovered that the GNU C Library incorrectly handled certain pathname operations.
<P> It was discovered that the GNU C Library incorrectly handled certain AVX-512-optimized mempcpy operations.
<P> It was discovered that the GNU C Library incorrectly handled certain hostname loookups.
<P> It was discovered that the GNU C Library incorrectly handled certain memalign functions.
<P> It was discovered that the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions.
<P> It was discovered that the GNU C Library incorrectly handled certain regular expressions.
<P> It was discovered that the GNU C Library incorrectly handled certain bit patterns.
<P> It was discovered that the GNU C Library incorrectly handled certain signal trampolines on PowerPC.
<P> It was discovered that the GNU C Library incorrectly handled tilde expansion.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-July/005505.html” TARGET=”_blank”>USN-4416-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu11.2″ TARGET=”_blank”>USN-4416-1:16.04 (Xenial) on src (libc6)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/glibc/2.30-0ubuntu2.2″ TARGET=”_blank”>USN-4416-1:19.10 (eoan) on src (libc6)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/glibc/2.27-3ubuntu1.2″ TARGET=”_blank”>USN-4416-1:18.04 (bionic) on src (libc6)</A>
Ubuntu <P>  A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133)<P>  A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269)<P>  A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11236)<P>  A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237)<P>  A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19591)<P>  A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485)<P>  A local attacker could use this issue to bypass ASLR restrictions. (CVE-2019-19126)<P>  A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9169)<P>  A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029)<P>  A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1751)<P>  A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1752)<P> Medium
197990 Ubuntu Security Notification for Curl Vulnerability (USN-4466-1) <P> Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-August/005568.html” TARGET=”_blank”>USN-4466-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.2″ TARGET=”_blank”>USN-4466-1:20.04 (focal) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.10″ TARGET=”_blank”>USN-4466-1:18.04 (bionic) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.10″ TARGET=”_blank”>USN-4466-1:18.04 (bionic) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.16″ TARGET=”_blank”>USN-4466-1:16.04 (Xenial) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.16″ TARGET=”_blank”>USN-4466-1:16.04 (Xenial) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.10″ TARGET=”_blank”>USN-4466-1:18.04 (bionic) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.2″ TARGET=”_blank”>USN-4466-1:20.04 (focal) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.2″ TARGET=”_blank”>USN-4466-1:20.04 (focal) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.16″ TARGET=”_blank”>USN-4466-1:16.04 (Xenial) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.10″ TARGET=”_blank”>USN-4466-1:18.04 (bionic) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.2″ TARGET=”_blank”>USN-4466-1:20.04 (focal) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.16″ TARGET=”_blank”>USN-4466-1:16.04 (Xenial) on src (libcurl3)</A>
Ubuntu <P>  This could result in data being sent to the wrong destination, possibly exposing sensitive information.<P> Medium
198037 Ubuntu Security Notification for Gnupg2 Vulnerability (USN-4516-1) <P> It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-September/005626.html” TARGET=”_blank”>USN-4516-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/gnupg2/2.2.4-1ubuntu1.3″ TARGET=”_blank”>USN-4516-1:18.04 (bionic) on src (gnupg)</A>
Ubuntu <P>  This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option –allow-weak-key-signatures can be used to revert this behaviour.<P> Medium
198120 Ubuntu Security Notification for Perl Vulnerabilities (USN-4602-1) <P> It was discovered that Perl incorrectly handled certain regular expressions.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-October/005718.html” TARGET=”_blank”>USN-4602-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9″ TARGET=”_blank”>USN-4602-1:16.04 (Xenial) on src (perl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2″ TARGET=”_blank”>USN-4602-1:20.04 (focal) on src (perl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5″ TARGET=”_blank”>USN-4602-1:18.04 (bionic) on src (perl)</A>
Ubuntu <P>  In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)<P>  In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)<P>  In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)<P> Medium
198130 Ubuntu Security Notification for Ca-certificates Update (USN-4608-1) <P> The ca-certificates package contained outdated CA certificates.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-October/005730.html” TARGET=”_blank”>USN-4608-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20201027ubuntu0.18.04.1″ TARGET=”_blank”>USN-4608-1:18.04 (bionic) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20201027ubuntu0.20.10.1″ TARGET=”_blank”>USN-4608-1:20.10 (groovy) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20201027ubuntu0.20.04.1″ TARGET=”_blank”>USN-4608-1:20.04 (focal) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20201027ubuntu0.16.04.1″ TARGET=”_blank”>USN-4608-1:16.04 (Xenial) on src (ca-certificates)</A>
Ubuntu <P>  This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle.<P> Medium
198143 Ubuntu Security Notification for Openldap Vulnerability (USN-4622-1) <P> It was discovered that OpenLDAP incorrectly handled certain network packets.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-November/005747.html” TARGET=”_blank”>USN-4622-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.7″ TARGET=”_blank”>USN-4622-1:18.04 (bionic) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.1″ TARGET=”_blank”>USN-4622-1:20.10 (groovy) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.4″ TARGET=”_blank”>USN-4622-1:20.04 (focal) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.10″ TARGET=”_blank”>USN-4622-1:16.04 (Xenial) on src (slapd)</A>
Ubuntu <P>  A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code.<P> Medium
198155 Ubuntu Security Notification for Openldap Vulnerabilities (USN-4634-1) <P> It was discovered that OpenLDAP incorrectly handled certain malformed inputs.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-November/005763.html” TARGET=”_blank”>USN-4634-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.8″ TARGET=”_blank”>USN-4634-1:18.04 (bionic) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.2″ TARGET=”_blank”>USN-4634-1:20.10 (groovy) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.5″ TARGET=”_blank”>USN-4634-1:20.04 (focal) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.11″ TARGET=”_blank”>USN-4634-1:16.04 (Xenial) on src (slapd)</A>
Ubuntu <P>  A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service.<P> Medium
198156 Ubuntu Security Notification for Krb5 Vulnerability (USN-4635-1) <P> It was discovered that Kerberos incorrectly handled certain ASN.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-November/005764.html” TARGET=”_blank”>USN-4635-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkrad0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libk5crypto3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkdb5-9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkrb5-3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-pkinit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-locales)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-admin-server)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkdb5-8)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkrb5support0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-kpropd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkadm5clnt-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libgssapi-krb5-2)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkadm5srv-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-pkinit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-kdc)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-otp)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-pkinit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libgssapi-krb5-2)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libgssrpc4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkadm5clnt-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-locales)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libgssapi-krb5-2)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkdb5-9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkdb5-9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-kpropd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-kdc-ldap)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-kdc-ldap)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkadm5srv-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libgssrpc4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-kdc)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkadm5clnt-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-kdc-ldap)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkadm5srv-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-otp)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-kdc-ldap)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-user)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkrb5-3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkrad0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-kdc)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libgssapi-krb5-2)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libgssrpc4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-multidev)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkrad0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-user)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-user)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-admin-server)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkadm5srv-mit9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkrb5support0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libk5crypto3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-k5tls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libk5crypto3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkrb5-3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-k5tls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-k5tls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-user)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-otp)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-multidev)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkrb5support0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkadm5clnt-mit9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-admin-server)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkrb5-3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-pkinit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-kdc)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-locales)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libgssrpc4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-locales)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libk5crypto3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-admin-server)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkrad0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-kpropd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-k5tls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-multidev)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-otp)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkrb5support0)</A>
Ubuntu <P> An attacker could possibly use this issue to cause a denial of service.<P> Medium
198184 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-4662-1) <P> It was discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-December/005798.html” TARGET=”_blank”>USN-4662-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.7″ TARGET=”_blank”>USN-4662-1:18.04 (bionic) on src (libssl1.0.0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.1″ TARGET=”_blank”>USN-4662-1:20.10 (groovy) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.1″ TARGET=”_blank”>USN-4662-1:20.04 (focal) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.7″ TARGET=”_blank”>USN-4662-1:18.04 (bionic) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.5″ TARGET=”_blank”>USN-4662-1:16.04 (Xenial) on src (libssl1.0.0)</A>
Ubuntu <P>  A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.<P> Medium
198187 Ubuntu Security Notification for Curl Vulnerabilities (USN-4665-1) <P> It was discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option.
<P> It was discovered that curl incorrectly handled FTP PASV responses.
<P> It was discovered that curl incorrectly handled FTP wildcard matchins.
<P> It was discovered that curl incorrectly handled OCSP response verification.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-December/005799.html” TARGET=”_blank”>USN-4665-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4″ TARGET=”_blank”>USN-4665-1:20.04 (focal) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4″ TARGET=”_blank”>USN-4665-1:20.04 (focal) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12″ TARGET=”_blank”>USN-4665-1:18.04 (bionic) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12″ TARGET=”_blank”>USN-4665-1:18.04 (bionic) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2″ TARGET=”_blank”>USN-4665-1:20.10 (groovy) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4″ TARGET=”_blank”>USN-4665-1:20.04 (focal) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2″ TARGET=”_blank”>USN-4665-1:20.10 (groovy) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2″ TARGET=”_blank”>USN-4665-1:20.10 (groovy) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18″ TARGET=”_blank”>USN-4665-1:16.04 (Xenial) on src (libcurl3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12″ TARGET=”_blank”>USN-4665-1:18.04 (bionic) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18″ TARGET=”_blank”>USN-4665-1:16.04 (Xenial) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18″ TARGET=”_blank”>USN-4665-1:16.04 (Xenial) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4″ TARGET=”_blank”>USN-4665-1:20.04 (focal) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2″ TARGET=”_blank”>USN-4665-1:20.10 (groovy) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12″ TARGET=”_blank”>USN-4665-1:18.04 (bionic) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18″ TARGET=”_blank”>USN-4665-1:16.04 (Xenial) on src (libcurl3-gnutls)</A>
Ubuntu <P>  This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. (CVE-2020-8231)<P>  An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284)<P>  A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285)<P> A remote attacker could possibly use this issue to provide a fraudulent OCSP response. (CVE-2020-8286)<P> Medium
198189 Ubuntu Security Notification for Apt Vulnerability (USN-4667-1) <P> It was discovered that APT incorrectly handled certain packages.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-December/005802.html” TARGET=”_blank”>USN-4667-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.6.12ubuntu0.2″ TARGET=”_blank”>USN-4667-1:18.04 (bionic) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/2.1.10ubuntu0.1″ TARGET=”_blank”>USN-4667-1:20.10 (groovy) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/2.0.2ubuntu0.2″ TARGET=”_blank”>USN-4667-1:20.04 (focal) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.2.32ubuntu0.2″ TARGET=”_blank”>USN-4667-1:16.04 (Xenial) on src (apt)</A>
Ubuntu <P> A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service.<P> Medium
198203 Ubuntu Security Notification for P11-kit Vulnerabilities (USN-4677-1) <P> It was discovered that p11-kit incorrectly handled certain memory operations.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-January/005819.html” TARGET=”_blank”>USN-4677-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.21-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.10 (groovy) on src (p11-kit-modules)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.20-1ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.04 (focal) on src (p11-kit-modules)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.20-1ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.04 (focal) on src (p11-kit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.2-5~ubuntu16.04.2″ TARGET=”_blank”>USN-4677-1:16.04 (Xenial) on src (p11-kit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.2-5~ubuntu16.04.2″ TARGET=”_blank”>USN-4677-1:16.04 (Xenial) on src (p11-kit-modules)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.9-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:18.04 (bionic) on src (libp11-kit0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.21-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.10 (groovy) on src (p11-kit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.21-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.10 (groovy) on src (libp11-kit0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.9-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:18.04 (bionic) on src (p11-kit-modules)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.9-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:18.04 (bionic) on src (p11-kit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.20-1ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.04 (focal) on src (libp11-kit0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.2-5~ubuntu16.04.2″ TARGET=”_blank”>USN-4677-1:16.04 (Xenial) on src (libp11-kit0)</A>
Ubuntu <P>  An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code.<P> Medium
198219 Ubuntu Security Notification for Tar Vulnerabilities (USN-4692-1) <P> It was discovered that tar incorrectly handled extracting files resized during extraction when invoked with the –sparse flag.
<P> It was discovered that tar incorrectly handled certain malformed tar files.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-January/005839.html” TARGET=”_blank”>USN-4692-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/tar/1.29b-2ubuntu0.2″ TARGET=”_blank”>USN-4692-1:18.04 (bionic) on src (tar)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/tar/1.30+dfsg-7ubuntu0.20.10.1″ TARGET=”_blank”>USN-4692-1:20.10 (groovy) on src (tar)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/tar/1.30+dfsg-7ubuntu0.20.04.1″ TARGET=”_blank”>USN-4692-1:20.04 (focal) on src (tar)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/tar/1.28-2.1ubuntu0.2″ TARGET=”_blank”>USN-4692-1:16.04 (Xenial) on src (tar)</A>
Ubuntu <P>  An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20482)<P>  If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. (CVE-2019-9923)<P> Medium
198248 Ubuntu Security Notification for Ca-certificates Update (USN-4719-1) <P> The ca-certificates package contained outdated CA certificates.
<P> This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle.<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-February/005874.html” TARGET=”_blank”>USN-4719-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20210119~18.04.1″ TARGET=”_blank”>USN-4719-1:18.04 (bionic) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20210119~20.10.1″ TARGET=”_blank”>USN-4719-1:20.10 (groovy) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20210119~20.04.1″ TARGET=”_blank”>USN-4719-1:20.04 (focal) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20210119~16.04.1″ TARGET=”_blank”>USN-4719-1:16.04 (Xenial) on src (ca-certificates)</A>
Ubuntu It can cause confidentiality issues. Medium
198253 Ubuntu Security Notification for Openldap Vulnerabilities (USN-4724-1) <P> It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing.
<P> It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
<P> It was discovered that OpenLDAP incorrectly handled Return Filter control handling.
<P> It was discovered that OpenLDAP incorrectly handled certain cancel operations.
<P> It was discovered that OpenLDAP incorrectly handled Certificate List Extract Assertion processing.
<P> It was discovered that OpenLDAP incorrectly handled X.509 DN parsing.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-February/005878.html” TARGET=”_blank”>USN-4724-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.9″ TARGET=”_blank”>USN-4724-1:18.04 (bionic) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.3″ TARGET=”_blank”>USN-4724-1:20.10 (groovy) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.6″ TARGET=”_blank”>USN-4724-1:20.04 (focal) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.12″ TARGET=”_blank”>USN-4724-1:16.04 (Xenial) on src (slapd)</A>
Ubuntu <P>  A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)<P> A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)<P>  A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36223)<P>  A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36227)<P>  A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36228)<P>  A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230)<P> Medium
198268 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-4738-1) <P> It was discovered that OpenSSL incorrectly handled certain input lengths in EVP functions.
<P> It was discovered that OpenSSL incorrectly handled parsing issuer fields.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-February/005896.html” TARGET=”_blank”>USN-4738-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.8″ TARGET=”_blank”>USN-4738-1:18.04 (bionic) on src (libssl1.0.0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.2″ TARGET=”_blank”>USN-4738-1:20.10 (groovy) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.2″ TARGET=”_blank”>USN-4738-1:20.04 (focal) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.8″ TARGET=”_blank”>USN-4738-1:18.04 (bionic) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.6″ TARGET=”_blank”>USN-4738-1:16.04 (Xenial) on src (libssl1.0.0)</A>
Ubuntu <P>  A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23840)<P>  A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841)<P> Medium
198274 Ubuntu Security Notification for Openldap Vulnerability (USN-4744-1) <P> It was discovered that OpenLDAP incorrectly handled certain short timestamps.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-February/005902.html” TARGET=”_blank”>USN-4744-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.10″ TARGET=”_blank”>USN-4744-1:18.04 (bionic) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.4″ TARGET=”_blank”>USN-4744-1:20.10 (groovy) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.7″ TARGET=”_blank”>USN-4744-1:20.04 (focal) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.13″ TARGET=”_blank”>USN-4744-1:16.04 (Xenial) on src (slapd)</A>
Ubuntu <P>  A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service.<P> Medium
198289 Ubuntu Security Notification for Libzstd Vulnerabilities (USN-4760-1) <P> It was discovered that libzstd incorrectly handled file permissions.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005923.html” TARGET=”_blank”>USN-4760-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.4.4+dfsg-3ubuntu0.1″ TARGET=”_blank”>USN-4760-1:20.04 (focal) on src (libzstd1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.3.3+dfsg-2ubuntu1.2″ TARGET=”_blank”>USN-4760-1:18.04 (bionic) on src (zstd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.4.5+dfsg-4ubuntu0.1″ TARGET=”_blank”>USN-4760-1:20.10 (groovy) on src (libzstd1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.4.5+dfsg-4ubuntu0.1″ TARGET=”_blank”>USN-4760-1:20.10 (groovy) on src (zstd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.4.4+dfsg-3ubuntu0.1″ TARGET=”_blank”>USN-4760-1:20.04 (focal) on src (zstd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.3.3+dfsg-2ubuntu1.2″ TARGET=”_blank”>USN-4760-1:18.04 (bionic) on src (libzstd1)</A>
Ubuntu <P>  A local attacker could possibly use this issue to access certain files, contrary to expectations.<P> Medium
198310 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-4891-1) <P> It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005947.html” TARGET=”_blank”>USN-4891-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.9″ TARGET=”_blank”>USN-4891-1:18.04 (bionic) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.3″ TARGET=”_blank”>USN-4891-1:20.10 (groovy) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.3″ TARGET=”_blank”>USN-4891-1:20.04 (focal) on src (libssl1.1)</A>
Ubuntu <P>  A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.<P> Medium
198316 Ubuntu Security Notification for Curl Vulnerabilities (USN-4898-1) <P> It was discovered that curl did not strip off user credentials from referrer header fields.
<P> It was discovered that curl incorrectly handled session tickets when using an HTTPS proxy.
<P>
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005955.html” TARGET=”_blank”>USN-4898-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5″ TARGET=”_blank”>USN-4898-1:20.04 (focal) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5″ TARGET=”_blank”>USN-4898-1:20.04 (focal) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13″ TARGET=”_blank”>USN-4898-1:18.04 (bionic) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13″ TARGET=”_blank”>USN-4898-1:18.04 (bionic) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3″ TARGET=”_blank”>USN-4898-1:20.10 (groovy) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5″ TARGET=”_blank”>USN-4898-1:20.04 (focal) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3″ TARGET=”_blank”>USN-4898-1:20.10 (groovy) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3″ TARGET=”_blank”>USN-4898-1:20.10 (groovy) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19″ TARGET=”_blank”>USN-4898-1:16.04 (Xenial) on src (libcurl3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13″ TARGET=”_blank”>USN-4898-1:18.04 (bionic) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19″ TARGET=”_blank”>USN-4898-1:16.04 (Xenial) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19″ TARGET=”_blank”>USN-4898-1:16.04 (Xenial) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5″ TARGET=”_blank”>USN-4898-1:20.04 (focal) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3″ TARGET=”_blank”>USN-4898-1:20.10 (groovy) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13″ TARGET=”_blank”>USN-4898-1:18.04 (bionic) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19″ TARGET=”_blank”>USN-4898-1:16.04 (Xenial) on src (libcurl3-gnutls)</A>
Ubuntu <P>  A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-22876)<P>  A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890)<P> Medium
198322 Ubuntu Security Notification for Nettle vulnerability (USN-4906-1) Nettle incorrectly handled signature verification<BR> Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/4906-1″ TARGET=”_blank”>USN-4906-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://usn.ubuntu.com/4906-1″ TARGET=”_blank”>USN-4906-1:Ubuntu Linux</A>
Ubuntu A remote attacker could use this issue to cause Nettle to crash, resulting
in a denial of service, or possibly force invalid signatures<BR><BR>
Medium
198387 Ubuntu Security Notification for LZ4 vulnerability (USN-4968-1) Lz4 incorrectly handled certain memory operations.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/4968-1″ TARGET=”_blank”>USN-4968-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://usn.ubuntu.com/4968-1″ TARGET=”_blank”>USN-4968-1:Ubuntu Linux</A>
Ubuntu   if a user or automated system were tricked into uncompressing a specially-  crafted lz4 file, a remote attacker could use this issue to cause lz4 to  crash, resulting in a denial of service, or possibly execute arbitrary  code..<BR> Medium
198408 Ubuntu Security Notification for Nettle vulnerabilities (USN-4990-1) Nettle incorrectly handled rsa decryption.<BR> Nettle incorrectly handled certain padding oracles.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/4990-1″ TARGET=”_blank”>USN-4990-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://usn.ubuntu.com/4990-1″ TARGET=”_blank”>USN-4990-1:Ubuntu Linux</A>
Ubuntu  a remote  attacker could possibly use this issue to cause nettle to crash, resulting  in a denial of service. (<BR><A TARGET=”_blank” HREF=”https://ubuntu.com//security/cve-2021-3580″>cve-2021-3580</A>).<BR> a remote attacker could possibly use this issue to perform a variant of the  bleichenbacher attack.<BR>This issue only affected ubuntu 18.04 lts.<BR> (<A TARGET=”_blank” HREF=”https://ubuntu.com//security/cve-2018-16869″>cve-2018-16869</A>).<BR> Medium
198434 Ubuntu Security Notification for systemd vulnerabilities (USN-5013-1) Systemd incorrectly handled certain mount paths.<BR> Systemd incorrectly handled dhcp forcerenew packets.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/5013-1″ TARGET=”_blank”>USN-5013-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://usn.ubuntu.com/5013-1″ TARGET=”_blank”>USN-5013-1:Ubuntu Linux</A>
Ubuntu  a local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. (<BR>Cve-2021-33910).<BR>A remote attacker could possibly use this issue to reconfigure servers. (Cve-2020-13529).<BR> Medium
198441 Ubuntu Security Notification for curl vulnerabilities (USN-5021-1) Curl incorrectly handled telnet connections when the -t option was used on the command line.<BR> Curl incorrectly reused connections in the connection pool.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/5021-1″ TARGET=”_blank”>USN-5021-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://usn.ubuntu.com/5021-1″ TARGET=”_blank”>USN-5021-1:Ubuntu Linux</A>
Ubuntu  uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (<BR>Cve-2021-22898, cve-2021-22925).<BR>This could result in curl reusing the wrong connections.<BR> (cve-2021-22924).<BR> Medium
198469 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5051-1) Openssl incorrectly handled decrypting sm2 data.<BR> Openssl incorrectly handled certain asn.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/5051-1″ TARGET=”_blank”>USN-5051-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://usn.ubuntu.com/5051-1″ TARGET=”_blank”>USN-5051-1:Ubuntu Linux</A>
