Vulnerability CVE-2014-3504 - CERT Civis.Net

Vulnerability Name:

CVE-2014-3504 (CCN-95308)

Assigned:

2014-08-11

Published:

2014-08-11

Updated:

2018-08-13

Summary:

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CWE-297: Improper Validation of Certificate with Host Mismatch

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-3504

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:1059

Source: SECUNIA
Type: UNKNOWN
59584

Source: SECUNIA
Type: UNKNOWN
60721

Source: UBUNTU
Type: Vendor Advisory
USN-2315-1

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: CCN
Type: OSVDB ID: 109997
serf HTTP Client Library Multiple Field Embedded NUL Byte Handling Certificate Validation MitM Spoofing Weakness

Source: BID
Type: UNKNOWN
69238

Source: CCN
Type: BID-69238
Serf CVE-2014-3504 SSL Certificate Validation Information Disclosure Vulnerability

Source: CCN
Type: serf Web site
serf

Source: XF
Type: UNKNOWN
serf-cve20143504-spoofing(95308)

Source: CONFIRM
Type: UNKNOWN
https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc

Source: GENTOO
Type: UNKNOWN
GLSA-201610-05

Source: CONFIRM
Type: Vendor Advisory
https://subversion.apache.org/security/CVE-2014-3522-advisory.txt

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-3504

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:subversion:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.4.3:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.4.4:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.4.5:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.4.6:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.5.0:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.5.3:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.5.4:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.5.6:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.5.7:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.5.8:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.0:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.2:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.3:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.4:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.5:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.6:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.7:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.8:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.9:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.10:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.11:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.12:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.13:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.14:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.15:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.16:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.17:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.18:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.19:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.20:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.21:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.6.23:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.4:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.5:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.6:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.7:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.8:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.9:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.10:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.11:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.12:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.13:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.14:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.15:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.16:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.7.17:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.0:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.1:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.2:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.3:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.4:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.5:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.6:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.7:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.8:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.8.9:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration 3:

cpe:/a:serf_project:serf:0.2.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:0.3.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:0.3.1:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:0.4.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:0.5.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:0.6.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:0.6.1:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:0.7.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:0.7.2:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.1.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:serf_project:serf:1.3.6:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:serf_project:serf:1.3.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20143504	V	CVE-2014-3504	2023-06-22
oval:org.opensuse.security:def:7664	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:789	P	Security update for python39 (Important)	2022-10-01
oval:org.opensuse.security:def:3074	P	gd-2.1.0-24.12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94704	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:195	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:191	P	librrd8-1.7.0-4.34 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:480	P	Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (Important)	2022-05-16
oval:org.opensuse.security:def:93845	P	(Moderate)	2022-03-04
oval:org.opensuse.security:def:112826	P	libserf-1-1-1.3.9-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10711	P	Security update for MozillaThunderbird (Important)	2022-01-12
oval:org.opensuse.security:def:9880	P	Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (Important) (in QA)	2022-01-03
oval:org.opensuse.security:def:10380	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:69776	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:9882	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:9635	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:9425	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:9421	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:9816	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:9814	P	Security update for samba (Important)	2021-11-16
oval:org.opensuse.security:def:9606	P	Security update for libvirt (Important)	2021-10-27
oval:org.opensuse.security:def:10698	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:10157	P	Security update for webkit2gtk3 (Important)	2021-10-04
oval:org.opensuse.security:def:106291	P	libserf-1-1-1.3.9-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:1124	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:96689	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103379	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71310	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89724	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61569	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:9791	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:11128	P	Security update for nextcloud (Important)	2021-09-13
oval:org.opensuse.security:def:9589	P	Security update for openssl-1_1 (Low)	2021-09-07
oval:org.opensuse.security:def:10338	P	Security update for java-11-openjdk (Important)	2021-09-03
oval:org.opensuse.security:def:9396	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:10145	P	Security update for dovecot23 (Moderate)	2021-08-31
oval:org.opensuse.security:def:9581	P	Security update for mariadb (Moderate)	2021-08-25
oval:org.opensuse.security:def:10330	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:9379	P	Security update for postgresql10 (Moderate)	2021-08-19
oval:org.opensuse.security:def:9567	P	Security update for libsndfile (Critical)	2021-08-17
oval:org.opensuse.security:def:47702	P	libecpg6-10.5-1.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47838	P	ovmf-2017+git1510945757.b2662641d5-2.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47173	P	vorbis-tools-1.4.0-26.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47002	P	libXvMC1-1.0.8-3.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47554	P	apache2-mod_apparmor-2.8.2-49.21 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47773	P	libpython3_4m1_0-3.4.6-25.16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47001	P	libXv1-1.0.10-3.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47041	P	liblcms1-1.19-17.28 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48127	P	libimobiledevice6-1.2.0-7.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47711	P	libgnomesu-2.0.0-353.6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47940	P	PackageKit-1.1.3-24.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47462	P	pcsc-ccid-1.4.25-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:10313	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:48062	P	lftp-4.7.4-3.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47627	P	gnutls-3.3.27-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47869	P	python-pywbem-0.7.0-4.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47330	P	libapr1-1.5.1-2.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48000	P	elfutils-0.158-7.7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48229	P	libxslt-tools-1.1.28-17.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47413	P	libsrtp1-1.5.2-2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47137	P	python-libxml2-2.9.4-27.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47916	P	w3m-0.5.3.git20161120-160.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48158	P	libnm-glib-vpn1-1.0.12-13.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47265	P	git-core-2.12.3-26.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47016	P	libevent-2_0-5-2.0.21-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:10127	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:71954	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62213	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100971	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:10123	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:9559	P	Security update for MozillaFirefox (Important)	2021-07-27
oval:org.opensuse.security:def:10308	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:10689	P	Security update for bluez (Moderate)	2021-07-22
oval:org.opensuse.security:def:11103	P	Security update for icinga2 (Moderate)	2021-07-19
oval:org.opensuse.security:def:10647	P	Security update for ffmpeg (Important)	2021-07-14
oval:org.opensuse.security:def:10114	P	Security update for dbus-1 (Important)	2021-06-30
oval:org.opensuse.security:def:10111	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:69881	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:9357	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:10105	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:9349	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:71080	P	python2-bottle-0.12.13-1.26 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46712	P	libXxf86dga1-1.1.4-3.59 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48578	P	mozilla-nspr-4.12-15.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16576	P	libserf-1-1-1.3.7-1.37 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48921	P	libcares2-32bit-1.9.1-9.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71021	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11830	P	gzip-1.6-7.392 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15842	P	libserf-1-1-1.3.7-1.37 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124582	P	libserf-1-1-1.3.7-1.37 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11852	P	libQt5WebKit5-5.6.1-9.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48867	P	libproxy1-networkmanager-32bit-0.4.13-16.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16052	P	libserf-1-1-1.3.7-1.37 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46848	P	strongswan-5.1.3-18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61280	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46727	P	libgcrypt20-1.6.1-16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16300	P	libserf-1-1-1.3.7-1.37 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48632	P	systemtap-3.0-7.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46713	P	libXxf86vm1-1.1.3-3.54 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11349	P	libXxf86dga1-1.1.4-3.59 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15657	P	libserf-1-1-1.3.7-1.37 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70967	P	libcroco-0.6.12-2.38 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11371	P	libjbig2-2.0-12.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:9716	P	Security update for djvulibre (Important)	2021-06-04
oval:org.opensuse.security:def:10089	P	Security update for djvulibre (Important)	2021-06-04
oval:org.opensuse.security:def:10081	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:9321	P	Security update for java-11-openjdk (Important)	2021-05-11
oval:org.opensuse.security:def:9506	P	Security update for shim (Important)	2021-05-11
oval:org.opensuse.security:def:9697	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:10063	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:10238	P	Security update for open-iscsi (Important)	2021-04-13
oval:org.opensuse.security:def:9487	P	Security update for spamassassin (Important)	2021-04-13
oval:org.opensuse.security:def:9485	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:9302	P	Security update for zstd (Moderate)	2021-04-08
oval:org.opensuse.security:def:9682	P	Security update for tomcat (Important)	2021-04-01
oval:org.opensuse.security:def:11192	P	Security update for tor (Moderate)	2021-03-25
oval:org.opensuse.security:def:9472	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:9670	P	Security update for gnutls (Important)	2021-03-24
oval:org.opensuse.security:def:10420	P	Security update for gnutls (Important)	2021-03-24
oval:org.opensuse.security:def:9867	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:10219	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:9463	P	Security update for openldap2 (Important)	2021-03-08
oval:org.opensuse.security:def:9858	P	Security update for python-cryptography (Important)	2021-03-03
oval:org.opensuse.security:def:9657	P	Security update for kernel-firmware (Important)	2021-03-03
oval:org.opensuse.security:def:10402	P	Security update for java-1_8_0-ibm (Important)	2021-03-01
oval:org.opensuse.security:def:9648	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:10398	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:10204	P	Security update for webkit2gtk3 (Important)	2021-02-24
oval:org.opensuse.security:def:11179	P	Security update for librepo (Important)	2021-02-15
oval:org.opensuse.security:def:10389	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:10390	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:9836	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:9806	P	Security update for python (Important)	2021-02-09
oval:org.opensuse.security:def:11170	P	Security update for chromium (Important)	2021-01-29
oval:org.opensuse.security:def:66433	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:11028	P	Security update for pngcheck (Moderate)	2020-12-10
oval:org.opensuse.security:def:61878	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49035	P	libserf-1-1-1.3.7-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16885	P	libserf-1-1-1.3.7-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100558	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17366	P	libserf-1-1-1.3.7-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107224	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71619	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116782	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:37904	P	libjpeg-turbo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9240	P	python3-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10518	P	libmms-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10528	P	libpcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38371	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38531	P	yubikey-manager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10879	P	apache-pdfbox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10540	P	libserf-1-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10038	P	automake on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9164	P	libthai-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37768	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73098	P	groff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67727	P	libserf-1-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9194	P	mariadb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10513	P	libjson-c-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38312	P	libjson-c2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38487	P	squidGuard on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73216	P	libserf-1-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9963	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10765	P	libnettle-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11009	P	libidn-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49230	P	libserf-1-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37684	P	supportutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10787	P	libserf-1-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9172	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67627	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10466	P	libXcursor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38152	P	cpio on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9944	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39211	P	libserf-1-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10994	P	libexpat-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37673	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49176	P	libipa_hbac-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11040	P	libotr-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38062	P	shadow on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64380	P	libserf-1-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11062	P	libserf-1-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9929	P	libudisks2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10622	P	accountsservice-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37672	P	rtkit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10947	P	java-1_8_0-ibm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38459	P	python-imaging on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39169	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38005	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9287	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64293	P	libHX-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10871	P	ImageMagick on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10547	P	libssh-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10901	P	dbus-1-glib-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38420	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66525	P	libserf-1-1 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:26285	P	USN-2315-1 -- serf vulnerability	2014-10-13
oval:com.ubuntu.precise:def:20143504000	V	CVE-2014-3504 on Ubuntu 12.04 LTS (precise) - medium.	2014-08-19
oval:com.ubuntu.trusty:def:20143504000	V	CVE-2014-3504 on Ubuntu 14.04 LTS (trusty) - medium.	2014-08-19