Ubuntu  a remote attacker could use this issue to cause applications using openssl to crash, resulting in a denial of service, or possibly change application behaviour. (<BR>Cve-2021-3711).1 strings.<BR>A remote attacker could use this issue to cause openssl to crash, resulting in a denial of service, or possibly obtain sensitive information.<BR> (cve-2021-3712).<BR> Medium
198501 Ubuntu Security Notification for curl Vulnerabilities (USN-5079-1) Curl incorrect handled memory when sending data to an mqtt server.<BR> Curl incorrectly handled upgrades to tls.<BR> Curl incorrectly handled responses received before starttls.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Ubuntu advisory: <A HREF=”https://ubuntu.com/security/notices/USN-5079-1″ TARGET=”_blank”>USN-5079-1</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5079-1″ TARGET=”_blank”>USN-5079-1:Ubuntu Linux</A>
Ubuntu  a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (<BR>Cve-2021-22945).<BR> when receiving certain responses from servers, curl would continue without tls even when the option to require a successful upgrade to tls was specified. (<BR>Cve-2021-22946).<BR>A remote attacker could possibly use this issue to inject responses and intercept communications. (<BR>Cve-2021-22947).<BR> Medium
198508 Ubuntu Security Notification for curl Vulnerabilities (USN-5079-3) Usn-5079-1 fixed vulnerabilities in curlcurl incorrect handled memory when sending data to an mqtt server.<BR> Curl incorrectly handled upgrades to tls.<BR> Curl incorrectly handled responses received before starttls.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Refer to Ubuntu advisory: <A HREF=”https://ubuntu.com/security/notices/USN-5079-3″ TARGET=”_blank”>USN-5079-3</A> for affected packages and patching details, or update with your package manager.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5079-3″ TARGET=”_blank”>USN-5079-3:Ubuntu Linux</A>
Ubuntu  one of the fixes introduced a regression on ubuntu 18.04 lts.<BR>This update fixes the problem.<BR>A remote attacker could use this issue to cause curl to  crash, resulting in a denial of service, or possibly execute arbitrary  code. (<BR>Cve-2021-22945).<BR>  when receiving certain responses from servers, curl would continue without  tls even when the option to require a successful upgrade to tls was  specified. (<BR>Cve-2021-22946).<BR>A remote attacker could possibly use this issue  to inject responses and intercept communications. (<BR>Cve-2021-22947).<BR> Medium
198646 Ubuntu Security Notification for shadow Vulnerabilities (USN-5254-1) Shadow incorrectly handled certain inputs.<BR>Shadow incorrectly handled certain inputs.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5254-1″ TARGET=”_blank”>USN-5254-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5254-1″ TARGET=”_blank”>USN-5254-1:Ubuntu Linux</A>
Ubuntu An attacker could possibly use this issue to cause a crash orexpose sensitive information.<BR>An attacker could possibly use this issue to expose sensitive information.<BR> High
198675 Ubuntu Security Notification for Cyrus SASL Vulnerability (USN-5301-1) The cyrus sasl sql plugin incorrectly handled sqlinput.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5301-1″ TARGET=”_blank”>USN-5301-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5301-1″ TARGET=”_blank”>USN-5301-1:Ubuntu Linux</A>
Ubuntu A remote attacker could use this issue to execute arbitrary sqlcommands.<BR> Medium
198685 Ubuntu Security Notification for GNU C Library Vulnerabilities (USN-5310-1) The gnu c libraryiconv feature incorrectly handled certain input sequences.<BR>The gnu c libraryincorrectly handled signed comparisons on armv7 targets.<BR>The gnu c library nscd daemon incorrectly handledcertain netgroup lookups.<BR>The gnu c library wordexp function incorrectlyhandled certain patterns.<BR>The gnu c library realpath function incorrectlyhandled return values.<BR>The gnu c library getcwd function incorrectlyhandled buffers.<BR>The gnu c library sunrpc module incorrectly handledbuffer lengths.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5310-1″ TARGET=”_blank”>USN-5310-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5310-1″ TARGET=”_blank”>USN-5310-1:Ubuntu Linux</A>
Ubuntu An attackercould possibly use this issue to cause the gnu c library to hang or crash,resulting in a denial of service.<BR>A remote attackercould use this issue to cause the gnu c library to crash, resulting in adenial of service, or possibly execute arbitrary code.<BR>An attacker could possibly use this issue tocause the gnu c library to crash, resulting in a denial of service.<BR>An attacker could use this issue to cause thegnu c library to crash, resulting in a denial of service, or possiblyobtain sensitive information.<BR>An attacker could possibly use this issue to obtainsensitive information.<BR>An attacker could use this issue to cause the gnu clibrary to crash, resulting in a denial of service, or possibly executearbitrary code.<BR>An attacker could possibly use this issue to cause the gnuc library to crash, resulting in a denial of service.<BR> High
198702 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5328-1) Openssl incorrectly parsed certaincertificates.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5328-1″ TARGET=”_blank”>USN-5328-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5328-1″ TARGET=”_blank”>USN-5328-1:Ubuntu Linux</A>
Ubuntu A remote attacker could possibly use this issue to causeopenssh to stop responding, resulting in a denial of service.<BR> High
198703 Ubuntu Security Notification for tar Vulnerability (USN-5329-1) Tar incorrectly handled certain files.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5329-1″ TARGET=”_blank”>USN-5329-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5329-1″ TARGET=”_blank”>USN-5329-1:Ubuntu Linux</A>
Ubuntu An attacker could possibly use this issue to cause tar to crash,resulting in a denial of service.<BR> Medium
198720 Ubuntu Security Notification for zlib Vulnerability (USN-5355-1) Zlib incorrectly handled memory whenperforming certain deflating operations.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5355-1″ TARGET=”_blank”>USN-5355-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5355-1″ TARGET=”_blank”>USN-5355-1:Ubuntu Linux</A>
Ubuntu An attacker could use this issueto cause zlib to crash, resulting in a denial of service, or possiblyexecute arbitrary code.<BR> High
198742 Ubuntu Security Notification for Gzip Vulnerability (USN-5378-1) Gzip incorrectly handled certainfilenames.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5378-1″ TARGET=”_blank”>USN-5378-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5378-1″ TARGET=”_blank”>USN-5378-1:Ubuntu Linux</A>
Ubuntu If a user or automated system were tricked into performing zgrepoperations with specially crafted filenames, a remote attacker couldoverwrite arbitrary files.<BR> High
198743 Ubuntu Security Notification for XZ Utils Vulnerability (USN-5378-2) Xz utils incorrectly handled certainfilenames.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5378-2″ TARGET=”_blank”>USN-5378-2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5378-2″ TARGET=”_blank”>USN-5378-2:Ubuntu Linux</A>
Ubuntu If a user or automated system were tricked into performingxzgrep operations with specially crafted filenames, a remote attacker couldoverwrite arbitrary files.<BR> High
198748 Ubuntu Security Notification for Bash Vulnerability (USN-5380-1) Bash did not properly drop privilegeswhen the binary had the setuid bit enabled.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5380-1″ TARGET=”_blank”>USN-5380-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5380-1″ TARGET=”_blank”>USN-5380-1:Ubuntu Linux</A>
Ubuntu An attacker couldpossibly use this issue to escalate privileges.<BR> High
198754 Ubuntu Security Notification for libsepol Vulnerabilities (USN-5391-1) Libsepol incorrectly handled memorywhen handling policies.<BR>Libsepol incorrectly handled memory whenhandling policies.<BR>Libsepol incorrectly handled memory whenhandling policies.<BR>Libsepol incorrectly validated certain data,leading to a heap overflow.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5391-1″ TARGET=”_blank”>USN-5391-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5391-1″ TARGET=”_blank”>USN-5391-1:Ubuntu Linux</A>
Ubuntu An attacker could possibly use this issueto cause a crash, resulting in a denial of service, or possiblyexecute arbitrary code.<BR>An attacker could possibly use this issue to causea crash, resulting in a denial of service, or possibly executearbitrary code.<BR>An attacker could possibly use this issue to causea crash, resulting in a denial of service, or possibly executearbitrary code.<BR>An attacker could possibly use this issueto cause a crash, resulting in a denial of service, or possibly executearbitrary code.<BR> Medium
198759 Ubuntu Security Notification for curl Vulnerabilities (USN-5397-1) Curl incorrectly handled certain oauth2.<BR>Curl incorrectly handled certain requests.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5397-1″ TARGET=”_blank”>USN-5397-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5397-1″ TARGET=”_blank”>USN-5397-1:Ubuntu Linux</A>
Ubuntu An attacker could possibly use this issue to access sensitive information.<BR>An attacker could possibly use this issue to expose sensitive information.<BR>(cve-2022-27774, cve-2022-27775, cve-2022-27776).<BR> High
198771 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5402-1) Openssl incorrectly handled the c_rehashscript.<BR>Openssl incorrectly verified certain responsesigning certificates.<BR>Openssl used the incorrect mac key in therc4-md5 ciphersuite.<BR>Openssl incorrectly handled resources whendecoding certificates and keys.<BR> Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5402-1″ TARGET=”_blank”>USN-5402-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5402-1″ TARGET=”_blank”>USN-5402-1:Ubuntu Linux</A>
Ubuntu A local attacker could possibly use this issue to execute arbitrarycommands when c_rehash is run.<BR>A remote attacker could possibly use this issue tospoof certain response signing certificates.<BR>In non-default configurations were rc4-md5 is enabled,a remote attacker could possibly use this issue to modify encryptedcommunications.<BR>A remote attacker could possibly use thisissue to cause openssl to consume resources, leading to a denial ofservice.<BR> High
198773 Ubuntu Security Notification for SQLite Vulnerability (USN-5403-1) Ubuntu has released a security update for sqlite to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5403-1″ TARGET=”_blank”>USN-5403-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5403-1″ TARGET=”_blank”>USN-5403-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198780 Ubuntu Security Notification for curl Vulnerabilities (USN-5412-1) Ubuntu has released a security update for curl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5412-1″ TARGET=”_blank”>USN-5412-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5412-1″ TARGET=”_blank”>USN-5412-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198789 Ubuntu Security Notification for PCRE Vulnerabilities (USN-5425-1) Ubuntu has released a security update for pcre to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5425-1″ TARGET=”_blank”>USN-5425-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5425-1″ TARGET=”_blank”>USN-5425-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198791 Ubuntu Security Notification for OpenLDAP Vulnerability (USN-5424-1) Ubuntu has released a security update for openldap to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5424-1″ TARGET=”_blank”>USN-5424-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5424-1″ TARGET=”_blank”>USN-5424-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198805 Ubuntu Security Notification for dpkg Vulnerability (USN-5446-1) Ubuntu has released a security update for dpkg to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5446-1″ TARGET=”_blank”>USN-5446-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5446-1″ TARGET=”_blank”>USN-5446-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198808 Ubuntu Security Notification for GnuPG Vulnerability (USN-5431-1) Ubuntu has released a security update for gnupg to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5431-1″ TARGET=”_blank”>USN-5431-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5431-1″ TARGET=”_blank”>USN-5431-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198819 Ubuntu Security Notification for E2fsprogs Vulnerability (USN-5464-1) Ubuntu has released a security update for e2fsprogs to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5464-1″ TARGET=”_blank”>USN-5464-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5464-1″ TARGET=”_blank”>USN-5464-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198839 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5488-1) Ubuntu has released a security update for openssl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5488-1″ TARGET=”_blank”>USN-5488-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5488-1″ TARGET=”_blank”>USN-5488-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198842 Ubuntu Security Notification for curl Vulnerabilities (USN-5495-1) Ubuntu has released a security update for curl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5495-1″ TARGET=”_blank”>USN-5495-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5495-1″ TARGET=”_blank”>USN-5495-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198848 Ubuntu Security Notification for GnuPG Vulnerability (USN-5503-1) Ubuntu has released a security update for gnupg to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5503-1″ TARGET=”_blank”>USN-5503-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5503-1″ TARGET=”_blank”>USN-5503-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198850 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5502-1) Ubuntu has released a security update for openssl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5502-1″ TARGET=”_blank”>USN-5502-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5502-1″ TARGET=”_blank”>USN-5502-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198887 Ubuntu Security Notification for GnuTLS Vulnerabilities (USN-5550-1) Ubuntu has released a security update for gnutls to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5550-1″ TARGET=”_blank”>USN-5550-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5550-1″ TARGET=”_blank”>USN-5550-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198903 Ubuntu Security Notification for zlib Vulnerability (USN-5570-1) Ubuntu has released a security update for zlib to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5570-1″ TARGET=”_blank”>USN-5570-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5570-1″ TARGET=”_blank”>USN-5570-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198914 Ubuntu Security Notification for systemd Vulnerability (USN-5583-1) Ubuntu has released a security update for systemd to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5583-1″ TARGET=”_blank”>USN-5583-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5583-1″ TARGET=”_blank”>USN-5583-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198918 Ubuntu Security Notification for curl Vulnerability (USN-5587-1) Ubuntu has released a security update for curl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5587-1″ TARGET=”_blank”>USN-5587-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5587-1″ TARGET=”_blank”>USN-5587-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198940 Ubuntu Security Notification for SQLite Vulnerabilities (USN-5615-1) Ubuntu has released a security update for sqlite to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5615-1″ TARGET=”_blank”>USN-5615-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5615-1″ TARGET=”_blank”>USN-5615-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198955 Ubuntu Security Notification for PCRE Vulnerabilities (USN-5627-1) Ubuntu has released a security update for pcre to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5627-1″ TARGET=”_blank”>USN-5627-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5627-1″ TARGET=”_blank”>USN-5627-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198983 Ubuntu Security Notification for GMP Vulnerability (USN-5672-1) Ubuntu has released a security update for gmp to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5672-1″ TARGET=”_blank”>USN-5672-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5672-1″ TARGET=”_blank”>USN-5672-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198986 Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5675-1) Ubuntu has released a security update for heimdal to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5675-1″ TARGET=”_blank”>USN-5675-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5675-1″ TARGET=”_blank”>USN-5675-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198991 Ubuntu Security Notification for zlib Vulnerability (USN-5570-2) Ubuntu has released a security update for zlib to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5570-2″ TARGET=”_blank”>USN-5570-2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5570-2″ TARGET=”_blank”>USN-5570-2:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
198998 Ubuntu Security Notification for Perl Vulnerability (USN-5689-1) Ubuntu has released a security update for perl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5689-1″ TARGET=”_blank”>USN-5689-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5689-1″ TARGET=”_blank”>USN-5689-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199008 Ubuntu Security Notification for curl Vulnerabilities (USN-5702-1) Ubuntu has released a security update for curl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5702-1″ TARGET=”_blank”>USN-5702-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5702-1″ TARGET=”_blank”>USN-5702-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199018 Ubuntu Security Notification for SQLite Vulnerability (USN-5716-1) Ubuntu has released a security update for sqlite to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5716-1″ TARGET=”_blank”>USN-5716-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5716-1″ TARGET=”_blank”>USN-5716-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199049 Ubuntu Security Notification for shadow Vulnerability (USN-5745-1) Ubuntu has released a security update for shadow to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5745-1″ TARGET=”_blank”>USN-5745-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5745-1″ TARGET=”_blank”>USN-5745-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
199067 Ubuntu Security Notification for Heimdal Vulnerability (USN-5766-1) Ubuntu has released a security update for heimdal to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5766-1″ TARGET=”_blank”>USN-5766-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5766-1″ TARGET=”_blank”>USN-5766-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199083 Ubuntu Security Notification for Libksba Vulnerability (USN-5787-1) Ubuntu has released a security update for libksba to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5787-1″ TARGET=”_blank”>USN-5787-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5787-1″ TARGET=”_blank”>USN-5787-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199085 Ubuntu Security Notification for curl Vulnerabilities (USN-5788-1) Ubuntu has released a security update for curl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5788-1″ TARGET=”_blank”>USN-5788-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5788-1″ TARGET=”_blank”>USN-5788-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199102 Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5800-1) Ubuntu has released a security update for heimdal to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5800-1″ TARGET=”_blank”>USN-5800-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5800-1″ TARGET=”_blank”>USN-5800-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199131 Ubuntu Security Notification for PAM Vulnerability (USN-5825-1) Ubuntu has released a security update for pam to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5825-1″ TARGET=”_blank”>USN-5825-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5825-1″ TARGET=”_blank”>USN-5825-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199133 Ubuntu Security Notification for Kerberos Vulnerabilities (USN-5828-1) Ubuntu has released a security update for kerberos to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5828-1″ TARGET=”_blank”>USN-5828-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5828-1″ TARGET=”_blank”>USN-5828-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199150 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5844-1) Ubuntu has released a security update for openssl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5844-1″ TARGET=”_blank”>USN-5844-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5844-1″ TARGET=”_blank”>USN-5844-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199152 Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5849-1) Ubuntu has released a security update for heimdal to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5849-1″ TARGET=”_blank”>USN-5849-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5849-1″ TARGET=”_blank”>USN-5849-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199191 Ubuntu Security Notification for curl Vulnerabilities (USN-5891-1) Ubuntu has released a security update for curl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5891-1″ TARGET=”_blank”>USN-5891-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5891-1″ TARGET=”_blank”>USN-5891-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199199 Ubuntu Security Notification for tar Vulnerability (USN-5900-1) Ubuntu has released a security update for tar to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5900-1″ TARGET=”_blank”>USN-5900-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5900-1″ TARGET=”_blank”>USN-5900-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199221 Ubuntu Security Notification for systemd Vulnerabilities (USN-5928-1) Ubuntu has released a security update for systemd to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5928-1″ TARGET=”_blank”>USN-5928-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5928-1″ TARGET=”_blank”>USN-5928-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
199244 Ubuntu Security Notification for Kerberos Vulnerabilities (USN-5959-1) Ubuntu has released a security update for kerberos to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5959-1″ TARGET=”_blank”>USN-5959-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5959-1″ TARGET=”_blank”>USN-5959-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
199246 Ubuntu Security Notification for curl Vulnerabilities (USN-5964-1) Ubuntu has released a security update for curl to fix the vulnerabilities. Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5964-1″ TARGET=”_blank”>USN-5964-1</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://ubuntu.com/security/notices/USN-5964-1″ TARGET=”_blank”>USN-5964-1:Ubuntu Linux</A>
Ubuntu Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
257112 CentOS Security Update for bind (CESA-2021:3325) CentOS has released security update for bind security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-September/048361.html” TARGET=”_blank”>&gt;centos 7</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-September/048361.html” TARGET=”_blank”>CESA-2021:3325:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. Medium
257124 CentOS Security Update for libxml2 (CESA-2021:3810) CentOS has released security update for libxml2 security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048378.html” TARGET=”_blank”>&gt;centos 7</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048378.html” TARGET=”_blank”>CESA-2021:3810: centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. High
257124 CentOS Security Update for libxml2 (CESA-2021:3810) CentOS has released security update for libxml2 security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048378.html” TARGET=”_blank”>&gt;centos 7</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048378.html” TARGET=”_blank”>CESA-2021:3810:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. High
257128 CentOS Security Update for Open Secure Sockets Layer (OpenSSL) (CESA-2021:3798) CentOS has released security update for openssl security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048384.html” TARGET=”_blank”>&gt;centos 7</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048384.html” TARGET=”_blank”>CESA-2021:3798:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. Medium
257129 CentOS Security Update for binutils (CESA-2021:4033) CentOS has released security update for binutils security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048395.html” TARGET=”_blank”>&gt;centos 7</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048395.html” TARGET=”_blank”>CESA-2021:4033: centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. Medium
257129 CentOS Security Update for binutils (CESA-2021:4033) CentOS has released security update for binutils security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048395.html” TARGET=”_blank”>&gt;centos 7</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048395.html” TARGET=”_blank”>CESA-2021:4033:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. Medium
257130 CentOS Security Update for rpm (CESA-2021:4785) CentOS has released a security update for rpm security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048415.html” TARGET=”_blank”>CESA-2021:4785</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048415.html” TARGET=”_blank”>CESA-2021:4785: centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
257130 CentOS Security Update for rpm (CESA-2021:4785) CentOS has released a security update for rpm security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048415.html” TARGET=”_blank”>CESA-2021:4785</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048415.html” TARGET=”_blank”>CESA-2021:4785:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
257133 CentOS Security Update for krb5 (CESA-2021:4788) CentOS has released a security update for krb5 security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048422.html” TARGET=”_blank”>CESA-2021:4788</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048422.html” TARGET=”_blank”>CESA-2021:4788:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
257135 CentOS Security Update for nss (CESA-2021:4904) CentOS has released a security update for nss security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/060972.html” TARGET=”_blank”>CESA-2021:4904</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/060972.html” TARGET=”_blank”>CESA-2021:4904:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
257135 CentOS Security Update for nss (CESA-2021:4904) CentOS has released a security update for nss security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/060972.html” TARGET=”_blank”>CESA-2021:4904</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/060972.html” TARGET=”_blank”>CESA-2021:4904: centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
257157 CentOS Security Update for openldap (CESA-2022:0621) CentOS has released a security update for openldap security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-February/073566.html” TARGET=”_blank”>CESA-2022:0621</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-February/073566.html” TARGET=”_blank”>CESA-2022:0621:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
257159 CentOS Security Update for cyrus-sasl (CESA-2022:0666) CentOS has released a security update for cyrus-sasl security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-February/073559.html” TARGET=”_blank”>CESA-2022:0666</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-February/073559.html” TARGET=”_blank”>CESA-2022:0666:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
257160 CentOS Security Update for expat (CESA-2022:1069) CentOS has released a security update for expat security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-March/073580.html” TARGET=”_blank”>CESA-2022:1069</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-March/073580.html” TARGET=”_blank”>CESA-2022:1069:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
257163 CentOS Security Update for Open Secure Sockets Layer (OpenSSL) (CESA-2022:1066) CentOS has released a security update for openssl security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-March/073577.html” TARGET=”_blank”>CESA-2022:1066</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-March/073577.html” TARGET=”_blank”>CESA-2022:1066:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
257169 CentOS Security Update for gzip (CESA-2022:2191) CentOS has released a security update for gzip security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-May/073585.html” TARGET=”_blank”>CESA-2022:2191</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-May/073585.html” TARGET=”_blank”>CESA-2022:2191:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
257170 CentOS Security Update for zlib (CESA-2022:2213) CentOS has released a security update for zlib security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-May/073584.html” TARGET=”_blank”>CESA-2022:2213</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-May/073584.html” TARGET=”_blank”>CESA-2022:2213:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
257179 CentOS Security Update for python (CESA-2022:5235) CentOS has released a security update for python security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-August/073601.html” TARGET=”_blank”>CESA-2022:5235</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-August/073601.html” TARGET=”_blank”>CESA-2022:5235:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
257185 CentOS Security Update for xz (CESA-2022:5052) CentOS has released a security update for xz security update to fix the vulnerabilities. Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-August/073618.html” TARGET=”_blank”>CESA-2022:5052</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-August/073618.html” TARGET=”_blank”>CESA-2022:5052:centos 7</A>
CentOS Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
371776 Linux Docker Image Hard-Coded Credential Vulnerability <P>Linux docker images with a NULL password  for the root user is detected.

<P>Affected Versions:<BR>
All Linux docker images who has NULL password

<P>QID Detection Logic:<BR>
This QID checks if the /etc/shadow file of alpine linux docker images have NULL password or not.<P>

<BR><B>Note</B>: on 5/21/2019, we extend this QID to detect this vulnerability on ALL Linux docker images.

Customers are advised to set a password for the root user.<P>Workaround:<BR>Customers who have older Alpine Linux Docker images integrated inside (re)install scripts/routines should modify the Docker image to disable the root account or, at least, set a custom password.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/alpinelinux/docker-alpine” TARGET=”_blank”>Alpine Linux Docker Image</A>
Local Successful exploitation may result in hijacking of system by attackers who can authenticate using the root use and no password.<P> High
372268 GNU Bash Privilege Escalation Vulnerability for Debian GNU Bash. Bash is the GNU Project’s shell.<P>
An attacker with command execution in the shell can use &quot;enable -f&quot; for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. <P>
QID Detection Logic (Authenticated) <BR>
This checks for vulnerable version of Bash shell in Debian 9 and 10.
No updates available for Debian platform till date. Local On successful exploitation an attacker with command execution in the shell can use &quot;enable -f&quot; for
runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore
regains privileges.
High
372307 MongoDB Improper Invalidation Vulnerability (SERVER-38984) MongoDB is an open-source document database, and NoSQL database.
<P>After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user’s session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones.<BR><P>Affected Versions:<BR>
MongoDB Server v4.0 versions prior to 4.0.9.<BR>
MongoDB Server v3.6 versions prior to 3.6.13 <BR>
MongoDB Server v3.4 versions prior to 3.4.22 <BR><P>QID Detection Logic:(Authenticated)<BR>
This QID checks for vulnerable version of MongoDB installed on the target.<BR>
Customer are advised to update MongoDb to the latest versions.(MongoDB Server 3.4.22,3.6.13,4.0.9 or later.)<BR>
For more information visit <A HREF=”https://jira.mongodb.org/browse/SERVER-38984″ TARGET=”_blank”>MongoDB SERVER-38984</A>.<BR>Workaround:<BR>After deleting one or more users, restart any nodes which may have had active user authorization sessions.<BR>
Refrain from creating user accounts with the same name as previously deleted accounts.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://www.mongodb.com/download-center” TARGET=”_blank”>MongoDB Server 3.4.22,3.6.13,4.0.9 or later</A>
Local Successful exploitation allows an authenticated user’s session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones.<BR> Medium
374643 Go Misinterpretation of Input Vulnerability Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.<P>
Go’s encoding or xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder implementations. Encoding and decoding using Go’s encoding or xml can introduce new structures around a maliciously crafted XML directive.<P>Affected Version:<BR>
Go versions upto 1.15<P>QID Detection Logic(authenticated):<BR>
This QID checks for vulnerable version of Go installed on the target.<P>

Note: For unix target, this QID will only work if Go path is properly set in environment variable.<P>

The vendor has released latest version of Go. For more information please visit: <A HREF=”https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md” TARGET=”_blank”>Go</A><P>Workaround:<BR>The github.com/mattermost/xml-roundtrip-validator module can detect unstable constructs in an XML document, including unstable directives. Invoking the validator on all untrusted markup and failing early if it returns an error can prevent these types of issue from being exploited in an otherwise affected application.<P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://golang.org/dl/” TARGET=”_blank”>Go</A>
Local Mutations caused by encoding round-trips can lead to incorrect or conflicting decisions in affected applications. Equivalent lookups within an XML document can return different results during different stages of the document’s lifecycle. Attempting to validate the structure of an XML document can succeed or fail depending on the number of encoding round-trips it has gone through.<P> High
374644 Go XML attribute instability Vulnerability Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.<P>
Go’s encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder implementations. Encoding and decoding using Go’s encoding/xml can change the observed namespace as well as the observed local name of a maliciously crafted XML attribute.<P>Affected Version:<BR>
Go all versions<P>QID Detection Logic(authenticated):<BR>
This QID checks for vulnerable version of Go installed on the target.<P>

Note: For unix target , this QID will only work if Go path is properly set in environment variable.<P>

The vendor has not released any fixes for this.Workaround:<BR>The github.com/mattermost/xml-roundtrip-validator module can detect unstable constructs in an XML document, including unstable attribute namespace prefixes. Invoking the validator on all untrusted markup and failing early if it returns an error can prevent these types of issue from being exploited in an otherwise affected application. Local Mutations caused by encoding round-trips can lead to incorrect or conflicting decisions in affected applications. Equivalent lookups within an XML document can return different results during different stages of the document’s lifecycle. Attempting to validate the structure of an XML document can succeed or fail depending on the number of encoding round-trips it has gone through.<P> High
374667 Kubernetes Man In The Middle Vulnerability Kubernetes is an open-source container-orchestration system for automating deployment, scaling and management of containerized applications.<BR>

Affected version:<BR>
Kubernetes versions 1.0 to 1.20 are affected.<P>

QID Detection Logic:(Authenticated)<BR>
It uses &quot;kubectl version&quot; command to check for vulnerable versions of Kubernetes and also checks if &quot;kube-apiserver&quot; is running or not.<P>

QID Detection Logic:(Unauthenticated)<BR>
The detection uses the response from requests HTTP GET /openapi/v2 and HTTP GET /version to check for the version of Kubernetes.<P>

As patched version is not available, customers are advised to apply mitigation.
For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/97076″ TARGET=”_blank”>here</A>.Workaround:<BR>There is no patch for this issue, and it can currently only be mitigated by restricting access to the vulnerable features.<BR>
To restrict the use of external IPs kubernetes are providing an admission webhook container: k8s.gcr.io/multitenancy/externalip-webhook:v1.0.0. The source code and deployment instructions are <A HREF=”https://github.com/kubernetes-sigs/externalip-webhook” TARGET=”_blank”>published at</A>.Alternatively, external IPs can be restricted using OPA Gatekeeper. A sample ConstraintTemplate and Constraint can be found : <A HREF=”https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/externalip” TARGET=”_blank”>here</A>.

No mitigations are provided for LoadBalancer IPs since we do not recommend granting users patch service/status permission. If LoadBalancer IP restrictions are required, the approach for the external IP mitigations can be copied.

Local If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster.<P> Medium
375598 Go Denial Of Service Vulnerability Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.<P>

CVE-2021-31525: A vulnerability was found in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however servers are only vulnerable if the default 1 MB value for MaxHeaderBytes is increased.<P>

Affected Version:<BR>
Go version before 1.15.12<BR>
Go version 1.16.x before 1.16.4<P>

QID Detection Logic(authenticated):<BR>This QID checks for vulnerable version of Go installed on the target.<P>

Note: For unix target, this QID will only work if Go path is properly set in environment variable.<P>

It is advised to install the latest Go version from <A HREF=”https://golang.org/dl/” TARGET=”_blank”>Go download page.</A>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://golang.org/dl/” TARGET=”_blank”>Go</A>
Local Successful exploitation could result in denial of service attack.<P> Medium
375831 Golang Improper Input Validation Of Octal Literals Vulnerability Go is an open-source programming language that makes it easy to build simple, reliable, and efficient software.<P>

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.<P>

Affected versions: <BR>
Golang versions prior to 1.17<P>

QID Detection Logic:<BR>
This QID detects vulnerable versions of Golang with ‘go version’ command.<P>

The Vendor has released a security update to fix the vulnerability. For more information please visit <A HREF=”https://golang.org/doc/go1.17″ TARGET=”_blank”>Golang 1.17</A>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://golang.org/doc/go1.17″ TARGET=”_blank”>Go 1.17</A>
Local Successful exploitation of these vulnerabilities allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on golang builtin net.ParseCIDR function<P> Medium
375835 Go Lang Transport Layer Security (TLS) Clients Vulnerability Go is an open-source programming language that makes it easy to build simple, reliable, and efficient software.<P>

Affected versions: <BR>
Prior to 1.16.6 <BR>
Prior to 1.15.14 <BR>

QID Detection Logic:<BR>
This QID detects vulnerable versions of Go lang.<P>

The Vendor has released a security update to fix the vulnerability. For more information please visit <A HREF=”https://golang.org/doc/devel/release#go1.16.minor” TARGET=”_blank”>Golang 1.16.6</A>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://golang.org/doc/devel/release#go1.16.minor” TARGET=”_blank”>Golang1.16.6</A>
Local Successful exploitation of these vulnerabilities could affect Confidentiality, Integrity and Availability.<P> Low
376157 Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).<BR>

<P>Affected versions:<BR>
Log4j versions  2.x prior to and including  2.14.1 (exclude 2.12.x)<BR>
Log4j versions 2.12.x prior to 2.12.2<BR>

<P>QID Detection: (Authenticated) – Linux<BR>
Detection logic is checking for vulnerable jar version and also checks for JNDI Class is present or not.<BR>

This detection logic is updated to find log4j installs using the locate command and ls proc command. These updates are in VULNSIGS-2.5.352-4 <BR>

QID Detection: (Authenticated) – Windows<BR>
On Windows system, the QID identifies vulnerable instance of log4j via WMI to check log4j included in the running processes via command-line.
<BR>
<P>
Note:QID 376157 also leverages the OS package manager to identify vulnerable Log4j packages.This method checks only version information and does not check for workaround.<P>

Note: Please provide Oracle auth records for scanning Oracle Database instances.<BR>

Apache is recommending customers to upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later). If updating the version is not possible, please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR>
NOTE: This detection checks only version information and does not check for workaround.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://logging.apache.org/log4j/2.x/download.html” TARGET=”_blank”>Apache Log4j</A>
Local Successful exploitation of this vulnerability could lead to  remote code execution (RCE) on the target.<BR> High
376157 Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).<BR>

<P>Affected versions:<BR>
Log4j versions  2.x prior to and including  2.14.1<BR>

<P>QID Detection: (Authenticated)<BR>
This detection is based on querying the OS package managers on the target. If the target has a log4j package with a version less than 2.15.0, the target is flagged as vulnerable.

This detection logic is updated to find log4j installs using the locate command and ls proc command. These updates are in VULNSIGS-2.5.352-4 <BR>
On Windows system, the QID identifies vulnerable instance of log4j via WMI to check log4j included in the running processes via command-line.
<BR>
<P>
Note:QID 376157 leverages the OS package manager to identify vulnerable Log4j packages. If the target does not have the vulnerable log4j package installed via the package manager, this QID might not get detected. This would typically happen when an application bundles the Log4j library in a jar etc. <BR>

The vendor has released a fix for this vulnerability and the customers are advised to update their Log4j to the version 2.15.0. If updating the version is not possible, please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://logging.apache.org/log4j/2.x/download.html” TARGET=”_blank”>Apache Log4j</A>
Local Successful exploitation of this vulnerability could lead to  remote code execution (RCE) on the target.<BR> High
376178 Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-45046) Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation.<P>

CVE-2021-45046: A zero-day exploit affecting the popular Apache Log4j utility to Denial of Service attack.<P>

<P>Affected versions:<BR>
Log4j versions from 2.x prior to and including  2.12.2<BR>
Log4j versions 2.13.0 prior to and including 2.15.0<P>

<P>QID Detection: (Authenticated)<BR>
This detection is based on querying the OS package managers on the target. If the target has a log4j package with a affected version, the target is flagged as vulnerable.
This detection logic is updated to find log4j installs using the locate command and ls proc command.<BR>
On Windows system, the QID identifies vulnerable instance of log4j via WMI to check log4j included in the running processes via command-line.
<BR>
<P>
<B>Note:</B>QID leverages the OS package manager to identify vulnerable Log4j packages. If the target does not have the vulnerable log4j package installed via the package manager, this QID might not get detected. This would typically happen when an application bundles the Log4j library in a jar etc. <BR>

The vendor has released a fix for this vulnerability and the customers are advised to update their Log4j to the version 2.12.2  and 2.16.0. Please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Apache Log4j</A>
Local Successful exploitation of this vulnerability could lead to Sensitive Information Disclosure and Remote Code Execution<P> High
376178 Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-45046) (Log4Shell) Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation.<P>

CVE-2021-45046: A zero-day exploit affecting the popular Apache Log4j utility to Remote Code Execution and Denial of Service attack.<P>

<P>Affected versions:<BR>
Log4j versions from 2.x prior to 2.12.2<BR>
Log4j versions 2.13.0 prior to and including 2.15.0<P>

<P>QID Detection: (Authenticated) – Linux<BR>
This detection is based on querying the OS package managers on the target. If the target has a log4j package with an affected version, the target is flagged as vulnerable.
This detection logic is updated to find log4j installs using the locate command and ls proc command.<BR>

QID Detection: (Authenticated) – Windows<BR>
On Windows system, the QID identifies vulnerable instance of log4j via WMI to check log4j included in the running processes via command-line.
<BR>
<P>
<B>Note:</B>QID leverages the OS package manager to identify vulnerable Log4j packages. If the target does not have the vulnerable log4j package installed via the package manager, this QID might not get detected. This would typically happen when an application bundles the Log4j library in a jar etc. <BR>
This detection checks only version information and does not check for workaround.<BR>

Apache recommends customers to upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later). Please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR>
This detection checks only version information and does not check for workaround.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Apache Log4j</A>
Local Successful exploitation of this vulnerability could lead to Sensitive Information Disclosure and Remote Code Execution<P> High
376194 Apache Log4j Denial of Service (DOS) Vulnerability (Log4Shell) Apache Log4j2 does not always protect from infinite recursion in lookup evaluation (CVE-2021-45105), this was made public on December 18, 2021<BR>

<P>Affected versions:<BR>
Log4j versions  all versions from 2.0-beta9 to 2.16.0, excluding 2.12.3, 2.3.1<BR>

<P>QID Detection: (Authenticated)<BR>
This detection is based on querying the OS package managers on the target. If the target has a log4j package with a version less than or equals to 2.16.0, the target is flagged as vulnerable.

This detection logic also tries to find log4j installs using the locate command and ls proc command. These updates are in VULNSIGS-2_5_357<BR>

QID Detection: (Authenticated) – Windows <BR>
On Windows system, the QID identifies vulnerable instance of log4j via WMI to check log4j included in the running processes via command-line.
<BR>
<P>

Apache recommends customers to upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later). If updating the version is not possible, please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://logging.apache.org/log4j/2.x/download.html” TARGET=”_blank”>Apache Log4j</A>
Local Apache Log4j2 versions 2.0-alpha1 through 2.16.0, excluding 2.12.3, 2.3.1  did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.
<BR>
High
376209 Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-44832) Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation.<P>

CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.<P>

<P>Affected versions:<BR>

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4)<P>

<P>QID Detection: (Authenticated) – Linux<BR>
This detection is based on querying the OS package managers on the target. If the target has a log4j package with a affected version, the target is flagged as vulnerable.
This detection logic is updated to find log4j installs using the locate command and ls proc command.<P>
QID Detection: (Authenticated) – Windows<BR>
On Windows system, the QID identifies vulnerable instance of log4j via WMI to check log4j included in the running processes via command-line.
<P>

Apache recommends customers to upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later). Please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Apache Log4j</A>
Local Successful exploitation of this vulnerability could lead to Remote Code Execution<P> Medium
376213 Redis Server Heap Overflow Vulnerability Redis is an open-source, in-memory database that persists on disk.<P>

Integer overflow that can lead to heap overflow in Redis-CLI, Redis-sentinel on some platforms and DoS vulnerability<P>

Affected Versions:<BR>
Redis  Server versions prior to 6.2.6, 6.0.16, 5.0.14<P>

QID Detection Logic (Authenticated): Linux<BR>
This QID executes the commands &quot;redis-server –version&quot;, &quot;redis-cli –version&quot; and &quot;redis-sentinel –version&quot; to identify versions of Redis Server, Redis cli and Redis Sentinel, respectively, to detect Redis Server versions prior to 6.2.6, 6.0.16 and 5.0.14.<BR>

Customers are advised to update to the latest patch version of Redis Server. For more information, please refer to <A HREF=”https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p” TARGET=”_blank”>Redis Security Advisory GHSA-f6pw</A><A HREF=”https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr” TARGET=”_blank”>Redis Security Advisory GHSA-833w</A><P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p” TARGET=”_blank”>GHSA-f6pw</A><P> <A HREF=”https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr” TARGET=”_blank”>GHSA-833w</A>
Local Successful exploitation of this vulnerability may lead to heap overflow in redis-cli, redis-sentinel on some platforms.<P> High
376506 Spring Framework Remote Code Execution (RCE) Vulnerability (Spring4Shell) The vulnerability exists in the Spring Framework with the JDK version greater or equal to 9.0. (If the version number is less than or equal to 8, it is not affected by the vulnerability.)<BR>

Triggering this vulnerability requires use of the Spring MVC and Spring WebFlux applications running on JDK9 and above.<P>

Vulnerable Versions:<BR>
Spring framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older are vulnerable.<BR>

QID Detection: (Authenticated) – Linux<BR>
Detection logic checks if system has java 9 or later versions and executes locate -b -e -r ‘^spring\-webmvc.*\.jar$’ -r ‘^spring\-webflux.*\.jar$’ command, ls -l /proc/*/fd | grep -Eo ‘\S+\/spring\S+jar’ | uniq 2&gt; /dev/null and checks if any or both of the spring-webmvc-*.jar or spring-webflux*.jar files are present on the system. <BR>
<P>
QID Detection: (Authenticated) – Windows<BR>
On Windows systems, the QID identifies vulnerable instances of Spring via WMI and checks whether &quot;spring-webmvc&quot;, &quot;spring-webflux&quot; and &quot;spring-boot&quot; are included in the running processes via command-line with JDK9 or higher<BR>
<P>
QID Detection: (Authenticated) – MacOS<BR>
Detection logic checks if system runs java 9 or later versions and executes locate command to check the presence of &quot;spring-webmvc&quot;, and &quot;spring-webflux&quot; jar files on a system.<P>
QID Detection: (Qualys CS Image Scanning)<BR>
Container Sensor image scanning uses the &quot;find&quot; command to check for &quot;spring-webmvc&quot; and &quot;spring-webflux&quot; jars from .war/.jar files along with JDK9 or higher.<P>

QID Detection: (Qualys CS Image Scanning)<BR>
Container Sensor image scanning uses find command to check for spring-webmvc and spring-webflux  jars from .war/.jar files along with JDK9 or higher.<P>

The vendor has released an advisory to resolve these issues. <P>
Customers are advised to visit <A HREF=”https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#overview” TARGET=”_blank”>Spring Framework RCE </A> for more information on this. <BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement” TARGET=”_blank”>Spring </A>
Local A remote attacker can obtain the AccessLogValve object and malicious field values via the parameter binding function of the framework on the basis of meeting certain conditions<BR> High
376506 Spring Framework Remote Code Execution (RCE) Vulnerability (Spring4Shell) The vulnerability exists in the Spring Framework with the JDK version greater or equal to 9.0. (If the version number is less than or equal to 8, it is not affected by the vulnerability.)<BR>

Triggering this vulnerability requires use of the Spring MVC and Spring WebFlux applications running on JDK9 and above.<P>

Vulnerable Versions:<BR>
Spring framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older are vulnerable.<BR>

QID Detection: (Authenticated) – Linux<BR>
Detection logic checks if system has java 9 or later versions and executes locate -b -e -r ‘^spring\-webmvc.*\.jar$’ -r ‘^spring\-webflux.*\.jar$’ command, ls -l /proc/*/fd | grep -Eo ‘\S+\/spring\S+jar’ | uniq 2&gt; /dev/null and checks if any or both of the spring-webmvc-*.jar or spring-webflux*.jar  present on the system. <BR>
<P>
QID Detection: (Authenticated) – Windows<BR>
On Windows system, the QID identifies vulnerable instance of Spring via WMI to check spring-webmvc, spring-webflux and spring-boot are included in the running processes via command-line. with JDK9 or higher<BR>
<P>
QID Detection: (Authenticated) – MacOS<BR>
Detection logic checks if system has java 9 or later versions and executes locate command to check the presence of spring-webmvc, and spring-webflux jar files on a system.<P>
QID Detection: (Qualys CS Image Scanning)<BR>
Container Sensor image scanning uses find command to check for spring-webmvc and spring-webflux  jars from .war/.jar files along with JDK9 or higher.<P>

The vendor has released an advisory to resolve these issues. <P>
Customers are advised to visit <A HREF=”https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#overview” TARGET=”_blank”>Spring Framework RCE </A> for more information on this. <BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement” TARGET=”_blank”>Spring </A>
Local A remote attacker can obtain the AccessLogValve object and malicious field values via the parameter binding function of the framework on the basis of meeting certain conditions<BR> High
377846 Kubernetes Validating Admission Webhook Vulnerability Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>

Affected version:<BR>
kube-apiserver v1.20.0 – v1.20.5<BR>
kube-apiserver v1.19.0 – v1.19.9<BR>
kube-apiserver including and prior to v1.18.17<BR>

QID Detection Logic:(Authenticated)<BR>
The QID uses ‘kubectl version’ command to check for vulnerable versions of Kubernetes <P>

For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/100096″ TARGET=”_blank”>100096</A><P>Workaround:<BR>This only impacts validating admission plugins that rely on old values in certain fields, and does not impact calls from kubelets that go through the built-in NodeRestriction admission plugin.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/100096″ TARGET=”_blank”>100096</A>
Local Successful exploitation of the vulnerability may allow an attacker to node updates to bypass a Validating Admission Webhook<P> Medium
377847 Kubernetes Ceph RBD Admin Secrets exposed Vulnerability Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>

Affected version:<BR>
kubernetes v1.19.0 – v1.19.2<BR>
kubernetes v1.18.0 – v1.18.9<BR>
kubernetes v1.17.0 – v1.17.12<BR>

QID Detection Logic:(Authenticated)<BR>
The QID uses ‘kubectl version’ command to check for vulnerable versions of Kubernetes <P>

For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/95624″ TARGET=”_blank”>95624</A><P>Workaround:<BR>Vulnerable If Ceph RBD volumes are in use and kube-controller-manager is using a log level of at least 4.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/95624″ TARGET=”_blank”>95624</A>
Local Successful exploitation of the vulnerability may allow an attacker to Ceph RBD adminSecrets exposed in logs<P> Medium
377848 Kubernetes Token Leak Logs Vulnerability Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>

Affected version:<BR>
kubernetes v1.19.0 – v1.19.5<BR>
kubernetes v1.18.0 – v1.18.13<BR>
kubernetes v1.17.0 – v1.17.15<BR>

QID Detection Logic:(Authenticated)<BR>
The QID uses ‘kubectl version’ command to check for vulnerable versions of Kubernetes <P>

For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/95623″ TARGET=”_blank”>95623</A><P>Workaround:<BR>Vulnerable If kube-apiserver is using a log level of at least 9.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/95623″ TARGET=”_blank”>95623</A>
Local Successful exploitation of the vulnerability may allow an attacker authorization and bearer tokens will be written to log files<P> Medium
377852 Kubernetes Docker Config Secrets Leaked Vulnerability Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>

Affected version:<BR>
kubernetes v1.19.0 – v1.19.2<BR>
kubernetes v1.18.0 – v1.18.9<BR>
kubernetes v1.17.0 – v1.17.12<BR>

QID Detection Logic:(Authenticated)<BR>
The QID uses ‘kubectl version’ command to check for vulnerable versions of Kubernetes <P>

For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/95622″ TARGET=”_blank”>95622</A><P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/95622″ TARGET=”_blank”>95622</A>
Local Successful exploitation of the vulnerability may allow an attacker to read docker config files<P> Medium
377853 Kubernetes Kublet Node Disk Denial of Service (DoS) Vulnerability Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>

Affected version:<BR>
kubelet v1.18.0-1.18.5<BR>
kubelet v1.17.0-1.17.8<BR>
kubelet prior to  v1.16.13<BR>

QID Detection Logic:(Authenticated)<BR>
The QID uses ‘kubectl version’ command to check for vulnerable versions of Kubernetes <P>

For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/93032″ TARGET=”_blank”>93032</A><P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/93032″ TARGET=”_blank”>93032</A>
Local Successful exploitation of the vulnerability may allow an attacker to read docker config files<P> Medium
377854 Kubernetes kube-Apiserver Privilege Escalation Vulnerability Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>

Affected version:<BR>
kube-apiserver v1.18.0-1.18.5<BR>
kube-apiserver v1.17.0-1.17.8<BR>
kube-apiserver v1.16.0-1.16.12<BR>
all kube-apiserver versions prior to v1.16.0<BR>

QID Detection Logic:(Authenticated)<BR>
The QID uses ‘kubectl version’ command to check for vulnerable versions of Kubernetes <P>

For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/92914″ TARGET=”_blank”>92914</A><P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/92914″ TARGET=”_blank”>92914</A>
Local Successful exploitation of the vulnerability may allow an attacker to  send a redirect response that may be followed by a client using the credentials from the original request<P> Medium
377913 Git Multiple Security Vulnerabilities Git is a revision control system, a tool to manage your source code history.<P>

Affected Versions:<BR>
Git 2.30.x prior to 2.30.7 <BR>
Git 2.31.x prior to 2.31.6 <BR>
Git 2.32.x prior to 2.32.5 <BR>
Git 2.33.x prior to 2.33.6 <BR>
Git 2.34.x prior to 2.34.6 <BR>
Git 2.35.x prior to 2.35.6 <BR>
Git 2.36.x prior to 2.36.4 <BR>
Git 2.37.x prior to 2.37.5 <BR>
Git 2.38.x prior to 2.38.3 <BR>
Git 2.39.x prior to 2.39.1 <P>

QID Detection Logic (authenticated):<BR>
Windows: This QID checks for vulnerable version of git-cmd.exe. <BR>
Linux/MacOS: This QID checks for vulnerable version via git –version.

Customers are advised to upgrade to <A HREF=”https://git-scm.com/downloads” TARGET=”_blank”>Git v2.30.7, v2.31.6, v2.32.5, v2.33.6, v2.34.6, v2.35.6, v2.36.4, v2.37.5, v2.38.3, v2.39.1</A> or later versions to remediate these vulnerabilities.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq” TARGET=”_blank”>GHSA-475x-2q3q-hvwq</A><P> <A HREF=”https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89″ TARGET=”_blank”>GHSA-c738-c5qq-xg89</A>
Local An attacker can trigger remote code execution.<P> High
500027 Alpine Linux Security Update for apk-tools Alpine Linux has released a security update for apk-tools to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.10.6-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools-2.10.6-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500028 Alpine Linux Security Update for apk-tools Alpine Linux has released a security update for apk-tools to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.10.7-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools-2.10.7-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500081 Alpine Linux Security Update for busybox Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 1.31.1-r20. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.31.1-r20:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500082 Alpine Linux Security Update for busybox Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 1.31.1-r21. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.31.1-r21:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500083 Alpine Linux Security Update for busybox Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 1.31.1-r22. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.31.1-r22:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500130 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 7.69.1-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.69.1-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500131 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 7.69.1-r2. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.69.1-r2:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500132 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 7.69.1-r3. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.69.1-r3:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500133 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 7.74.0-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.74.0-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
500134 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 7.76.0-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.76.0-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
500135 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 7.77.0-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.77.0-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500136 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 7.78.0-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.78.0-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
500137 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 7.79.0-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.0-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500138 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500177 Alpine Linux Security Update for expat Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.2.10-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.2.10-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500178 Alpine Linux Security Update for expat Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.2.10-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.2.10-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500179 Alpine Linux Security Update for expat Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.2.10-r2. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.2.10-r2:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500189 Alpine Linux Security Update for freetype Alpine Linux has released a security update for freetype to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.10.4-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/freetype” TARGET=”_blank”>freetype</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/freetype” TARGET=”_blank”>freetype-2.10.4-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500190 Alpine Linux Security Update for freetype Alpine Linux has released a security update for freetype to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.10.4-r2. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/freetype” TARGET=”_blank”>freetype</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/freetype” TARGET=”_blank”>freetype-2.10.4-r2:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500222 Alpine Linux Security Update for git Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.26.3-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.26.3-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500223 Alpine Linux Security Update for git Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.26.3-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.26.3-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500227 Alpine Linux Security Update for gmp Alpine Linux has released a security update for gmp to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 6.2.1-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/gmp” TARGET=”_blank”>gmp</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/gmp” TARGET=”_blank”>gmp-6.2.1-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500295 Alpine Linux Security Update for libgcrypt Alpine Linux has released a security update for libgcrypt to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR><BR><BR>Affected Package versions prior to 1.8.8-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libgcrypt” TARGET=”_blank”>libgcrypt</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libgcrypt” TARGET=”_blank”>libgcrypt-1.8.8-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500296 Alpine Linux Security Update for libgcrypt Alpine Linux has released a security update for libgcrypt to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR><BR><BR>Affected Package versions prior to 1.8.8-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libgcrypt” TARGET=”_blank”>libgcrypt</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libgcrypt” TARGET=”_blank”>libgcrypt-1.8.8-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
500306 Alpine Linux Security Update for libjpeg-turbo Alpine Linux has released a security update for libjpeg-turbo to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.1.0-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libjpeg-turbo” TARGET=”_blank”>libjpeg-turbo</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libjpeg-turbo” TARGET=”_blank”>libjpeg-turbo-2.1.0-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
500342 Alpine Linux Security Update for libxml2 Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.9.10-r6. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.10-r6:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500343 Alpine Linux Security Update for libxml2 Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.9.12-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.12-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
500344 Alpine Linux Security Update for libxml2 Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.13-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.13-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500345 Alpine Linux Security Update for libxml2 Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.14-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.14-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
500355 Alpine Linux Security Update for libxslt Alpine Linux has released a security update for libxslt to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.35-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxslt” TARGET=”_blank”>libxslt</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxslt” TARGET=”_blank”>libxslt-1.1.35-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500415 Alpine Linux Security Update for musl Alpine Linux has released a security update for musl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 1.1.24-r10. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/musl” TARGET=”_blank”>musl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/musl” TARGET=”_blank”>musl-1.1.24-r10:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
500499 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL) Alpine Linux has released a security update for openssl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.1l-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl-1.1.1l-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500500 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL) Alpine Linux has released a security update for openssl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.1n-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl-1.1.1n-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500594 Alpine Linux Security Update for python3 Alpine Linux has released a security update for python3 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 3.8.5-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3-3.8.5-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
500595 Alpine Linux Security Update for python3 Alpine Linux has released a security update for python3 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 3.8.8-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3-3.8.8-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
500831 Alpine Linux Security Update for zlib Alpine Linux has released a security update for zlib to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 1.2.12-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/zlib” TARGET=”_blank”>zlib</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/zlib” TARGET=”_blank”>zlib-1.2.12-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501355 Alpine Linux Security Update for apk-tools Alpine Linux has released a security update for apk-tools to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.12.6-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools-2.12.6-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501468 Alpine Linux Security Update for pcre2 Alpine Linux has released a security update for pcre2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 10.36-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/pcre2″ TARGET=”_blank”>pcre2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/pcre2″ TARGET=”_blank”>pcre2-10.36-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501733 Alpine Linux Security Update for busybox Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 1.33.1-r4. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.33.1-r4:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
501734 Alpine Linux Security Update for busybox Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 1.33.1-r5. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.33.1-r5:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
501735 Alpine Linux Security Update for busybox Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 1.33.1-r6. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.33.1-r6:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501736 Alpine Linux Security Update for busybox Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 1.33.1-r7. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.33.1-r7:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501738 Alpine Linux Security Update for expat Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.4.3-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.4.3-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501739 Alpine Linux Security Update for expat Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.4.4-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.4.4-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501740 Alpine Linux Security Update for expat Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.4.5-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.4.5-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501742 Alpine Linux Security Update for git Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.1-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.1-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501747 Alpine Linux Security Update for libretls Alpine Linux has released a security update for libretls to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 3.3.3p1-r3. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libretls” TARGET=”_blank”>libretls</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libretls” TARGET=”_blank”>libretls-3.3.3p1-r3:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501777 Alpine Linux Security Update for redis Alpine Linux has released a security update for redis to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 6.2.6-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis-6.2.6-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501778 Alpine Linux Security Update for redis Alpine Linux has released a security update for redis to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 6.2.7-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis-6.2.7-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501951 Alpine Linux Security Update for busybox Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 1.34.1-r5. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.34.1-r5:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
501967 Alpine Linux Security Update for libretls Alpine Linux has released a security update for libretls to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 3.3.4-r3. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libretls” TARGET=”_blank”>libretls</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libretls” TARGET=”_blank”>libretls-3.3.4-r3:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502407 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r2. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r2:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502413 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL) Alpine Linux has released a security update for openssl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.1q-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl-1.1.1q-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502432 Alpine Linux Security Update for git Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.3-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.3-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502475 Alpine Linux Security Update for zlib Alpine Linux has released a security update for zlib to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.2.12-r2. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/zlib” TARGET=”_blank”>zlib</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/zlib” TARGET=”_blank”>zlib-1.2.12-r2:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502487 Alpine Linux Security Update for libxml2 Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.14-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.14-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502498 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r3. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r3:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502509 Alpine Linux Security Update for expat Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.4.9-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.4.9-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502526 Alpine Linux Security Update for libxml2 Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.14-r1. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.14-r1:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502547 Alpine Linux Security Update for libxml2 Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.14-r2. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.14-r2:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502551 Alpine Linux Security Update for git Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.4-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.4-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502572 Alpine Linux Security Update for expat Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.5.0-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.5.0-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502607 Alpine Linux Security Update for python3 Alpine Linux has released a security update for python3 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 3.9.16-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3-3.9.16-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502614 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r4. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r4:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502636 Alpine Linux Security Update for git Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.5-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.5-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502644 Alpine Linux Security Update for redis Alpine Linux has released a security update for redis to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 6.2.9-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis-6.2.9-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502652 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL) Alpine Linux has released a security update for openssl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.1t-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl-1.1.1t-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502664 Alpine Linux Security Update for curl Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r5. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r5:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
502665 Alpine Linux Security Update for git Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.6-r0. Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.6-r0:Alpine Linux</A>
Alpine Linux Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
650035 OpenSSH Information Disclosure Vulnerability (Generic) OpenSSH is the premier connectivity tool for remote login with the SSH protocol.  <P>
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).<P>Affected Versions:<BR>
OpenSSH 5.7 through 8.3<P>QID Detection Logic:<BR>
The QID checks for the vulnerable versions of OpenSSH
OpenSSH team committed a partial mitigation of this issue which is included in openssh 8.4.<BR>
Refer to <A HREF=”https://www.openssh.com/” TARGET=”_blank”>OpenSSH 8.4</A> for details.<P>
Security Policy On successful exploitation it allows man-in-the-middle attackers to target initial connection attempts. Medium
650049 EOL/Obsolete Operating System: Debian 8.0 Detected The host is running Debian 8.0 (Jessie). Support for Debian 8 ended on June 30, 2020. No further updates, including security updates, are available for Debian 8.0. Users are advised to the latest version of Debian available. More information on the latest version can be obtained from <A HREF=”https://wiki.debian.org/DebianReleases” TARGET=”_blank”>Debian</A> Security Policy The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks. High
900204 CBL-Mariner Linux Security Update for libarchive 3.4.2 <P>CBL-Mariner is an internal Linux distribution for  cloud infrastructure and edge products and services of Microsoft.</P>Affected OS: CBL Mariner<BR><P>QID Detection Logic(Authenticated):<BR>This QID checks for vulnerable versions of package name. <BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. CBL-Mariner has issued updated packages to fix this vulnerability. <P>For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”></A> CBL-Mariner Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. Medium
900829 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (9441) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python2 to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
900845 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (9442) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python3 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
900855 Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (9504) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for ncurses to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901006 Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (6441) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for glibc to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901574 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9711) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901576 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9710) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901577 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9712) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901578 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9713) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901580 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9740) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901987 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9751) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
901989 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9773) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901990 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9772) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901991 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9771) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901997 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9782) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
901998 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9784) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
901999 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9783) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902045 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (9820) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python2 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902051 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9822) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902053 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9834) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902054 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9833) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902146 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9855) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902152 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9868) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902161 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9881) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902166 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9893) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902170 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9892) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902183 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9772-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9772-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902186 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9834-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9834-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902187 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9751-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9751-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902191 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9782-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9782-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902193 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9711-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9711-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902197 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9710-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9710-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902199 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9822-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9822-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902202 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9784-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9784-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902203 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9740-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9740-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902204 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9773-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9773-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902207 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9833-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9833-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902208 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9713-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9713-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902211 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9712-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9712-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902220 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9783-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9783-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902222 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9771-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9771-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902343 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9949) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902344 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9947) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902345 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9950) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902347 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (9946) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python3 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902348 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9948) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902361 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9971) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902402 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9983) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902403 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9984) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902404 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9985) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902410 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9999) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902411 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10000) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902417 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10033) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902418 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10034) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902420 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10035) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902421 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10037) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902425 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10036) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902439 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10051) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902442 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10053) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902443 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10052) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902450 Common Base Linux Mariner (CBL-Mariner) Security Update for gnupg2 (10077) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for gnupg2 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902455 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (10126) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902456 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10110) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902457 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10109) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902462 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10111) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902464 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10112) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902476 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9985-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9985-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902477 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9971-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9971-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902480 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10135) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902481 Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (9504-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for ncurses to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9504-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902482 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10134) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902484 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9999-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9999-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902488 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9949-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9949-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902489 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9950-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9950-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902495 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9984-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9984-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902497 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9983-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9983-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902500 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (9946-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python3 to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9946-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902501 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9948-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9948-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902506 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9947-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9947-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902511 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10124) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902512 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10115) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902515 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10116) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902522 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10136) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902552 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10113) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902553 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10114) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902561 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10323) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902609 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10417) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902610 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10418) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902611 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10420) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902613 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10419) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902673 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (9820-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python2 to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9820-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
902674 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10034-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10034-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902675 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10125-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10125-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902679 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10124-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10124-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902681 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10052-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10052-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902682 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10036-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10036-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902683 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10033-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10033-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902687 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10000-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10000-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902691 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10051-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10051-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902693 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10053-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10053-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902694 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10035-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10035-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902703 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10037-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10037-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
902708 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10136-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10136-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903105 Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (1939) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for glibc to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903355 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (5430) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python3 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903379 Common Base Linux Mariner (CBL-Mariner) Security Update for lua (2658) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for lua to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
903640 Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (2551) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for glibc to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903712 Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10726) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for rpm to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903713 Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10783) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for rpm to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
903714 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (10473-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for zlib to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10473-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903718 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9881-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9881-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903719 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9613-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for freetype to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9613-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903720 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10116-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10116-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
903722 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9867-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9867-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903726 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10114-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10114-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
903727 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9868-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9868-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903729 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9894-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9894-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
903730 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9612-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for freetype to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9612-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903739 Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10784) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for rpm to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903740 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10419-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10419-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903745 Common Base Linux Mariner (CBL-Mariner) Security Update for glib (10698) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for glib to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903752 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10417-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10417-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903754 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10418-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10418-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903755 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9895-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9895-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903765 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10323-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10323-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903772 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9882-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9882-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
903777 Common Base Linux Mariner (CBL-Mariner) Security Update for libarchive (4585-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libarchive to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>4585-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
903778 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10113-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10113-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
903780 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10420-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10420-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
903786 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10115-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10115-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903971 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10565-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10565-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903972 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10583-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10583-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903973 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10566-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10566-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903977 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10785-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10785-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903979 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10582-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10582-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903981 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10602-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10602-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903983 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10825-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10825-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903988 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10625-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python3 to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10625-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903991 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10581-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10581-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903994 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10564-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10564-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
903996 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10631-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10631-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904001 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10630-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10630-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
904003 Common Base Linux Mariner (CBL-Mariner) Security Update for gzip (10811-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for gzip to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10811-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904004 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10649-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10649-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
904009 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10584-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10584-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
904011 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10650-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10650-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904018 Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (10699-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for glibc to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10699-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904021 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10786-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10786-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904082 Common Base Linux Mariner (CBL-Mariner) Security Update for expat (10944-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for expat to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10944-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904083 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10965-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10965-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
904103 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10879-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10879-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904106 Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10647-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for rpm to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10647-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
904177 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11013-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11013-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904186 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (9442-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python3 to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9442-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904187 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11043-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11043-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904190 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10988-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10988-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904192 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11055-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11055-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904198 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11042-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11042-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904202 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10977-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10977-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904205 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11075-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11075-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904206 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (9441-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python2 to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9441-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904209 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11023-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11023-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
904370 Common Base Linux Mariner (CBL-Mariner) Security Update for expat (11329-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for expat to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11329-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904389 Common Base Linux Mariner (CBL-Mariner) Security Update for libtasn1 (11333-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libtasn1 to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11333-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904488 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11445) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python3 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904489 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (11444) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python2 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904515 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11362-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11362-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904516 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11411-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11411-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904527 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11412-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11412-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904534 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (11423-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for sudo to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11423-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904539 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11053-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11053-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
904561 Common Base Linux Mariner (CBL-Mariner) Security Update for libarchive (11470) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for libarchive to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904576 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11507) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python3 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904625 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11510-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11510-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904626 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (11447-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for systemd to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11447-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
904627 Common Base Linux Mariner (CBL-Mariner) Security Update for libarchive (11473-1) CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libarchive to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11473-1:CBL-Mariner Linux</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904637 Common Base Linux Mariner (CBL-Mariner) Security Update for libarchive (11470-1) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libarchive to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>11470-1:CBL-Mariner Linux 2\\.0</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904772 Common Base Linux Mariner (CBL-Mariner) Security Update for libksba (12104) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for libksba to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904790 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (12107-1) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>12107-1:CBL-Mariner Linux 2\\.0</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
904797 Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (12133) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for krb5 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905025 Common Base Linux Mariner (CBL-Mariner) Security Update for pam (12603) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for pam to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905238 Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (12133-1) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for krb5 to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>12133-1:CBL-Mariner Linux 2\\.0</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905239 Common Base Linux Mariner (CBL-Mariner) Security Update for libksba (12104-1) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libksba to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>12104-1:CBL-Mariner Linux 2\\.0</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905262 Common Base Linux Mariner (CBL-Mariner) Security Update for gnupg2 (13005) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for gnupg2 to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905434 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13284-1) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13284-1:CBL-Mariner Linux 2\\.0</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905438 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13310) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905464 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13352) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905467 Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (13348) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for glibc to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905469 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13351) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905503 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13352-1) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13352-1:CBL-Mariner Linux 2\\.0</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905506 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13310-1) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13310-1:CBL-Mariner Linux 2\\.0</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905538 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13351-1) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13351-1:CBL-Mariner Linux 2\\.0</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905552 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13564) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905562 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13564-1) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13564-1:CBL-Mariner Linux 2\\.0</A>
CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905595 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13653) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905599 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13654) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
905603 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13652) CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. <P>Patch is NOT available for the package.</P> CBL-Mariner Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
980019 Go (go) Security Update for github.com/opencontainers/image-spec (GHSA-77vh-xpmg-72qh) Security update has been released for github.com/opencontainers/image-spec to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. The Image Specification will be updated to recommend that both manifest and index documents contain a `mediaType` field to identify the type of document.<BR>Release [v1.0.2](https://github.com/opencontainers/image-spec/releases/tag/v1.0.2) includes these updates.Workaround:<BR>Software attempting to deserialize an ambiguous document may reject the document if it contains both manifests and layers fields or manifests and config fields.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-77vh-xpmg-72qh” TARGET=”_blank”>GHSA-77vh-xpmg-72qh:github.com/opencontainers/image-spec</A>
SCA In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Medium
980036 Nodejs (npm) Security Update for json-schema (GHSA-896r-f27r-55mw) json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-896r-f27r-55mw” TARGET=”_blank”>GHSA-896r-f27r-55mw</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-896r-f27r-55mw” TARGET=”_blank”>GHSA-896r-f27r-55mw:json-schema</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980038 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-v585-23hc-c647) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-v585-23hc-c647″ TARGET=”_blank”>GHSA-v585-23hc-c647</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-v585-23hc-c647″ TARGET=”_blank”>GHSA-v585-23hc-c647:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980070 Go (go) Security Update for github.com/containerd/containerd (GHSA-5j5w-g665-5m35) Security update has been released for github.com/containerd/containerd to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. This issue has been fixed in containerd 1.4.12 and 1.5.8.  Image pulls for manifests that contain a manifests field or indices which contain a layers field are rejected.Workaround:<BR>Ensure you only pull images from trusted sources.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5j5w-g665-5m35″ TARGET=”_blank”>GHSA-5j5w-g665-5m35:github.com/containerd/containerd</A>
SCA In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header.  Versions of containerd prior to 1.4.12 and 1.5.8 treat the Content-Type header as trusted and deserialize the document according to that header.  If the Content-Type header changed between pulls of the same ambiguous document (with the same digest), the document may be interpreted differently, meaning that the digest alone is insufficient to unambiguously identify the content of the image. Medium
980093 Go (go) Security Update for github.com/containerd/containerd (GHSA-c2h3-6mxw-7mvq) Security update has been released for github.com/containerd/containerd to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.Workaround:<BR>Limit access to the host to trusted users. Update directory permission on container bundles directories.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c2h3-6mxw-7mvq” TARGET=”_blank”>GHSA-c2h3-6mxw-7mvq:github.com/containerd/containerd</A>
SCA A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. Medium
980106 Python (pip) Security Update for pip (GHSA-5xp3-jfq3-5q8x) A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5xp3-jfq3-5q8x” TARGET=”_blank”>GHSA-5xp3-jfq3-5q8x</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5xp3-jfq3-5q8x” TARGET=”_blank”>GHSA-5xp3-jfq3-5q8x:pip</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
980150 Nodejs (npm) Security Update for tar (GHSA-9r2w-394v-53qc) Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. 4.4.16 || 5.0.8 || 6.1.7Workaround:<BR>Users may work around this vulnerability without upgrading by creating a custom filter method which prevents the extraction of symbolic links.<BR><BR>“`js<BR>const tar = require(‘tar’)<BR><BR>tar.x({<BR>  file: ‘archive.tgz’,<BR>  filter: (file, entry) =&gt; {<BR>    if (entry.type === ‘SymbolicLink’) {<BR>      return false<BR>    } else {<BR>      return true<BR>    }<BR>  }<BR>})<BR>“`<BR><BR>Users are encouraged to upgrade to the latest patched versions, rather than attempt to sanitize tar input themselves.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-9r2w-394v-53qc” TARGET=”_blank”>GHSA-9r2w-394v-53qc:tar</A>
SCA Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>`node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.<BR><BR>This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\` and `/` characters as path separators, however `\` is a valid filename character on posix systems.<BR><BR>By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.<BR><BR>Additionally, a similar confusion could arise on case-insensitive filesystems.  If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit.  A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. <BR><BR>These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7.<BR><BR>The v3 branch of `node-tar` has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of `node-tar`. If this is not possible, a workaround is available below. High
980152 Nodejs (npm) Security Update for tar (GHSA-qq89-hq3f-393p) Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. 6.1.9 || 5.0.10 || 4.4.18Workaround:<BR>Users may work around this vulnerability without upgrading by creating a custom filter method which prevents the extraction of symbolic links.<BR><BR>“`js<BR>const tar = require(‘tar’)<BR><BR>tar.x({<BR>  file: ‘archive.tgz’,<BR>  filter: (file, entry) =&gt; {<BR>    if (entry.type === ‘SymbolicLink’) {<BR>      return false<BR>    } else {<BR>      return true<BR>    }<BR>  }<BR>})<BR>“`<BR><BR>Users are encouraged to upgrade to the latest patched versions, rather than attempt to sanitize tar input themselves.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qq89-hq3f-393p” TARGET=”_blank”>GHSA-qq89-hq3f-393p:tar</A>
SCA Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.<BR><BR>This logic was insufficient when extracting tar files that contained two directories and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 &quot;short path&quot; counterparts. A specially crafted tar archive could thus include directories with two forms of the path that resolve to the same file system entity, followed by a symbolic link with a name in the first form, lastly followed by a file using the second form. It led to bypassing node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.<BR><BR>The v3 branch of `node-tar` has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of `node-tar`. If this is not possible, a workaround is available below. High
980214 Nodejs (npm) Security Update for yarn (GHSA-wqfc-cr59-h64p) Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-wqfc-cr59-h64p” TARGET=”_blank”>GHSA-wqfc-cr59-h64p</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-wqfc-cr59-h64p” TARGET=”_blank”>GHSA-wqfc-cr59-h64p:yarn</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980228 Nodejs (npm) Security Update for validator (GHSA-qgmg-gppg-76g5) validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qgmg-gppg-76g5″ TARGET=”_blank”>GHSA-qgmg-gppg-76g5</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qgmg-gppg-76g5″ TARGET=”_blank”>GHSA-qgmg-gppg-76g5:validator</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
980257 Java (maven) Security Update for io.netty:netty-codec (GHSA-9vjp-v76f-g363) Security update has been released for io.netty:netty-codec to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-9vjp-v76f-g363″ TARGET=”_blank”>GHSA-9vjp-v76f-g363</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-9vjp-v76f-g363″ TARGET=”_blank”>GHSA-9vjp-v76f-g363:io.netty:netty-codec</A>
SCA All users of SnappyFrameDecoder are affected and so the application may be in risk for a DoS attach due excessive memory usage. Medium
980258 Java (maven) Security Update for io.netty:netty-codec (GHSA-grg4-wf29-r9vv) Security update has been released for io.netty:netty-codec to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-grg4-wf29-r9vv” TARGET=”_blank”>GHSA-grg4-wf29-r9vv</A> for updates pertaining to this vulnerability.Workaround:<BR>No workarounds other than not using the `Bzip2Decoder`
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-grg4-wf29-r9vv” TARGET=”_blank”>GHSA-grg4-wf29-r9vv:io.netty:netty-codec</A>
SCA The Bzip2 decompression decoder function doesn’t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).<BR><BR><BR>All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack Medium
980276 Java (maven) Security Update for com.google.guava:guava (GHSA-5mg8-w23w-74h3) A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5mg8-w23w-74h3″ TARGET=”_blank”>GHSA-5mg8-w23w-74h3</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5mg8-w23w-74h3″ TARGET=”_blank”>GHSA-5mg8-w23w-74h3:com.google.guava:guava</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
980298 Nodejs (npm) Security Update for npm (GHSA-m6cx-g6qm-p2cx) Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on a user’s system when the package is installed. It is only possible to affect files that the user running `npm install` has access to and it is not possible to over write files that already exist on disk.<BR><BR>This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 6.13.3 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-m6cx-g6qm-p2cx” TARGET=”_blank”>GHSA-m6cx-g6qm-p2cx</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-m6cx-g6qm-p2cx” TARGET=”_blank”>GHSA-m6cx-g6qm-p2cx:npm</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980302 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-95cm-88f5-f2c7) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-95cm-88f5-f2c7″ TARGET=”_blank”>GHSA-95cm-88f5-f2c7</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-95cm-88f5-f2c7″ TARGET=”_blank”>GHSA-95cm-88f5-f2c7:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980304 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-5p34-5m6p-p58g) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5p34-5m6p-p58g” TARGET=”_blank”>GHSA-5p34-5m6p-p58g</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5p34-5m6p-p58g” TARGET=”_blank”>GHSA-5p34-5m6p-p58g:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980305 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-q93h-jc49-78gg) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-q93h-jc49-78gg” TARGET=”_blank”>GHSA-q93h-jc49-78gg</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-q93h-jc49-78gg” TARGET=”_blank”>GHSA-q93h-jc49-78gg:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980307 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-fqwf-pjwf-7vqv) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fqwf-pjwf-7vqv” TARGET=”_blank”>GHSA-fqwf-pjwf-7vqv</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-fqwf-pjwf-7vqv” TARGET=”_blank”>GHSA-fqwf-pjwf-7vqv:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
980308 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-p43x-xfjf-5jhr) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-p43x-xfjf-5jhr” TARGET=”_blank”>GHSA-p43x-xfjf-5jhr</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-p43x-xfjf-5jhr” TARGET=”_blank”>GHSA-p43x-xfjf-5jhr:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980309 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-58pp-9c76-5625) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-58pp-9c76-5625″ TARGET=”_blank”>GHSA-58pp-9c76-5625</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-58pp-9c76-5625″ TARGET=”_blank”>GHSA-58pp-9c76-5625:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980310 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-v3xw-c963-f5hc) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-v3xw-c963-f5hc” TARGET=”_blank”>GHSA-v3xw-c963-f5hc</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-v3xw-c963-f5hc” TARGET=”_blank”>GHSA-v3xw-c963-f5hc:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980311 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-9vvp-fxw6-jcxr) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-9vvp-fxw6-jcxr” TARGET=”_blank”>GHSA-9vvp-fxw6-jcxr</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-9vvp-fxw6-jcxr” TARGET=”_blank”>GHSA-9vvp-fxw6-jcxr:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980312 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-758m-v56v-grj4) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-758m-v56v-grj4″ TARGET=”_blank”>GHSA-758m-v56v-grj4</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-758m-v56v-grj4″ TARGET=”_blank”>GHSA-758m-v56v-grj4:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980313 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rf6r-2c4q-2vwg) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rf6r-2c4q-2vwg” TARGET=”_blank”>GHSA-rf6r-2c4q-2vwg</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-rf6r-2c4q-2vwg” TARGET=”_blank”>GHSA-rf6r-2c4q-2vwg:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980316 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-c2q3-4qrh-fm48) FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c2q3-4qrh-fm48″ TARGET=”_blank”>GHSA-c2q3-4qrh-fm48</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c2q3-4qrh-fm48″ TARGET=”_blank”>GHSA-c2q3-4qrh-fm48:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980317 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-j823-4qch-3rgm) FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-j823-4qch-3rgm” TARGET=”_blank”>GHSA-j823-4qch-3rgm</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-j823-4qch-3rgm” TARGET=”_blank”>GHSA-j823-4qch-3rgm:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980318 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-c265-37vj-cwcc) FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c265-37vj-cwcc” TARGET=”_blank”>GHSA-c265-37vj-cwcc</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c265-37vj-cwcc” TARGET=”_blank”>GHSA-c265-37vj-cwcc:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980320 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-mc6h-4qgp-37qh) FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mc6h-4qgp-37qh” TARGET=”_blank”>GHSA-mc6h-4qgp-37qh</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-mc6h-4qgp-37qh” TARGET=”_blank”>GHSA-mc6h-4qgp-37qh:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980328 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-288c-cq4h-88gq) A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-288c-cq4h-88gq” TARGET=”_blank”>GHSA-288c-cq4h-88gq</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-288c-cq4h-88gq” TARGET=”_blank”>GHSA-288c-cq4h-88gq:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980333 Java (maven) Security Update for io.netty:netty-codec-http (GHSA-5mcr-gq6c-3hq2) Security update has been released for io.netty:netty-codec-http to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. This has been patched in version `4.1.59.Final`.Workaround:<BR>Specify your own `java.io.tmpdir` when you start the JVM or use `DefaultHttpDataFactory.setBaseDir(…)` to set the directory to something that is only readable by the current user.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5mcr-gq6c-3hq2″ TARGET=”_blank”>GHSA-5mcr-gq6c-3hq2:io.netty:netty-codec-http</A>
SCA When netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled.<BR><BR>The CVSSv3.1 score of this vulnerability is calculated to be a [6.2/10](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&amp;version=3.1) Medium
980351 Java (maven) Security Update for commons-io:commons-io (GHSA-gwrp-pvrq-jmwv) In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like &quot;//../foo&quot;, or &quot;\..\foo&quot;, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus &quot;limited&quot; path traversal), if the calling code would use the result to construct a path value. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gwrp-pvrq-jmwv” TARGET=”_blank”>GHSA-gwrp-pvrq-jmwv</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-gwrp-pvrq-jmwv” TARGET=”_blank”>GHSA-gwrp-pvrq-jmwv:commons-io:commons-io</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
980360 Java (maven) Security Update for org.eclipse.jetty:jetty-server (GHSA-m6cp-vxjx-65j6) Security update has been released for org.eclipse.jetty:jetty-server to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-m6cp-vxjx-65j6″ TARGET=”_blank”>GHSA-m6cp-vxjx-65j6</A> for updates pertaining to this vulnerability.Workaround:<BR>The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-m6cp-vxjx-65j6″ TARGET=”_blank”>GHSA-m6cp-vxjx-65j6:org.eclipse.jetty:jetty-server</A>
SCA If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager.   On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated.  This can result in an application used on a shared computer being left logged in.<BR><BR>There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception.    The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out.  If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. Medium
980365 Nodejs (npm) Security Update for tar (GHSA-r628-mhmh-qjhw) Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. 3.2.3 || 4.4.15 || 5.0.7 || 6.1.2Workaround:<BR>Users may work around this vulnerability without upgrading by creating a custom `filter` method which prevents the extraction of symbolic links.<BR><BR>“`js<BR>const tar = require(‘tar’)<BR><BR>tar.x({<BR>  file: ‘archive.tgz’,<BR>  filter: (file, entry) =&gt; {<BR>    if (entry.type === ‘SymbolicLink’) {<BR>      return false<BR>    } else {<BR>      return true<BR>    }<BR>  }<BR>})<BR>“`<BR><BR>Users are encouraged to upgrade to the latest patch versions, rather than attempt to sanitize tar input themselves.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-r628-mhmh-qjhw” TARGET=”_blank”>GHSA-r628-mhmh-qjhw:tar</A>
SCA Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>`node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks.  Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created.<BR><BR>This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the `node-tar` directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where `node-tar` checks for symlinks occur.<BR><BR>By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass `node-tar` symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.<BR><BR>This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2. High
980366 Nodejs (npm) Security Update for tar (GHSA-3jfq-g458-7qm9) Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. 3.2.2 || 4.4.14 || 5.0.6 || 6.1.1<BR><BR>NOTE: an adjacent issue [CVE-2021-32803](https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw) affects this release level. Please ensure you update to the latest patch levels that address CVE-2021-32803 as well if this adjacent issue affects your `node-tar` use case.Workaround:<BR>Users may work around this vulnerability without upgrading by creating a custom `onentry` method which sanitizes the `entry.path` or a `filter` method which removes entries with absolute paths.<BR><BR>“`js<BR>const path = require(‘path’)<BR>const tar = require(‘tar’)<BR><BR>tar.x({<BR>  file: ‘archive.tgz’,<BR>  // either add this function…<BR>  onentry: (entry) =&gt; {<BR>    if (path.isAbsolute(entry.path)) {<BR>      entry.path = sanitizeAbsolutePathSomehow(entry.path)<BR>      entry.absolute = path.resolve(entry.path)<BR>    }<BR>  },<BR><BR>  // or this one<BR>  filter: (file, entry) =&gt; {<BR>    if (path.isAbsolute(entry.path)) {<BR>      return false<BR>    } else {<BR>      return true<BR>    }<BR>  }<BR>})<BR>“`<BR><BR>Users are encouraged to upgrade to the latest patch versions, rather than attempt to sanitize tar input themselves.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-3jfq-g458-7qm9″ TARGET=”_blank”>GHSA-3jfq-g458-7qm9:tar</A>
SCA Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>`node-tar` aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example `/home/user/.bashrc` would turn into `home/user/.bashrc`. <BR><BR>This logic was insufficient when file paths contained repeated path roots such as `////home/user/.bashrc`. `node-tar` would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. `///home/user/.bashrc`) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite. High
980369 Nodejs (npm) Security Update for tar (GHSA-5955-9wpr-37jh) Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. 4.4.18 || 5.0.10 || 6.1.9Workaround:<BR>There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does.<BR><BR>Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5955-9wpr-37jh” TARGET=”_blank”>GHSA-5955-9wpr-37jh:tar</A>
SCA Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory.<BR><BR>This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`.  If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory.<BR><BR>Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path.<BR><BR>This only affects users of `node-tar` on Windows systems. High
980391 Go (go) Security Update for github.com/containerd/containerd (GHSA-c72p-9xmj-rx3w) Security update has been released for github.com/containerd/containerd to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c72p-9xmj-rx3w” TARGET=”_blank”>GHSA-c72p-9xmj-rx3w</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c72p-9xmj-rx3w” TARGET=”_blank”>GHSA-c72p-9xmj-rx3w:github.com/containerd/containerd</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
980460 Java (maven) Security Update for org.yaml:snakeyaml (GHSA-rvwf-54qp-4r6v) The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rvwf-54qp-4r6v” TARGET=”_blank”>GHSA-rvwf-54qp-4r6v</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-rvwf-54qp-4r6v” TARGET=”_blank”>GHSA-rvwf-54qp-4r6v:org.yaml:snakeyaml</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980499 Nodejs (npm) Security Update for ansi-regex (GHSA-93q8-gq69-wqmw) ansi-regex is vulnerable to Inefficient Regular Expression Complexity Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-93q8-gq69-wqmw” TARGET=”_blank”>GHSA-93q8-gq69-wqmw</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-93q8-gq69-wqmw” TARGET=”_blank”>GHSA-93q8-gq69-wqmw:ansi-regex</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
980518 Go (go) Security Update for github.com/in-toto/in-toto-golang (GHSA-vrxp-mg9f-hwf3) Security update has been released for github.com/in-toto/in-toto-golang to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. The problem has been fixed in version 0.3.0.Workaround:<BR>Exploiting this vulnerability is dependent on the specific policy applied.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-vrxp-mg9f-hwf3″ TARGET=”_blank”>GHSA-vrxp-mg9f-hwf3:github.com/in-toto/in-toto-golang</A>
SCA Authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact by including path traversal semantics (e.g., foo vs dir/../foo). Medium
980649 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-qxxx-2pp7-5hmx) A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qxxx-2pp7-5hmx” TARGET=”_blank”>GHSA-qxxx-2pp7-5hmx</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qxxx-2pp7-5hmx” TARGET=”_blank”>GHSA-qxxx-2pp7-5hmx:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980763 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-w3f4-3q6j-rh82) FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-w3f4-3q6j-rh82″ TARGET=”_blank”>GHSA-w3f4-3q6j-rh82</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-w3f4-3q6j-rh82″ TARGET=”_blank”>GHSA-w3f4-3q6j-rh82:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
980885 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rfx6-vp9g-rh7v) FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rfx6-vp9g-rh7v” TARGET=”_blank”>GHSA-rfx6-vp9g-rh7v</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-rfx6-vp9g-rh7v” TARGET=”_blank”>GHSA-rfx6-vp9g-rh7v:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981037 Nodejs (npm) Security Update for deep-extend (GHSA-hr2v-3952-633q) Versions of `deep-extend` before 0.5.1 are vulnerable to prototype pollution.<BR><BR><BR>## Recommendation<BR><BR>Update to version 0.5.1 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-hr2v-3952-633q” TARGET=”_blank”>GHSA-hr2v-3952-633q</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-hr2v-3952-633q” TARGET=”_blank”>GHSA-hr2v-3952-633q:deep-extend</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981090 Nodejs (npm) Security Update for tough-cookie (GHSA-g7q5-pjjr-gqvp) Affected versions of `tough-cookie` are susceptible to a regular expression denial of service.<BR><BR>The amplification on this vulnerability is relatively low – it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length.<BR><BR>If node was compiled using the `-DHTTP_MAX_HEADER_SIZE` however, the impact of the vulnerability can be significant, as the primary limitation for the vulnerability is the default max HTTP header length in node.<BR><BR><BR>## Recommendation<BR><BR>Update to version 2.3.3 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-g7q5-pjjr-gqvp” TARGET=”_blank”>GHSA-g7q5-pjjr-gqvp</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-g7q5-pjjr-gqvp” TARGET=”_blank”>GHSA-g7q5-pjjr-gqvp:tough-cookie</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981196 Nodejs (npm) Security Update for https-proxy-agent (GHSA-8g7p-74h8-hg48) Versions of `https-proxy-agent` before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to `Buffer()`.<BR><BR><BR>## Recommendation<BR><BR>Update to version 2.2.0 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-8g7p-74h8-hg48″ TARGET=”_blank”>GHSA-8g7p-74h8-hg48</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-8g7p-74h8-hg48″ TARGET=”_blank”>GHSA-8g7p-74h8-hg48:https-proxy-agent</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981400 Nodejs (npm) Security Update for ssri (GHSA-325j-24f4-qv5x) Version of `ssri` prior to 5.2.2 are vulnerable to regular expression denial of service (ReDoS) when using strict mode.<BR><BR><BR>## Recommendation<BR><BR>Update to version 5.2.2 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-325j-24f4-qv5x” TARGET=”_blank”>GHSA-325j-24f4-qv5x</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-325j-24f4-qv5x” TARGET=”_blank”>GHSA-325j-24f4-qv5x:ssri</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
981448 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-f3j5-rmmp-3fc5) A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-f3j5-rmmp-3fc5″ TARGET=”_blank”>GHSA-f3j5-rmmp-3fc5</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-f3j5-rmmp-3fc5″ TARGET=”_blank”>GHSA-f3j5-rmmp-3fc5:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981496 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-27xj-rqx5-2255) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-27xj-rqx5-2255″ TARGET=”_blank”>GHSA-27xj-rqx5-2255</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-27xj-rqx5-2255″ TARGET=”_blank”>GHSA-27xj-rqx5-2255:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981500 Java (maven) Security Update for io.netty:netty-handler (GHSA-p2v9-g2qv-p635) HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-p2v9-g2qv-p635″ TARGET=”_blank”>GHSA-p2v9-g2qv-p635</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-p2v9-g2qv-p635″ TARGET=”_blank”>GHSA-p2v9-g2qv-p635:io.netty:netty-handler</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981501 Nodejs (npm) Security Update for underscore (GHSA-cf4h-3jhx-xvhq) The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cf4h-3jhx-xvhq” TARGET=”_blank”>GHSA-cf4h-3jhx-xvhq</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cf4h-3jhx-xvhq” TARGET=”_blank”>GHSA-cf4h-3jhx-xvhq:underscore</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981502 Java (maven) Security Update for io.netty:netty-handler (GHSA-cqqj-4p63-rrmm) HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an &quot;invalid fold.&quot; Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cqqj-4p63-rrmm” TARGET=”_blank”>GHSA-cqqj-4p63-rrmm</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cqqj-4p63-rrmm” TARGET=”_blank”>GHSA-cqqj-4p63-rrmm:io.netty:netty-handler</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981559 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-h4rc-386g-6m85) FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-h4rc-386g-6m85″ TARGET=”_blank”>GHSA-h4rc-386g-6m85</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-h4rc-386g-6m85″ TARGET=”_blank”>GHSA-h4rc-386g-6m85:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981561 Nodejs (npm) Security Update for https-proxy-agent (GHSA-pc5p-h8pf-mvwp) Versions of `https-proxy-agent` prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept unencrypted communications, which may include sensitive information such as credentials.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 3.0.0 or 2.2.3. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-pc5p-h8pf-mvwp” TARGET=”_blank”>GHSA-pc5p-h8pf-mvwp</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-pc5p-h8pf-mvwp” TARGET=”_blank”>GHSA-pc5p-h8pf-mvwp:https-proxy-agent</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
981582 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-4w82-r329-3q67) FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-4w82-r329-3q67″ TARGET=”_blank”>GHSA-4w82-r329-3q67</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-4w82-r329-3q67″ TARGET=”_blank”>GHSA-4w82-r329-3q67:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981590 Nodejs (npm) Security Update for yarn (GHSA-5xf4-f2fq-f69j) In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted &quot;bin&quot; keys. Existing files could be overwritten depending on the current user permission set. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5xf4-f2fq-f69j” TARGET=”_blank”>GHSA-5xf4-f2fq-f69j</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5xf4-f2fq-f69j” TARGET=”_blank”>GHSA-5xf4-f2fq-f69j:yarn</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981649 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-h822-r4r5-v8jg) A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-h822-r4r5-v8jg” TARGET=”_blank”>GHSA-h822-r4r5-v8jg</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-h822-r4r5-v8jg” TARGET=”_blank”>GHSA-h822-r4r5-v8jg:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981650 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-85cw-hj65-qqv9) A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-85cw-hj65-qqv9″ TARGET=”_blank”>GHSA-85cw-hj65-qqv9</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-85cw-hj65-qqv9″ TARGET=”_blank”>GHSA-85cw-hj65-qqv9:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981693 Nodejs (npm) Security Update for mem (GHSA-4xcv-9jjx-gfj3) Versions of `mem` prior to 4.0.0 are vulnerable to Denial of Service (DoS).  The package fails to remove old values from the cache even after a value passes its `maxAge` property. This may allow attackers to exhaust the system’s memory if they are able to abuse the application logging.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 4.0.0 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-4xcv-9jjx-gfj3″ TARGET=”_blank”>GHSA-4xcv-9jjx-gfj3</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-4xcv-9jjx-gfj3″ TARGET=”_blank”>GHSA-4xcv-9jjx-gfj3:mem</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
981745 DotNet (Nuget) Security Update for System.Text.RegularExpressions (GHSA-cmhx-cq75-c4mj) A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka ‘.NET Framework and .NET Core Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cmhx-cq75-c4mj” TARGET=”_blank”>GHSA-cmhx-cq75-c4mj</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cmhx-cq75-c4mj” TARGET=”_blank”>GHSA-cmhx-cq75-c4mj:System.Text.RegularExpressions</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
981772 Nodejs (npm) Security Update for fstream (GHSA-xf7w-r453-m56c) Versions of `fstream` prior to 1.0.12 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system and a file that matches the hardlink will overwrite the system’s file with the contents of the extracted file. The `fstream.DirWriter()` function is vulnerable.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 1.0.12 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-xf7w-r453-m56c” TARGET=”_blank”>GHSA-xf7w-r453-m56c</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-xf7w-r453-m56c” TARGET=”_blank”>GHSA-xf7w-r453-m56c:fstream</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981780 Java (maven) Security Update for org.hibernate.validator:hibernate-validator (GHSA-m8p2-495h-ccmh) A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-m8p2-495h-ccmh” TARGET=”_blank”>GHSA-m8p2-495h-ccmh</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-m8p2-495h-ccmh” TARGET=”_blank”>GHSA-m8p2-495h-ccmh:org.hibernate.validator:hibernate-validator</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
981797 Nodejs (npm) Security Update for tar (GHSA-j44m-qm6p-hp7m) Versions of `tar` prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system’s file with the contents of the extracted file.<BR><BR><BR>## Recommendation<BR><BR>For tar 4.x, upgrade to version 4.4.2 or later.<BR>For tar 2.x, upgrade to version 2.2.2 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-j44m-qm6p-hp7m” TARGET=”_blank”>GHSA-j44m-qm6p-hp7m</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-j44m-qm6p-hp7m” TARGET=”_blank”>GHSA-j44m-qm6p-hp7m:tar</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981798 Nodejs (npm) Security Update for tar-fs (GHSA-x2mc-8fgj-3wmr) A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-x2mc-8fgj-3wmr” TARGET=”_blank”>GHSA-x2mc-8fgj-3wmr</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-x2mc-8fgj-3wmr” TARGET=”_blank”>GHSA-x2mc-8fgj-3wmr:tar-fs</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981906 Nodejs (npm) Security Update for yargs-parser (GHSA-p9pc-299p-vxgp) Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.  <BR>Parsing the argument `–foo.__proto__.bar baz’` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.<BR><BR><BR><BR>## Recommendation<BR><BR>Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-p9pc-299p-vxgp” TARGET=”_blank”>GHSA-p9pc-299p-vxgp</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-p9pc-299p-vxgp” TARGET=”_blank”>GHSA-p9pc-299p-vxgp:yargs-parser</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
981935 Nodejs (npm) Security Update for minimist (GHSA-vh95-rmgr-6w4m) Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.  <BR>Parsing the argument `–__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `–__proto__=Polluted` raises and uncaught error and crashes the application.  <BR>This is exploitable if attackers have control over the arguments being passed to `minimist`.<BR><BR><BR><BR>## Recommendation<BR><BR>Upgrade to versions 0.2.1, 1.2.3 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-vh95-rmgr-6w4m” TARGET=”_blank”>GHSA-vh95-rmgr-6w4m</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-vh95-rmgr-6w4m” TARGET=”_blank”>GHSA-vh95-rmgr-6w4m:minimist</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
981949 Java (maven) Security Update for net.minidev:json-smart-mini (GHSA-v528-7hrm-frqp) An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-v528-7hrm-frqp” TARGET=”_blank”>GHSA-v528-7hrm-frqp</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-v528-7hrm-frqp” TARGET=”_blank”>GHSA-v528-7hrm-frqp:net.minidev:json-smart-mini</A><P> <A HREF=”https://github.com/advisories/GHSA-v528-7hrm-frqp” TARGET=”_blank”>GHSA-v528-7hrm-frqp:net.minidev:json-smart</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981950 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-gww7-p5w4-wrfv) FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gww7-p5w4-wrfv” TARGET=”_blank”>GHSA-gww7-p5w4-wrfv</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-gww7-p5w4-wrfv” TARGET=”_blank”>GHSA-gww7-p5w4-wrfv:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981964 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-gjmw-vf9h-g25v) A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gjmw-vf9h-g25v” TARGET=”_blank”>GHSA-gjmw-vf9h-g25v</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-gjmw-vf9h-g25v” TARGET=”_blank”>GHSA-gjmw-vf9h-g25v:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
981966 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-fmmc-742q-jg75) A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fmmc-742q-jg75″ TARGET=”_blank”>GHSA-fmmc-742q-jg75</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-fmmc-742q-jg75″ TARGET=”_blank”>GHSA-fmmc-742q-jg75:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982011 Go (go) Security Update for github.com/opencontainers/runc (GHSA-c3xm-pvg7-gh7r) Security update has been released for github.com/opencontainers/runc to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. This has been patched in runc 1.0.0-rc95, and users should upgrade as soon as<BR>possible. The patch itself can be found [here](https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f).Workaround:<BR>There are no known workarounds for this issue.<BR><BR>However, users who enforce running containers with more confined security<BR>profiles (such as reduced capabilities, not running code as root in the<BR>container, user namespaces, AppArmor/SELinux, and seccomp) will restrict what<BR>an attacker can do in the case of a container breakout — we recommend users<BR>make use of strict security profiles if possible (most notably user namespaces<BR>– which can massively restrict the impact a container breakout can have on the<BR>host system).
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c3xm-pvg7-gh7r” TARGET=”_blank”>GHSA-c3xm-pvg7-gh7r:github.com/opencontainers/runc</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982056 Go (go) Security Update for go.mongodb.org/mongo-driver (GHSA-f6mq-5m25-4r72) Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-f6mq-5m25-4r72″ TARGET=”_blank”>GHSA-f6mq-5m25-4r72</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-f6mq-5m25-4r72″ TARGET=”_blank”>GHSA-f6mq-5m25-4r72:go.mongodb.org/mongo-driver</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
982091 Java (maven) Security Update for org.glassfish.jersey.core:jersey-common (GHSA-c43q-5hpj-4crv) Security update has been released for org.glassfish.jersey.core:jersey-common to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c43q-5hpj-4crv” TARGET=”_blank”>GHSA-c43q-5hpj-4crv</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c43q-5hpj-4crv” TARGET=”_blank”>GHSA-c43q-5hpj-4crv:org.glassfish.jersey.core:jersey-common</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
982245 Nodejs (npm) Security Update for y18n (GHSA-c4w7-xm78-47vh) Security update has been released for y18n to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c4w7-xm78-47vh” TARGET=”_blank”>GHSA-c4w7-xm78-47vh</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c4w7-xm78-47vh” TARGET=”_blank”>GHSA-c4w7-xm78-47vh:y18n</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982253 Java (maven) Security Update for io.netty:netty-handler (GHSA-mm9x-g8pc-w292) The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mm9x-g8pc-w292″ TARGET=”_blank”>GHSA-mm9x-g8pc-w292</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-mm9x-g8pc-w292″ TARGET=”_blank”>GHSA-mm9x-g8pc-w292:io.netty:netty-handler</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982255 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-mx7p-6679-8g3q) A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mx7p-6679-8g3q” TARGET=”_blank”>GHSA-mx7p-6679-8g3q</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-mx7p-6679-8g3q” TARGET=”_blank”>GHSA-mx7p-6679-8g3q:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982256 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-6fpp-rgj9-8rwc) SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-6fpp-rgj9-8rwc” TARGET=”_blank”>GHSA-6fpp-rgj9-8rwc</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-6fpp-rgj9-8rwc” TARGET=”_blank”>GHSA-6fpp-rgj9-8rwc:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982257 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-5ww9-j83m-q7qx) A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5ww9-j83m-q7qx” TARGET=”_blank”>GHSA-5ww9-j83m-q7qx</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5ww9-j83m-q7qx” TARGET=”_blank”>GHSA-5ww9-j83m-q7qx:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982277 Nodejs (npm) Security Update for redis (GHSA-35q2-47q7-3pc3) Security update has been released for redis to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. The problem was fixed in commit [`2d11b6d`](https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e) and was released in version `3.1.1`.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-35q2-47q7-3pc3″ TARGET=”_blank”>GHSA-35q2-47q7-3pc3:redis</A>
SCA When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. High
982280 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cjjf-94ff-43w7) An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cjjf-94ff-43w7″ TARGET=”_blank”>GHSA-cjjf-94ff-43w7</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cjjf-94ff-43w7″ TARGET=”_blank”>GHSA-cjjf-94ff-43w7:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982281 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-645p-88qh-w398) FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-645p-88qh-w398″ TARGET=”_blank”>GHSA-645p-88qh-w398</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-645p-88qh-w398″ TARGET=”_blank”>GHSA-645p-88qh-w398:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982282 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-4gq5-ch57-c2mg) FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-4gq5-ch57-c2mg” TARGET=”_blank”>GHSA-4gq5-ch57-c2mg</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-4gq5-ch57-c2mg” TARGET=”_blank”>GHSA-4gq5-ch57-c2mg:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982302 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cggj-fvv3-cqwv) FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cggj-fvv3-cqwv” TARGET=”_blank”>GHSA-cggj-fvv3-cqwv</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cggj-fvv3-cqwv” TARGET=”_blank”>GHSA-cggj-fvv3-cqwv:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982333 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-h592-38cm-4ggp) A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-h592-38cm-4ggp” TARGET=”_blank”>GHSA-h592-38cm-4ggp</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-h592-38cm-4ggp” TARGET=”_blank”>GHSA-h592-38cm-4ggp:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982337 Nodejs (npm) Security Update for hosted-git-info (GHSA-43f8-2h32-f4cj) The npm package `hosted-git-info` before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-43f8-2h32-f4cj” TARGET=”_blank”>GHSA-43f8-2h32-f4cj</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-43f8-2h32-f4cj” TARGET=”_blank”>GHSA-43f8-2h32-f4cj:hosted-git-info</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
982360 Java (maven) Security Update for org.hibernate.validator:hibernate-validator (GHSA-rmrm-75hp-phr2) A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rmrm-75hp-phr2″ TARGET=”_blank”>GHSA-rmrm-75hp-phr2</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-rmrm-75hp-phr2″ TARGET=”_blank”>GHSA-rmrm-75hp-phr2:org.hibernate.validator:hibernate-validator</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
982383 Go (go) Security Update for github.com/containerd/containerd/cmd (GHSA-36xw-fx78-c5r4) Security update has been released for github.com/containerd/containerd/cmd,github.com/containerd/containerd to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-36xw-fx78-c5r4″ TARGET=”_blank”>GHSA-36xw-fx78-c5r4</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-36xw-fx78-c5r4″ TARGET=”_blank”>GHSA-36xw-fx78-c5r4:github.com/containerd/containerd/cmd</A><P> <A HREF=”https://github.com/advisories/GHSA-36xw-fx78-c5r4″ TARGET=”_blank”>GHSA-36xw-fx78-c5r4:github.com/containerd/containerd</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
982402 Go (go) Security Update for github.com/ulikunitz/xz (GHSA-25xm-hr59-7c27) Security update has been released for github.com/ulikunitz/xz to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. The problem has been fixed in release v0.5.8.Workaround:<BR>Limit the size of the compressed file input to a reasonable size for your use case.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-25xm-hr59-7c27″ TARGET=”_blank”>GHSA-25xm-hr59-7c27:github.com/ulikunitz/xz</A>
SCA The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. High
982423 Go (go) Security Update for github.com/Masterminds/goutils (GHSA-xg2h-wx96-xgxr) Security update has been released for github.com/Masterminds/goutils to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. This issue has been corrected in v1.0.2.Workaround:<BR>If you cannot upgrade to v1.0.2, you can work around the issue by calling `RandomAlphaNumericCustom(N, true, true)`|`CryptoRandomAlphaNumericCustom(N, true, true)`  instead. (Where `N` is the desired length, and `true` is the literal boolean `true`.)
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-xg2h-wx96-xgxr” TARGET=”_blank”>GHSA-xg2h-wx96-xgxr:github.com/Masterminds/goutils</A>
SCA A security-sensitive bug was discovered by Open Source Developer *Erik Sundell of Sundell Open Source Consulting AB*.<BR><BR>The functions `RandomAlphaNumeric(int)` and `CryptoRandomAlphaNumeric(int)` are not as random as they should be. Small values of `int` in the functions above will return a smaller subset of results than they should. For example, `RandomAlphaNumeric(1)` will always return a digit in the 0-9 range, while `RandomAlphaNumeric(4)` will return around ~7 million of the ~13M possible permutations.<BR><BR>This is considered a security release because programs that rely upon random generators for passwords are at an increased risk of brute force-style password guessing. There is also a higher probability of collision.<BR><BR>The problem was the result of a mistaken regular expression that only accepted random strings if they contained a digit from `[0-9]`. That restriction has been removed. Medium
982579 Go (go) Security Update for golang.org/x/crypto (GHSA-ffhg-7mh4-33c4) golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-ffhg-7mh4-33c4″ TARGET=”_blank”>GHSA-ffhg-7mh4-33c4</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-ffhg-7mh4-33c4″ TARGET=”_blank”>GHSA-ffhg-7mh4-33c4:golang.org/x/crypto</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
982611 Nodejs (npm) Security Update for npm-user-validate (GHSA-pw54-mh39-w3hc) This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-pw54-mh39-w3hc” TARGET=”_blank”>GHSA-pw54-mh39-w3hc</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-pw54-mh39-w3hc” TARGET=”_blank”>GHSA-pw54-mh39-w3hc:npm-user-validate</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982626 Nodejs (npm) Security Update for dot-prop (GHSA-ff7x-qrg7-qggm) Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-ff7x-qrg7-qggm” TARGET=”_blank”>GHSA-ff7x-qrg7-qggm</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-ff7x-qrg7-qggm” TARGET=”_blank”>GHSA-ff7x-qrg7-qggm:dot-prop</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982627 Nodejs (npm) Security Update for bl (GHSA-pp7h-53gx-mx7r) A buffer over-read vulnerability exists in bl &lt;4.0.3, &lt;3.0.1, &lt;2.2.1, and &lt;1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-pp7h-53gx-mx7r” TARGET=”_blank”>GHSA-pp7h-53gx-mx7r</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-pp7h-53gx-mx7r” TARGET=”_blank”>GHSA-pp7h-53gx-mx7r:bl</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982702 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cf6r-3wgc-h863) A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cf6r-3wgc-h863″ TARGET=”_blank”>GHSA-cf6r-3wgc-h863</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cf6r-3wgc-h863″ TARGET=”_blank”>GHSA-cf6r-3wgc-h863:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982704 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-qr7j-h6gg-jmgc) An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qr7j-h6gg-jmgc” TARGET=”_blank”>GHSA-qr7j-h6gg-jmgc</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qr7j-h6gg-jmgc” TARGET=”_blank”>GHSA-qr7j-h6gg-jmgc:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982705 Nodejs (npm) Security Update for npm (GHSA-x8qc-rrcw-4r46) Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of node_modules. It is possible for packages to create symlinks to files outside of the`node_modules` folder through the `bin` field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a users system when the package is installed. Only files accessible by the user running the `npm install` are affected.  <BR><BR>This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 6.13.3 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-x8qc-rrcw-4r46″ TARGET=”_blank”>GHSA-x8qc-rrcw-4r46</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-x8qc-rrcw-4r46″ TARGET=”_blank”>GHSA-x8qc-rrcw-4r46:npm</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982711 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-5949-rw7g-wx7w) A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5949-rw7g-wx7w” TARGET=”_blank”>GHSA-5949-rw7g-wx7w</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5949-rw7g-wx7w” TARGET=”_blank”>GHSA-5949-rw7g-wx7w:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982715 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-mph4-vhrx-mv67) FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mph4-vhrx-mv67″ TARGET=”_blank”>GHSA-mph4-vhrx-mv67</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-mph4-vhrx-mv67″ TARGET=”_blank”>GHSA-mph4-vhrx-mv67:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
982716 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cmfg-87vq-g5g4) A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cmfg-87vq-g5g4″ TARGET=”_blank”>GHSA-cmfg-87vq-g5g4</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cmfg-87vq-g5g4″ TARGET=”_blank”>GHSA-cmfg-87vq-g5g4:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
982798 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-gwp4-hfv6-p7hw) A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gwp4-hfv6-p7hw” TARGET=”_blank”>GHSA-gwp4-hfv6-p7hw</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-gwp4-hfv6-p7hw” TARGET=”_blank”>GHSA-gwp4-hfv6-p7hw:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982904 Nodejs (npm) Security Update for stringstream (GHSA-mf6x-7mm4-x2g7) All versions of `stringstream` are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.<BR><BR><BR>## Recommendation<BR><BR>No fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is being passed in to `stringstream`. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mf6x-7mm4-x2g7″ TARGET=”_blank”>GHSA-mf6x-7mm4-x2g7</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-mf6x-7mm4-x2g7″ TARGET=”_blank”>GHSA-mf6x-7mm4-x2g7:stringstream</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
982937 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-qmqc-x3r4-6v39) A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qmqc-x3r4-6v39″ TARGET=”_blank”>GHSA-qmqc-x3r4-6v39</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qmqc-x3r4-6v39″ TARGET=”_blank”>GHSA-qmqc-x3r4-6v39:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
982991 Nodejs (npm) Security Update for npm (GHSA-93f3-23rq-pjfp) Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `&lt;protocol&gt;://[&lt;user&gt;[:&lt;password&gt;]@]&lt;hostname&gt;[:&lt;port&gt;][:][/]&lt;path&gt;`. The password value is not redacted and is printed to stdout and also to any generated log files. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-93f3-23rq-pjfp” TARGET=”_blank”>GHSA-93f3-23rq-pjfp</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-93f3-23rq-pjfp” TARGET=”_blank”>GHSA-93f3-23rq-pjfp:npm</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
983066 Nodejs (npm) Security Update for npm (GHSA-4328-8hgf-7wjr) Versions of  the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. <BR><BR>For example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory.<BR><BR>This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 6.13.4 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-4328-8hgf-7wjr” TARGET=”_blank”>GHSA-4328-8hgf-7wjr</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-4328-8hgf-7wjr” TARGET=”_blank”>GHSA-4328-8hgf-7wjr:npm</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
983209 Nodejs (npm) Security Update for node-fetch (GHSA-w7rc-rwvf-8q5r) Security update has been released for node-fetch to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. We released patched versions for both stable and beta channels:<BR><BR>- For `v2`: 2.6.1<BR>- For `v3`: 3.0.0-beta.9Workaround:<BR>None, it is strongly recommended to update as soon as possible.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-w7rc-rwvf-8q5r” TARGET=”_blank”>GHSA-w7rc-rwvf-8q5r:node-fetch</A>
SCA Node Fetch did not honor the `size` option after following a redirect, which means that when a content size was over the limit, a `FetchError` would never get thrown and the process would end without failure.<BR><BR>For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don’t double-check the size of the data after `fetch()` has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing. Medium
983258 Nodejs (npm) Security Update for npm-user-validate (GHSA-xgh6-85xh-479p) `npm-user-validate` before version `1.0.1` is vulnerable to a Regular Expression Denial of Service (REDos). The regex that validates user emails took exponentially longer to process long input strings beginning with `@` characters.<BR><BR> The issue is patched in version 1.0.1 by improving the regular expression used and also enforcing a 254 character limit.Workaround:<BR>Restrict the character length to a reasonable degree before passing a value to `.emal()`; Also, consider doing a more rigorous sanitizing/validation beforehand.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-xgh6-85xh-479p” TARGET=”_blank”>GHSA-xgh6-85xh-479p:npm-user-validate</A>
SCA The issue affects the `email` function. If you use this function to process arbitrary user input with no character limit the application may be susceptible to Denial of Service. Medium
983306 Nodejs (npm) Security Update for http-proxy-agent (GHSA-8w57-jfpm-945m) Versions of `http-proxy-agent` before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to `Buffer`.<BR><BR><BR>## Recommendation<BR><BR>Update to version 2.1.0 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-8w57-jfpm-945m” TARGET=”_blank”>GHSA-8w57-jfpm-945m</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-8w57-jfpm-945m” TARGET=”_blank”>GHSA-8w57-jfpm-945m:http-proxy-agent</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
983409 Nodejs (npm) Security Update for sshpk (GHSA-2m39-62fm-q8r3) Versions of `sshpk` before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.<BR><BR><BR>## Recommendation<BR><BR>Update to version 1.13.2, 1.14.1 or later. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-2m39-62fm-q8r3″ TARGET=”_blank”>GHSA-2m39-62fm-q8r3</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-2m39-62fm-q8r3″ TARGET=”_blank”>GHSA-2m39-62fm-q8r3:sshpk</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
983759 Nodejs (npm) Security Update for cryptiles (GHSA-rq8g-5pc5-wrhr) Versions of `cryptiles` prior to 4.1.2 are vulnerable to Insufficient Entropy. The `randomDigits()` method does not provide sufficient entropy and its generates digits that are not evenly distributed.

## Recommendation

Upgrade to version 4.1.2. The package is deprecated and has been moved to `@hapi/cryptiles` and it is strongly recommended to use the maintained package.

Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rq8g-5pc5-wrhr” TARGET=”_blank”>GHSA-rq8g-5pc5-wrhr</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-rq8g-5pc5-wrhr” TARGET=”_blank”>GHSA-rq8g-5pc5-wrhr:cryptiles</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
983801 Nodejs (npm) Security Update for ini (GHSA-qqgx-2p2h-9c37) Security update has been released for ini to fix the vulnerability.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

This has been patched in 1.3.6
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qqgx-2p2h-9c37″ TARGET=”_blank”>GHSA-qqgx-2p2h-9c37:ini</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
983966 Nodejs (npm) Security Update for morgan (GHSA-gwg9-rgvj-4h5j) Verisons of `morgan` before 1.9.1 are vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.

## Recommendation

Update to version 1.9.1 or later.

Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gwg9-rgvj-4h5j” TARGET=”_blank”>GHSA-gwg9-rgvj-4h5j</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-gwg9-rgvj-4h5j” TARGET=”_blank”>GHSA-gwg9-rgvj-4h5j:morgan</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
983967 Nodejs (npm) Security Update for debug (GHSA-gxpj-cx7g-858c) Affected versions of `debug` are vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter.

As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.

## Recommendation

Version 2.x.x: Update to version 2.6.9 or later.
Version 3.x.x: Update to version 3.1.0 or later.

Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gxpj-cx7g-858c” TARGET=”_blank”>GHSA-gxpj-cx7g-858c</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-gxpj-cx7g-858c” TARGET=”_blank”>GHSA-gxpj-cx7g-858c:debug</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
983993 Nodejs (npm) Security Update for hoek (GHSA-jp4x-w63m-7wgm) Versions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution.

The `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property.

This can be demonstrated like so:

“`javascript
var Hoek = require(‘hoek’);
var malicious_payload = ‘{&quot;__proto__&quot;:{&quot;oops&quot;:&quot;It works !&quot;}}’;

var a = {};
console.log(&quot;Before : &quot; + a.oops);
Hoek.merge({}, JSON.parse(malicious_payload));
console.log(&quot;After : &quot; + a.oops);
“`

This type of attack can be used to overwrite existing properties causing a potential denial of service.

## Recommendation

Update to version 4.2.1, 5.0.3 or later.

Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-jp4x-w63m-7wgm” TARGET=”_blank”>GHSA-jp4x-w63m-7wgm</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-jp4x-w63m-7wgm” TARGET=”_blank”>GHSA-jp4x-w63m-7wgm:hoek</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
984035 Nodejs (npm) Security Update for extend (GHSA-qrmc-fj45-qfc2) Versions of `extend` prior to 3.0.2 (for 3.x) and 2.0.2 (for 2.x) are vulnerable to Prototype Pollution. The `extend()` function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.

## Recommendation

If you’re using `extend` 3.x upgrade to 3.0.2 or later.
If you’re using `extend` 2.x upgrade to 2.0.2 or later.

Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qrmc-fj45-qfc2″ TARGET=”_blank”>GHSA-qrmc-fj45-qfc2</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qrmc-fj45-qfc2″ TARGET=”_blank”>GHSA-qrmc-fj45-qfc2:extend</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
984157 Java (maven) Security Update for org.apache.logging.log4j:log4j-api (GHSA-jfh8-c2jp-5v3q) Security update has been released for org.apache.logging.log4j:log4j-core,org.apache.logging.log4j:log4j-api to fix the vulnerability.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-jfh8-c2jp-5v3q” TARGET=”_blank”>GHSA-jfh8-c2jp-5v3q</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-jfh8-c2jp-5v3q” TARGET=”_blank”>GHSA-jfh8-c2jp-5v3q:org.apache.logging.log4j:log4j-core</A><P> <A HREF=”https://github.com/advisories/GHSA-jfh8-c2jp-5v3q” TARGET=”_blank”>GHSA-jfh8-c2jp-5v3q:org.apache.logging.log4j:log4j-api</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
984174 Go (go) Security Update for github.com/open-policy-agent/opa (GHSA-2m4x-4q9j-w97g) An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-2m4x-4q9j-w97g” TARGET=”_blank”>GHSA-2m4x-4q9j-w97g</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-2m4x-4q9j-w97g” TARGET=”_blank”>GHSA-2m4x-4q9j-w97g:github.com/open-policy-agent/opa</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
984403 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rpr3-cw39-3pxh) The com.fasterxml.jackson.core:jackson-databind library before versions 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rpr3-cw39-3pxh” TARGET=”_blank”>GHSA-rpr3-cw39-3pxh</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-rpr3-cw39-3pxh” TARGET=”_blank”>GHSA-rpr3-cw39-3pxh:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
984586 Java (maven) Security Update for org.apache.hadoop:hadoop-common (GHSA-rmpj-7c96-mrg8) There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rmpj-7c96-mrg8″ TARGET=”_blank”>GHSA-rmpj-7c96-mrg8</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-rmpj-7c96-mrg8″ TARGET=”_blank”>GHSA-rmpj-7c96-mrg8:org.apache.hadoop:hadoop-common</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
984587 Java (maven) Security Update for org.eclipse.jetty.http2:http2-server (GHSA-wgmr-mf83-7x4j) Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread.
If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response.
If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service.
The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10.Workaround:<BR>No workaround available within Jetty itself.
One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy)
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-wgmr-mf83-7x4j” TARGET=”_blank”>GHSA-wgmr-mf83-7x4j:org.eclipse.jetty.http2:http2-server</A>
SCA A malicious client may render the server unresponsive. High
984588 Java (maven) Security Update for org.eclipse.jetty:jetty-http (GHSA-cj7v-27pg-wf7q) URI use within Jetty’s `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`.

A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host.
However, `HttpURI.host` returns `localhost;` which is definitely wrong.

Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47.
Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10Workaround:<BR>None.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cj7v-27pg-wf7q” TARGET=”_blank”>GHSA-cj7v-27pg-wf7q:org.eclipse.jetty:jetty-http</A>
SCA This can lead to errors with Jetty’s `HttpClient`, and Jetty’s `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. Medium
984720 Go (go) Security Update for github.com/containerd/containerd (GHSA-5ffw-gxpp-mxpf) Security update has been released for github.com/containerd/containerd to fix the vulnerability.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

This bug has been fixed in containerd 1.6.6 and 1.5.13.  Users should update to these versions to resolve the issue.Workaround:<BR>Ensure that only trusted images and commands are used.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5ffw-gxpp-mxpf” TARGET=”_blank”>GHSA-5ffw-gxpp-mxpf:github.com/containerd/containerd</A>
SCA A bug was found in containerd’s CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API.  This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads.  Kubernetes and crictl can both be configured to use containerd’s CRI implementation; `ExecSync` may be used when running probes or when executing processes via an &quot;exec&quot; facility. Medium
984734 Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-fcgg-rvwg-jv58) HashiCorp go-getter through 2.0.2 does not safely perform downloads. Protocol switching, endless redirect, and configuration bypass were possible via abuse of custom HTTP response header processing. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fcgg-rvwg-jv58″ TARGET=”_blank”>GHSA-fcgg-rvwg-jv58</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-fcgg-rvwg-jv58″ TARGET=”_blank”>GHSA-fcgg-rvwg-jv58:github.com/hashicorp/go-getter</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
984735 Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-cjr4-fv6c-f3mv) HashiCorp go-getter through 2.0.2 does not safely perform downloads. Arbitrary host access was possible via go-getter path traversal, symlink processing, and command injection flaws. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cjr4-fv6c-f3mv” TARGET=”_blank”>GHSA-cjr4-fv6c-f3mv</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cjr4-fv6c-f3mv” TARGET=”_blank”>GHSA-cjr4-fv6c-f3mv:github.com/hashicorp/go-getter</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
984745 Go (go) Security Update for github.com/opencontainers/runc (GHSA-f3fp-gc8g-vw66) Security update has been released for github.com/opencontainers/runc to fix the vulnerability.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

This bug has been fixed in runc 1.1.2. Users should update to this version as soon as possible.

This fix changes `runc exec –cap` behavior such that the additional capabilities granted to the process being executed (as specified via `–cap` arguments) do not include inheritable capabilities.

In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-f3fp-gc8g-vw66″ TARGET=”_blank”>GHSA-f3fp-gc8g-vw66:github.com/opencontainers/runc</A>

SCA A bug was found in runc where `runc exec –cap` executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2).

This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container’s bounding set.

Medium
984751 Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-27rq-4943-qcwp) The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-27rq-4943-qcwp” TARGET=”_blank”>GHSA-27rq-4943-qcwp</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-27rq-4943-qcwp” TARGET=”_blank”>GHSA-27rq-4943-qcwp:github.com/hashicorp/go-getter</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
984753 Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-28r2-q6m8-9hpx) HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric resource exhaustion could occur when go-getter processed malicious HTTP responses. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-28r2-q6m8-9hpx” TARGET=”_blank”>GHSA-28r2-q6m8-9hpx</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-28r2-q6m8-9hpx” TARGET=”_blank”>GHSA-28r2-q6m8-9hpx:github.com/hashicorp/go-getter</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
984754 Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-x24g-9w7v-vprh) HashiCorp go-getter before 2.0.2 allows Command Injection. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-x24g-9w7v-vprh” TARGET=”_blank”>GHSA-x24g-9w7v-vprh</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-x24g-9w7v-vprh” TARGET=”_blank”>GHSA-x24g-9w7v-vprh:github.com/hashicorp/go-getter</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
984755 Go (go) Security Update for github.com/open-policy-agent/opa (GHSA-x7f3-62pm-9p38) An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-x7f3-62pm-9p38″ TARGET=”_blank”>GHSA-x7f3-62pm-9p38</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-x7f3-62pm-9p38″ TARGET=”_blank”>GHSA-x7f3-62pm-9p38:github.com/open-policy-agent/opa</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
985246 Go (go) Security Update for github.com/Masterminds/vcs (GHSA-6635-c626-vj4r) URLs and local file paths passed to the Mercurial (hg) APIs that are specially crafted can contain commands which are executed by Mercurial if it is installed on the host operating system. The `vcs` package uses the underly version control system, in this case `hg`, to implement the needed functionality. When `hg` is executed, argument strings are passed to `hg` in a way that additional flags can be set. The additional flags can be used to perform a command injection. Other version control systems with an implemented interface may also be vulnerable. The issue has been fixed in version 1.13.2. A work around is to sanitize data passed to the `vcs` package APIs to ensure it does not contain commands or unexpected data. This is important for user input data that is passed directly to the package APIs. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-6635-c626-vj4r” TARGET=”_blank”>GHSA-6635-c626-vj4r</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-6635-c626-vj4r” TARGET=”_blank”>GHSA-6635-c626-vj4r:github.com/Masterminds/vcs</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
985252 Go (go) Security Update for github.com/containerd/containerd (GHSA-crp2-qrr5-8pq7) Security update has been released for github.com/containerd/containerd to fix the vulnerability.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

This bug has been fixed in containerd 1.6.1, 1.5.10 and 1.4.13.  Users should update to these versions to resolve the issue.Workaround:<BR>Ensure that only trusted images are used.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-crp2-qrr5-8pq7″ TARGET=”_blank”>GHSA-crp2-qrr5-8pq7:github.com/containerd/containerd</A>
SCA A bug was found in containerd where containers launched through containerds CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host.  This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information.  Kubernetes and crictl can both be configured to use containerds CRI implementation. High
985292 Go (go) Security Update for github.com/opencontainers/runc (GHSA-v95c-p5hm-xq8f) Security update has been released for github.com/opencontainers/runc to fix the vulnerability.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

The patch for this is d72d057ba794164c3cce9451a00b72a78b25e1ae and runc 1.0.3 was released with this bug fixed.Workaround:<BR>To the extent this is exploitable, disallowing untrusted namespace paths in container configuration should eliminate all practical ways of exploiting this bug. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-v95c-p5hm-xq8f” TARGET=”_blank”>GHSA-v95c-p5hm-xq8f:github.com/opencontainers/runc</A>
SCA In runc, [netlink](https://www.man7.org/linux/man-pages/man7/netlink.7.html) is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration.

This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces.

Prior to 9c444070ec7bb83995dbc0185da68284da71c554, in practice it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes. The only user-controlled byte array was the namespace paths attributes which can be specified in runc’s `config.json`, but as far as we can tell no container runtime gives raw access to that configuration setting — and having raw access to that setting **would allow the attacker to disable namespace protections entirely anyway** (setting them to `/proc/1/ns/…` for instance). In addition, each namespace path is limited to 4096 bytes (with only 7 namespaces supported by runc at the moment) meaning that even with custom namespace paths it appears an attacker still cannot shove enough bytes into the netlink bytemsg in order to overflow the uint16 counter.

However, out of an abundance of caution (given how old this bug is) we decided to treat it as a potentially exploitable vulnerability with a low severity. After 9c444070ec7bb83995dbc0185da68284da71c554 (which was not present in any release of runc prior to the discovery of this bug), all mount paths are included as a giant netlink message which means that this bug becomes significantly more exploitable in more reasonable threat scenarios.

The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure), though as mentioned above it appears this bug was not practically exploitable on any released version of runc to date.

Medium
985293 Go (go) Security Update for github.com/docker/distribution (GHSA-qq97-vm5h-rrhg) Security update has been released for github.com/docker/distribution to fix the vulnerability.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Upgrade to at least `v2.8.0-beta.1`  if you are running `v2.x` release. If you use the code from the `main` branch, update at least to the commit after [b59a6f827947f9e0e67df0cfb571046de4733586](https://github.com/distribution/distribution/commit/b59a6f827947f9e0e67df0cfb571046de4733586).Workaround:<BR>There is no way to work around this issue without patching.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qq97-vm5h-rrhg” TARGET=”_blank”>GHSA-qq97-vm5h-rrhg:github.com/docker/distribution</A>
SCA Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. Medium
985298 Go (go) Security Update for github.com/deislabs/oras (GHSA-g5v4-5×39-vwhx) Security update has been released for github.com/deislabs/oras to fix the vulnerability.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

The problem has been patched by the PR linked with this advisory. Users should upgrade their `oras` CLI and packages to `0.9.0`.Workaround:<BR>For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider.

For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-g5v4-5×39-vwhx” TARGET=”_blank”>GHSA-g5v4-5×39-vwhx:github.com/deislabs/oras</A>

SCA The directory support (#55) allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links.

A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`.

Precisely, the following users of the affected versions are impacted
– `oras` CLI users who runs `oras pull`.
– Go programs, which invokes `github.com/deislabs/oras/pkg/content.FileStore`.

High
985314 Go (go) Security Update for github.com/opencontainers/runc (GHSA-g54h-m393-cpwq) Security update has been released for github.com/opencontainers/runc to fix the vulnerability.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

This issue has been fixed in [a patch that was part of a larger rework of the devices cgroup code in runc](https://github.com/opencontainers/runc/pull/2391) — which lead to the discovery of this security bug. Users should upgrade to 1.0.0-rc91 as soon as it is released, or wait for your distribution to backport the relevant fixes.Workaround:<BR>If you are using `runc` directly, ensure that there is a deny-all entry at the beginning of `linux.resources.devices` — such an entry would look like `{&quot;allow&quot;: false, &quot;permissions&quot;: &quot;rwm&quot;}` (all other fields are ignored, though `type` must be set to `&quot;a&quot;` or `null` if it is present).

Users which consume `runc` through another program should check whether their containers are operating under a white-list — this can be done by reading `/sys/fs/cgroup/devices/devices.list` inside the container. If the file contains only the entry `a *:* rwm` (meaning the cgroup is in black-list mode, which likely means &quot;allow all device access&quot;) then your containers are vulnerable to this issue.

As always, we recommend **in the strongest possible terms** that all of our users enable user namespaces on all of their workloads (or pressure their vendors to do so). User namespaces are one of the most significant defense-in-depth protections you can enable for containers, and have prevented many container-related vulnerabilities (both kernel 0days as well as bugs in container runtimes, such as this one).
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-g54h-m393-cpwq” TARGET=”_blank”>GHSA-g54h-m393-cpwq:github.com/opencontainers/runc</A>

SCA Contrary to the [OCI runtime specification](https://github.com/opencontainers/runtime-spec/blob/v1.0.2/config-linux.md#device-whitelist), `runc`’s implementation of the `linux.resources.devices` list was a black-list by default. This means that users who created their own `config.json` objects and didn’t prefix a deny-all rule (`{&quot;allow&quot;: false, &quot;permissions&quot;: &quot;rwm&quot;}` or equivalent) were not provided protection by the `devices` cgroup. This would allow malicious containers (with sufficient privileges) to create arbitrary device inodes (assuming they have `CAP_MKNOD`) and operate on any device inodes they may have access to (assuming they have regular Unix DAC permissions).

However, most (if not all) programs that make use of `runc` include this deny-all rule. This was most likely added before the specification mandated a white-list of devices, and the fact that all programs wrote their own deny-all rule obscured the existence of this bug for several years. In fact, even the specification’s examples include a default deny-all rule! We therefore believe that while this is a security bug (and has been fixed as such), it was almost certainly not exploitable in the wild due to the inclusion of default deny-all rules by all known users of `runc` — hence why this advisory has low severity.

Medium
985380 Go (go) Security Update for github.com/valyala/fasthttp (GHSA-fx95-883v-4q4h) The package github.com/valyala/fasthttp before 1.34.0 is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fx95-883v-4q4h” TARGET=”_blank”>GHSA-fx95-883v-4q4h</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-fx95-883v-4q4h” TARGET=”_blank”>GHSA-fx95-883v-4q4h:github.com/valyala/fasthttp</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
985381 Go (go) Security Update for github.com/gogo/protobuf (GHSA-c3h9-896r-86jm) An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the &quot;skippy peanut butter&quot; issue. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c3h9-896r-86jm” TARGET=”_blank”>GHSA-c3h9-896r-86jm</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c3h9-896r-86jm” TARGET=”_blank”>GHSA-c3h9-896r-86jm:github.com/gogo/protobuf</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
985399 Go (go) Security Update for github.com/opencontainers/runc (GHSA-fgv8-vj5c-2ppq) runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fgv8-vj5c-2ppq” TARGET=”_blank”>GHSA-fgv8-vj5c-2ppq</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-fgv8-vj5c-2ppq” TARGET=”_blank”>GHSA-fgv8-vj5c-2ppq:github.com/opencontainers/runc</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
985404 Go (go) Security Update for github.com/docker/docker (GHSA-g7v2-2qxx-wjrw) Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-g7v2-2qxx-wjrw” TARGET=”_blank”>GHSA-g7v2-2qxx-wjrw</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-g7v2-2qxx-wjrw” TARGET=”_blank”>GHSA-g7v2-2qxx-wjrw:github.com/docker/docker</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
985432 Go (go) Security Update for github.com/opencontainers/runc (GHSA-gp4j-w3vj-7299) RunC allowed additional container processes via ‘runc exec’ to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gp4j-w3vj-7299″ TARGET=”_blank”>GHSA-gp4j-w3vj-7299</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-gp4j-w3vj-7299″ TARGET=”_blank”>GHSA-gp4j-w3vj-7299:github.com/opencontainers/runc</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
985441 Go (go) Security Update for gopkg.in/yaml.v2 (GHSA-wxc4-f4m6-wwqv) The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-wxc4-f4m6-wwqv” TARGET=”_blank”>GHSA-wxc4-f4m6-wwqv</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-wxc4-f4m6-wwqv” TARGET=”_blank”>GHSA-wxc4-f4m6-wwqv:gopkg.in/yaml.v2</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. Medium
985442 Go (go) Security Update for github.com/ulikunitz/xz (GHSA-q6gq-997w-f55g) Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-q6gq-997w-f55g” TARGET=”_blank”>GHSA-q6gq-997w-f55g</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-q6gq-997w-f55g” TARGET=”_blank”>GHSA-q6gq-997w-f55g:github.com/ulikunitz/xz</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
985455 DotNet (Nuget) Security Update for Newtonsoft.Json (GHSA-5crp-9r3c-p9vr) Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service (DoS).

The serialization and deserialization path have different properties regarding the issue.

Deserializing methods (like `JsonConvert.DeserializeObject`) will process the input that results in burning the CPU, allocating memory, and consuming a thread of execution. Quite high nesting level (&gt;10kk, or 9.5MB of `{a:{a:{…` input) is needed to achieve the latency over 10 seconds, depending on the hardware.

Serializing methods (like `JsonConvert.Serialize` or `JObject.ToString`) will throw StackOverFlow exception with the nesting level of around 20k.

To mitigate the issue one either need to update Newtonsoft.Json to 13.0.1 or set `MaxDepth` parameter in the `JsonSerializerSettings`. This can be done globally with the following statement. After that the parsing of the nested input will fail fast with `Newtonsoft.Json.JsonReaderException`:

“`
JsonConvert.DefaultSettings = () =&gt; new JsonSerializerSettings { MaxDepth = 128 };
“`

Repro code:
“`
//Create a string representation of an highly nested object (JSON serialized)
int nRep = 25000;
string json = string.Concat(Enumerable.Repeat(&quot;{a:&quot;, nRep)) + &quot;1&quot; +
string.Concat(Enumerable.Repeat(&quot;}&quot;, nRep));

//Parse this object (leads to high CPU/RAM consumption)
var parsedJson = JsonConvert.DeserializeObject(json);

// Methods below all throw stack overflow with nRep around 20k and higher
// string a = parsedJson.ToString();
// string b = JsonConvert.SerializeObject(parsedJson);
“`

**Note the original statement about the problem only affecting IIS applications is misleading.** Any application is affected, however the IIS has a behavior that stops restarting the instance after some time resulting in a harder-to-fix DoS.

Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5crp-9r3c-p9vr” TARGET=”_blank”>GHSA-5crp-9r3c-p9vr</A> for updates pertaining to this vulnerability.
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5crp-9r3c-p9vr” TARGET=”_blank”>GHSA-5crp-9r3c-p9vr:Newtonsoft.Json</A>
SCA Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. High
985585 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-f9xh-2qgp-cq57) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-f9xh-2qgp-cq57″ TARGET=”_blank”>GHSA-f9xh-2qgp-cq57</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-f9xh-2qgp-cq57″ TARGET=”_blank”>GHSA-f9xh-2qgp-cq57:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
985586 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cvm9-fjm9-3572) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-cvm9-fjm9-3572″ TARGET=”_blank”>GHSA-cvm9-fjm9-3572</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cvm9-fjm9-3572″ TARGET=”_blank”>GHSA-cvm9-fjm9-3572:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
985587 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-9m6f-7xcq-8vf8) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9m6f-7xcq-8vf8″ TARGET=”_blank”>GHSA-9m6f-7xcq-8vf8</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-9m6f-7xcq-8vf8″ TARGET=”_blank”>GHSA-9m6f-7xcq-8vf8:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
985588 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-wh8g-3j2c-rqj5) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-wh8g-3j2c-rqj5″ TARGET=”_blank”>GHSA-wh8g-3j2c-rqj5</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-wh8g-3j2c-rqj5″ TARGET=”_blank”>GHSA-wh8g-3j2c-rqj5:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
985592 Java (maven) Security Update for io.netty:netty-codec-http (GHSA-269q-hmxg-m83q) Security update has been released for io.netty:netty-codec-http to fix the vulnerability.
<BR>
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-269q-hmxg-m83q” TARGET=”_blank”>GHSA-269q-hmxg-m83q</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-269q-hmxg-m83q” TARGET=”_blank”>GHSA-269q-hmxg-m83q:io.netty:netty-codec-http</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
985604 Java (maven) Security Update for org.apache.logging.log4j:log4j-core (GHSA-8489-44mv-ggj8) Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

# Affected packages
Only the `org.apache.logging.log4j:log4j-core` package is directly affected by this vulnerability. The `org.apache.logging.log4j:log4j-api` should be kept at the same version as the `org.apache.logging.log4j:log4j-core` package to ensure compatability if in use.

This issue does not impact default configurations of Log4j2 and requires an attacker to have control over the Log4j2 configuration, which reduces the likelihood of being exploited.

Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8489-44mv-ggj8″ TARGET=”_blank”>GHSA-8489-44mv-ggj8</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-8489-44mv-ggj8″ TARGET=”_blank”>GHSA-8489-44mv-ggj8:org.apache.logging.log4j:log4j-core</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
985606 Java (maven) Security Update for io.netty:netty-codec-http (GHSA-wx5j-54mm-rqqq) Security update has been released for io.netty:netty-codec-http to fix the vulnerability.
<BR>
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-wx5j-54mm-rqqq” TARGET=”_blank”>GHSA-wx5j-54mm-rqqq</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-wx5j-54mm-rqqq” TARGET=”_blank”>GHSA-wx5j-54mm-rqqq:io.netty:netty-codec-http</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
985612 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-r695-7vr9-jgc2) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r695-7vr9-jgc2″ TARGET=”_blank”>GHSA-r695-7vr9-jgc2</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-r695-7vr9-jgc2″ TARGET=”_blank”>GHSA-r695-7vr9-jgc2:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
985614 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-vfqx-33qm-g869) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-vfqx-33qm-g869″ TARGET=”_blank”>GHSA-vfqx-33qm-g869</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-vfqx-33qm-g869″ TARGET=”_blank”>GHSA-vfqx-33qm-g869:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
985775 Nodejs (npm) Security Update for got (GHSA-pfrx-2q88-qq97) The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-pfrx-2q88-qq97″ TARGET=”_blank”>GHSA-pfrx-2q88-qq97</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-pfrx-2q88-qq97″ TARGET=”_blank”>GHSA-pfrx-2q88-qq97:got</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
985789 Nodejs (npm) Security Update for npm (GHSA-ph34-pc88-72gc) An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as &quot;next: 5.7.0&quot; and therefore automatically installed by an &quot;npm upgrade -g npm&quot; command, and also announced in the vendor’s blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a &quot;correctMkdir&quot; issue. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-ph34-pc88-72gc” TARGET=”_blank”>GHSA-ph34-pc88-72gc</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-ph34-pc88-72gc” TARGET=”_blank”>GHSA-ph34-pc88-72gc:npm</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
985876 Nodejs (npm) Security Update for hawk (GHSA-44pw-h2cw-w3vq) Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack – meaning each added character in the attacker’s input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead.`Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-44pw-h2cw-w3vq” TARGET=”_blank”>GHSA-44pw-h2cw-w3vq</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-44pw-h2cw-w3vq” TARGET=”_blank”>GHSA-44pw-h2cw-w3vq:hawk</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
985919 Nodejs (npm) Security Update for node-fetch (GHSA-r683-j2x4-v87g) node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r683-j2x4-v87g” TARGET=”_blank”>GHSA-r683-j2x4-v87g</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-r683-j2x4-v87g” TARGET=”_blank”>GHSA-r683-j2x4-v87g:node-fetch</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986031 Nodejs (npm) Security Update for chownr (GHSA-c6rq-rjc2-86v2) A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-c6rq-rjc2-86v2″ TARGET=”_blank”>GHSA-c6rq-rjc2-86v2</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c6rq-rjc2-86v2″ TARGET=”_blank”>GHSA-c6rq-rjc2-86v2:chownr</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
986032 Nodejs (npm) Security Update for ajv (GHSA-v88g-cgmw-v5xw) An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.) Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-v88g-cgmw-v5xw” TARGET=”_blank”>GHSA-v88g-cgmw-v5xw</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-v88g-cgmw-v5xw” TARGET=”_blank”>GHSA-v88g-cgmw-v5xw:ajv</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
986045 Nodejs (npm) Security Update for yarn (GHSA-hjxc-462x-x77j) The package integrity validation in yarn &amp;lt; 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It&amp;#39;s not computed again when reading from the cache. This may lead to a cache pollution attack. This issue is fixed in 1.19.0. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hjxc-462x-x77j” TARGET=”_blank”>GHSA-hjxc-462x-x77j</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-hjxc-462x-x77j” TARGET=”_blank”>GHSA-hjxc-462x-x77j:yarn</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
986048 Nodejs (npm) Security Update for yarn (GHSA-8mfc-v7wv-p62g) Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earlier allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8mfc-v7wv-p62g” TARGET=”_blank”>GHSA-8mfc-v7wv-p62g</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-8mfc-v7wv-p62g” TARGET=”_blank”>GHSA-8mfc-v7wv-p62g:yarn</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986084 Nodejs (npm) Security Update for http-proxy-agent (GHSA-86wf-436m-h424) A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-86wf-436m-h424″ TARGET=”_blank”>GHSA-86wf-436m-h424</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-86wf-436m-h424″ TARGET=”_blank”>GHSA-86wf-436m-h424:http-proxy-agent</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
986394 Java (maven) Security Update for com.google.code.gson:gson (GHSA-4jrv-ppp4-jm57) The package `com.google.code.gson:gson` before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the `writeReplace()` method in internal classes, which may lead to denial of service attacks. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-4jrv-ppp4-jm57″ TARGET=”_blank”>GHSA-4jrv-ppp4-jm57</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-4jrv-ppp4-jm57″ TARGET=”_blank”>GHSA-4jrv-ppp4-jm57:com.google.code.gson:gson</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986395 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-8c4j-34r4-xr8g) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8c4j-34r4-xr8g” TARGET=”_blank”>GHSA-8c4j-34r4-xr8g</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-8c4j-34r4-xr8g” TARGET=”_blank”>GHSA-8c4j-34r4-xr8g:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986398 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-89qr-369f-5m5x) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-89qr-369f-5m5x” TARGET=”_blank”>GHSA-89qr-369f-5m5x</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-89qr-369f-5m5x” TARGET=”_blank”>GHSA-89qr-369f-5m5x:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986399 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-m6x4-97wx-4q27) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-m6x4-97wx-4q27″ TARGET=”_blank”>GHSA-m6x4-97wx-4q27</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-m6x4-97wx-4q27″ TARGET=”_blank”>GHSA-m6x4-97wx-4q27:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986400 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-8w26-6f25-cm9x) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8w26-6f25-cm9x” TARGET=”_blank”>GHSA-8w26-6f25-cm9x</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-8w26-6f25-cm9x” TARGET=”_blank”>GHSA-8w26-6f25-cm9x:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986403 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-r3gr-cxrf-hg25) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r3gr-cxrf-hg25″ TARGET=”_blank”>GHSA-r3gr-cxrf-hg25</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-r3gr-cxrf-hg25″ TARGET=”_blank”>GHSA-r3gr-cxrf-hg25:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986404 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-9gph-22xh-8×98) FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9gph-22xh-8×98″ TARGET=”_blank”>GHSA-9gph-22xh-8×98</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-9gph-22xh-8×98″ TARGET=”_blank”>GHSA-9gph-22xh-8×98:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986970 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-57j2-w4cx-62h2) jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-57j2-w4cx-62h2″ TARGET=”_blank”>GHSA-57j2-w4cx-62h2</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-57j2-w4cx-62h2″ TARGET=”_blank”>GHSA-57j2-w4cx-62h2:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986971 Java (maven) Security Update for net.minidev:json-smart (GHSA-fg2v-w576-w4v3) A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service (DOS) via a crafted web request. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-fg2v-w576-w4v3″ TARGET=”_blank”>GHSA-fg2v-w576-w4v3</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-fg2v-w576-w4v3″ TARGET=”_blank”>GHSA-fg2v-w576-w4v3:net.minidev:json-smart</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986972 Java (maven) Security Update for org.apache.logging.log4j:log4j-core (GHSA-7rjr-3q55-vv33) Security update has been released for org.apache.logging.log4j:log4j-core to fix the vulnerability. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-7rjr-3q55-vv33″ TARGET=”_blank”>GHSA-7rjr-3q55-vv33</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-7rjr-3q55-vv33″ TARGET=”_blank”>GHSA-7rjr-3q55-vv33:org.apache.logging.log4j:log4j-core</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986973 Java (maven) Security Update for org.apache.logging.log4j:log4j-core (GHSA-p6xc-xr62-6r2g) Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.

# Affected packages
Only the `org.apache.logging.log4j:log4j-core` package is directly affected by this vulnerability. The `org.apache.logging.log4j:log4j-api` should be kept at the same version as the `org.apache.logging.log4j:log4j-core` package to ensure compatability if in use.

Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-p6xc-xr62-6r2g” TARGET=”_blank”>GHSA-p6xc-xr62-6r2g</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-p6xc-xr62-6r2g” TARGET=”_blank”>GHSA-p6xc-xr62-6r2g:org.apache.logging.log4j:log4j-core</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
986975 Java (maven) Security Update for ch.qos.logback:logback-core (GHSA-668q-qrv7-99fm) In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-668q-qrv7-99fm” TARGET=”_blank”>GHSA-668q-qrv7-99fm</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-668q-qrv7-99fm” TARGET=”_blank”>GHSA-668q-qrv7-99fm:ch.qos.logback:logback-core</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
986976 Java (maven) Security Update for org.apache.hadoop:hadoop-common (GHSA-8wm5-8h9c-47pc) Apache Hadoop’s `FileUtil.unTar(File, File)` API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. &quot;Check existence of file before untarring/zipping&quot;, which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8wm5-8h9c-47pc” TARGET=”_blank”>GHSA-8wm5-8h9c-47pc</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-8wm5-8h9c-47pc” TARGET=”_blank”>GHSA-8wm5-8h9c-47pc:org.apache.hadoop:hadoop-common</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
987197 Java (maven) Security Update for com.google.oauth-client:google-oauth-client (GHSA-xh97-72ww-2w58) Security update has been released for com.google.oauth-client:google-oauth-client to fix the vulnerability. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-xh97-72ww-2w58″ TARGET=”_blank”>GHSA-xh97-72ww-2w58</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-xh97-72ww-2w58″ TARGET=”_blank”>GHSA-xh97-72ww-2w58:com.google.oauth-client:google-oauth-client</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
987283 Java (maven) Security Update for org.apache.hadoop:hadoop-common (GHSA-gx2c-fvhc-ph4j) In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn’t resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-gx2c-fvhc-ph4j” TARGET=”_blank”>GHSA-gx2c-fvhc-ph4j</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-gx2c-fvhc-ph4j” TARGET=”_blank”>GHSA-gx2c-fvhc-ph4j:org.apache.hadoop:hadoop-common</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
987316 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-qjw2-hr98-qgfh) FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-qjw2-hr98-qgfh” TARGET=”_blank”>GHSA-qjw2-hr98-qgfh</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qjw2-hr98-qgfh” TARGET=”_blank”>GHSA-qjw2-hr98-qgfh:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
987327 Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-h3cw-g4mq-c5x2) This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-h3cw-g4mq-c5x2″ TARGET=”_blank”>GHSA-h3cw-g4mq-c5x2</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-h3cw-g4mq-c5x2″ TARGET=”_blank”>GHSA-h3cw-g4mq-c5x2:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
987333 Java (maven) Security Update for com.google.protobuf:protobuf-kotlin (GHSA-wrvw-hg22-4m67) Security update has been released for com.google.protobuf:protobuf-kotlin,com.google.protobuf:protobuf-java to fix the vulnerability. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-wrvw-hg22-4m67″ TARGET=”_blank”>GHSA-wrvw-hg22-4m67</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-wrvw-hg22-4m67″ TARGET=”_blank”>GHSA-wrvw-hg22-4m67:com.google.protobuf:protobuf-kotlin</A><P> <A HREF=”https://github.com/advisories/GHSA-wrvw-hg22-4m67″ TARGET=”_blank”>GHSA-wrvw-hg22-4m67:com.google.protobuf:protobuf-java</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
987434 Nodejs (npm) Security Update for minimist (GHSA-xvch-5gv4-984h) Github has released a security update for minimist to fix the vulnerabilities. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-xvch-5gv4-984h” TARGET=”_blank”>GHSA-xvch-5gv4-984h</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-xvch-5gv4-984h” TARGET=”_blank”>GHSA-xvch-5gv4-984h:minimist</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
988053 Java (Maven) Security Update for com.google.protobuf:protobuf-java (GHSA-h4h5-3hr4-j3g2) A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-h4h5-3hr4-j3g2″ TARGET=”_blank”>GHSA-h4h5-3hr4-j3g2</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-h4h5-3hr4-j3g2″ TARGET=”_blank”>GHSA-h4h5-3hr4-j3g2:com.google.protobuf:protobuf-java</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
988179 Java (Maven) Security Update for org.apache.commons:commons-text (GHSA-599f-7c49-w659) Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is &quot;${prefix:name}&quot;, where &quot;prefix&quot; is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: – &quot;script&quot; – execute expressions using the JVM script execution engine (javax.script) – &quot;dns&quot; – resolve dns records – &quot;url&quot; – load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-599f-7c49-w659″ TARGET=”_blank”>GHSA-599f-7c49-w659</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-599f-7c49-w659″ TARGET=”_blank”>GHSA-599f-7c49-w659:org.apache.commons:commons-text</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
988968 DotNet (Nuget) Security Update for Microsoft.AspNetCore.App.Runtime.linux-arm (GHSA-3rq8-h3gj-r5c6) Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3rq8-h3gj-r5c6″ TARGET=”_blank”>GHSA-3rq8-h3gj-r5c6</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-3rq8-h3gj-r5c6″ TARGET=”_blank”>GHSA-3rq8-h3gj-r5c6:Microsoft.AspNetCore.App.Runtime.linux-arm</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
988978 DotNet (Nuget) Security Update for Microsoft.AspNetCore.App.Runtime.linux-arm (GHSA-cw98-9j8w-wxv9) Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-cw98-9j8w-wxv9″ TARGET=”_blank”>GHSA-cw98-9j8w-wxv9</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-cw98-9j8w-wxv9″ TARGET=”_blank”>GHSA-cw98-9j8w-wxv9:Microsoft.AspNetCore.App.Runtime.linux-arm</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
988979 DotNet (Nuget) Security Update for Microsoft.AspNetCore.App.Runtime.linux-arm (GHSA-485p-mrj5-8w2v) Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-485p-mrj5-8w2v” TARGET=”_blank”>GHSA-485p-mrj5-8w2v</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-485p-mrj5-8w2v” TARGET=”_blank”>GHSA-485p-mrj5-8w2v:Microsoft.AspNetCore.App.Runtime.linux-arm</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
989996 Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-c4r9-r8fh-9vj2) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-c4r9-r8fh-9vj2″ TARGET=”_blank”>GHSA-c4r9-r8fh-9vj2</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-c4r9-r8fh-9vj2″ TARGET=”_blank”>GHSA-c4r9-r8fh-9vj2:org.yaml:snakeyaml</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990004 Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-w37g-rhq8-7m4j) Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-w37g-rhq8-7m4j” TARGET=”_blank”>GHSA-w37g-rhq8-7m4j</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-w37g-rhq8-7m4j” TARGET=”_blank”>GHSA-w37g-rhq8-7m4j:org.yaml:snakeyaml</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990008 Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-hhhw-99gj-p3c3) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hhhw-99gj-p3c3″ TARGET=”_blank”>GHSA-hhhw-99gj-p3c3</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-hhhw-99gj-p3c3″ TARGET=”_blank”>GHSA-hhhw-99gj-p3c3:org.yaml:snakeyaml</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990039 Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-3mc7-4q67-w48m) The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3mc7-4q67-w48m” TARGET=”_blank”>GHSA-3mc7-4q67-w48m</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-3mc7-4q67-w48m” TARGET=”_blank”>GHSA-3mc7-4q67-w48m:org.yaml:snakeyaml</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990193 Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-98wm-3w3q-mw94) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-98wm-3w3q-mw94″ TARGET=”_blank”>GHSA-98wm-3w3q-mw94</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-98wm-3w3q-mw94″ TARGET=”_blank”>GHSA-98wm-3w3q-mw94:org.yaml:snakeyaml</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990209 Java (Maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-jjjh-jjxp-wpff) In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4.1 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.1, and 2.14.0. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-jjjh-jjxp-wpff” TARGET=”_blank”>GHSA-jjjh-jjxp-wpff</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-jjjh-jjxp-wpff” TARGET=”_blank”>GHSA-jjjh-jjxp-wpff:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990212 Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-3f7h-mf4q-vrm4) Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3f7h-mf4q-vrm4″ TARGET=”_blank”>GHSA-3f7h-mf4q-vrm4</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-3f7h-mf4q-vrm4″ TARGET=”_blank”>GHSA-3f7h-mf4q-vrm4:com.fasterxml.woodstox:woodstox-core</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990228 Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-5hc5-c3m9-8vcj) Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-5hc5-c3m9-8vcj” TARGET=”_blank”>GHSA-5hc5-c3m9-8vcj</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-5hc5-c3m9-8vcj” TARGET=”_blank”>GHSA-5hc5-c3m9-8vcj:com.fasterxml.woodstox:woodstox-core</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990283 Java (Maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rgv9-q543-rqg4) In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-rgv9-q543-rqg4″ TARGET=”_blank”>GHSA-rgv9-q543-rqg4</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-rgv9-q543-rqg4″ TARGET=”_blank”>GHSA-rgv9-q543-rqg4:com.fasterxml.jackson.core:jackson-databind</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990334 Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-9w3m-gqgf-c4p9) Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9w3m-gqgf-c4p9″ TARGET=”_blank”>GHSA-9w3m-gqgf-c4p9</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-9w3m-gqgf-c4p9″ TARGET=”_blank”>GHSA-9w3m-gqgf-c4p9:org.yaml:snakeyaml</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990416 Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-fv22-xp26-mm9w) Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-fv22-xp26-mm9w” TARGET=”_blank”>GHSA-fv22-xp26-mm9w</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-fv22-xp26-mm9w” TARGET=”_blank”>GHSA-fv22-xp26-mm9w:com.fasterxml.woodstox:woodstox-core</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990429 Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-4rv7-wj6m-6c6r) Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-4rv7-wj6m-6c6r” TARGET=”_blank”>GHSA-4rv7-wj6m-6c6r</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-4rv7-wj6m-6c6r” TARGET=”_blank”>GHSA-4rv7-wj6m-6c6r:com.fasterxml.woodstox:woodstox-core</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990454 Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-9fwf-46g9-45rx) Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9fwf-46g9-45rx” TARGET=”_blank”>GHSA-9fwf-46g9-45rx</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-9fwf-46g9-45rx” TARGET=”_blank”>GHSA-9fwf-46g9-45rx:com.fasterxml.woodstox:woodstox-core</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990565 Python (pip) Security Update for GitPython (GHSA-hcpj-qp55-gfph) All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hcpj-qp55-gfph” TARGET=”_blank”>GHSA-hcpj-qp55-gfph</A> for updates and patch information.<BR> SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990565 Python (pip) Security Update for GitPython (GHSA-hcpj-qp55-gfph) All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hcpj-qp55-gfph” TARGET=”_blank”>GHSA-hcpj-qp55-gfph</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-hcpj-qp55-gfph” TARGET=”_blank”>GHSA-hcpj-qp55-gfph:GitPython</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990566 Nodejs (npm) Security Update for qs (GHSA-hrpp-h998-j3pp) qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&amp;a[__proto__]&amp;a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has &quot;deps: qs@6.9.7&quot; in its release description, is not vulnerable). Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hrpp-h998-j3pp” TARGET=”_blank”>GHSA-hrpp-h998-j3pp</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-hrpp-h998-j3pp” TARGET=”_blank”>GHSA-hrpp-h998-j3pp:qs</A><P> <A HREF=”https://github.com/advisories/GHSA-hrpp-h998-j3pp” TARGET=”_blank”>GHSA-hrpp-h998-j3pp:express</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990620 Go (go) Security Update for github.com/containerd/containerd (GHSA-2qjp-425j-52j9) Security update has been released for github.com/containerd/containerd to fix the vulnerability. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-2qjp-425j-52j9″ TARGET=”_blank”>GHSA-2qjp-425j-52j9</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-2qjp-425j-52j9″ TARGET=”_blank”>GHSA-2qjp-425j-52j9:github.com/containerd/containerd</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990811 Java (Maven) Security Update for com.google.protobuf:protobuf-java (GHSA-g5ww-5jh7-63cx) A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-g5ww-5jh7-63cx” TARGET=”_blank”>GHSA-g5ww-5jh7-63cx</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-g5ww-5jh7-63cx” TARGET=”_blank”>GHSA-g5ww-5jh7-63cx:com.google.protobuf:protobuf-java</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990822 Java (Maven) Security Update for io.netty:netty-codec-http (GHSA-hh82-3pmq-7frp) When calling DefaultHttpHeaders.set with an iterator of values (as opposed to a single given value), header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hh82-3pmq-7frp” TARGET=”_blank”>GHSA-hh82-3pmq-7frp</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-hh82-3pmq-7frp” TARGET=”_blank”>GHSA-hh82-3pmq-7frp:io.netty:netty-codec-http</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990836 Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-mjmj-j48q-9wg2) SnakeYaml’s Constructor class, which inherits from SafeConstructor, allows
any type be deserialized given the following line:
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-mjmj-j48q-9wg2″ TARGET=”_blank”>GHSA-mjmj-j48q-9wg2</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-mjmj-j48q-9wg2″ TARGET=”_blank”>GHSA-mjmj-j48q-9wg2:org.yaml:snakeyaml</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990836 Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-mjmj-j48q-9wg2) SnakeYaml’s Constructor class, which inherits from SafeConstructor, allows
any type be deserialized given the following line:
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-mjmj-j48q-9wg2″ TARGET=”_blank”>GHSA-mjmj-j48q-9wg2</A> for updates and patch information.<BR> SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
990987 GO (Go) Security Update for gopkg.in/yaml.v2 (GHSA-6q6q-88xp-6f2r) Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-6q6q-88xp-6f2r” TARGET=”_blank”>GHSA-6q6q-88xp-6f2r</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-6q6q-88xp-6f2r” TARGET=”_blank”>GHSA-6q6q-88xp-6f2r:gopkg.in/yaml.v2</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
990995 GO (Go) Security Update for gopkg.in/yaml.v2 (GHSA-r88r-gmrh-7j83) Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r88r-gmrh-7j83″ TARGET=”_blank”>GHSA-r88r-gmrh-7j83</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-r88r-gmrh-7j83″ TARGET=”_blank”>GHSA-r88r-gmrh-7j83:gopkg.in/yaml.v2</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
991006 GO (Go) Security Update for github.com/aws/aws-sdk-go (GHSA-6jvc-q2x7-pchv) The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-6jvc-q2x7-pchv” TARGET=”_blank”>GHSA-6jvc-q2x7-pchv</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-6jvc-q2x7-pchv” TARGET=”_blank”>GHSA-6jvc-q2x7-pchv:github.com/aws/aws-sdk-go</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
991035 Python (Pip) Security Update for setuptools (GHSA-r9hx-vwmv-q579) Python Packaging Authority (PyPA)’s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index. This has been patched in version 65.5.1. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r9hx-vwmv-q579″ TARGET=”_blank”>GHSA-r9hx-vwmv-q579</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-r9hx-vwmv-q579″ TARGET=”_blank”>GHSA-r9hx-vwmv-q579:setuptools</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
991043 Java (Maven) Security Update for com.google.protobuf:protobuf-java (GHSA-4gg5-vx3j-xwc7) A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-4gg5-vx3j-xwc7″ TARGET=”_blank”>GHSA-4gg5-vx3j-xwc7</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-4gg5-vx3j-xwc7″ TARGET=”_blank”>GHSA-4gg5-vx3j-xwc7:com.google.protobuf:protobuf-java</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
991088 GO (Go) Security Update for github.com/Masterminds/goutils (GHSA-3839-6r69-m497) Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3839-6r69-m497″ TARGET=”_blank”>GHSA-3839-6r69-m497</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-3839-6r69-m497″ TARGET=”_blank”>GHSA-3839-6r69-m497:github.com/Masterminds/goutils</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
991338 Python (Pip) Security Update for wheel (GHSA-qwmp-2cf2-g9g6) Python Packaging Authority (PyPA) Wheel is a reference implementation of the Python wheel packaging standard. Wheel 0.37.1 and earlier are vulnerable to a Regular Expression denial of service via attacker controlled input to the wheel cli. The vulnerable regex is used to verify the validity of Wheel file names. This has been patched in version 0.38.1. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-qwmp-2cf2-g9g6″ TARGET=”_blank”>GHSA-qwmp-2cf2-g9g6</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-qwmp-2cf2-g9g6″ TARGET=”_blank”>GHSA-qwmp-2cf2-g9g6:wheel</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
991563 NodeJs (Npm) Security Update for luxon (GHSA-3xq5-wjfh-ppjc) Luxon’s `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to (Re)DoS attacks. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3xq5-wjfh-ppjc” TARGET=”_blank”>GHSA-3xq5-wjfh-ppjc</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-3xq5-wjfh-ppjc” TARGET=”_blank”>GHSA-3xq5-wjfh-ppjc:luxon</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
991589 NodeJs (Npm) Security Update for debug (GHSA-9vvw-cc9w-f27h) A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9vvw-cc9w-f27h” TARGET=”_blank”>GHSA-9vvw-cc9w-f27h</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-9vvw-cc9w-f27h” TARGET=”_blank”>GHSA-9vvw-cc9w-f27h:debug</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
991973 GO (Go) Security Update for github.com/kubernetes/kubernetes (GHSA-8cfg-vx93-jvxw) GitHub has released a security update for github.com/kubernetes/kubernetes to fix the vulnerabilities. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8cfg-vx93-jvxw” TARGET=”_blank”>GHSA-8cfg-vx93-jvxw</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-8cfg-vx93-jvxw” TARGET=”_blank”>GHSA-8cfg-vx93-jvxw:github.com/kubernetes/kubernetes</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
992186 GO (Go) Security Update for github.com/containerd/containerd (GHSA-hmfx-3pcx-653p) A bug was found in containerd where supplementary groups are not set up properly inside a container.  If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hmfx-3pcx-653p” TARGET=”_blank”>GHSA-hmfx-3pcx-653p</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-hmfx-3pcx-653p” TARGET=”_blank”>GHSA-hmfx-3pcx-653p:github.com/containerd/containerd</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
992187 GO (Go) Security Update for github.com/containerd/containerd (GHSA-259w-8hf6-59c2) When importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-259w-8hf6-59c2″ TARGET=”_blank”>GHSA-259w-8hf6-59c2</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-259w-8hf6-59c2″ TARGET=”_blank”>GHSA-259w-8hf6-59c2:github.com/containerd/containerd</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
992196 Python (Pip) Security Update for Werkzeug (GHSA-xg9f-g7g7-2323) Werkzeug’s multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-xg9f-g7g7-2323″ TARGET=”_blank”>GHSA-xg9f-g7g7-2323</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-xg9f-g7g7-2323″ TARGET=”_blank”>GHSA-xg9f-g7g7-2323:Werkzeug</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High
992198 Python (Pip) Security Update for Werkzeug (GHSA-px8h-6qxv-m22q) Browsers may allow &quot;nameless&quot; cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =__Host-test=bad for another subdomain. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-px8h-6qxv-m22q” TARGET=”_blank”>GHSA-px8h-6qxv-m22q</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-px8h-6qxv-m22q” TARGET=”_blank”>GHSA-px8h-6qxv-m22q:Werkzeug</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
992210 GO (Go) Security Update for github.com/hashicorp/go-getter (GHSA-jpxj-2jvg-6jv9) HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-jpxj-2jvg-6jv9″ TARGET=”_blank”>GHSA-jpxj-2jvg-6jv9</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-jpxj-2jvg-6jv9″ TARGET=”_blank”>GHSA-jpxj-2jvg-6jv9:github.com/hashicorp/go-getter</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
992213 GO (Go) Security Update for golang.org/x/net (GHSA-vvpx-j8f3-3w6h) A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-vvpx-j8f3-3w6h” TARGET=”_blank”>GHSA-vvpx-j8f3-3w6h</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-vvpx-j8f3-3w6h” TARGET=”_blank”>GHSA-vvpx-j8f3-3w6h:golang.org/x/net</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. Medium
992227 Java (Maven) Security Update for commons-fileupload:commons-fileupload (GHSA-hfrx-6qgj-fp6c) Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hfrx-6qgj-fp6c” TARGET=”_blank”>GHSA-hfrx-6qgj-fp6c</A> for updates and patch information.<BR>
<P>Patch:<BR>
Following are links for downloading patches to fix the vulnerabilities:
<P> <A HREF=”https://github.com/advisories/GHSA-hfrx-6qgj-fp6c” TARGET=”_blank”>GHSA-hfrx-6qgj-fp6c:commons-fileupload:commons-fileupload</A>
SCA Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. High