Vulnerability CVE-2017-11499 - CERT Civis.Net

Vulnerability Name:

CVE-2017-11499 (CCN-129465)

Assigned:

2017-07-11

Published:

2017-07-11

Updated:

2017-12-07

Summary:

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-11499

Source: CCN
Type: IBM Security Bulletin N1022230 (i)
Vulnerability CVE-2017-1000381 and CVE-2017-11499 in Node.js affects IBM i

Source: CCN
Type: IBM Security Bulletin 2006722 (SDK for Node.js for Bluemix)
Multiple vulnerabilities may affect IBM SDK for Node.js in IBM Bluemix

Source: CCN
Type: IBM Security Bulletin 2007168 (Business Process Manager Advanced)
Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor

Source: CCN
Type: IBM Security Bulletin 2007209 (ASP.NET Core for Bluemix)
Multiple vulnerabilities may affect ASP.NET Core in IBM Bluemix

Source: CCN
Type: IBM Security Bulletin 2008629 (DataPower Gateways)
Vulnerability in Node.js affects IBM DataPower Gateways (CVE-2017-11499)

Source: CCN
Type: IBM Security Bulletin 2008951 (Rational Application Developer for WebSphere Software)
Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software

Source: CCN
Type: IBM Security Bulletin 2009964 (API Connect)
Multiple vulnerabilities in Node.js affect IBM API Connect (CVE-2017-1000381, CVE-2017-11499)

Source: CCN
Type: IBM Security Bulletin 2010141 (Integration Bus)
IBM Integration Bus is affected by Node.js security vulnerability ( CVE-2017-1000381 and CVE-2017-11499 )

Source: BID
Type: Third Party Advisory, VDB Entry
99959

Source: CCN
Type: BID-99959
Node.js CVE-2017-11499 Denial of Service Vulnerability

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2908

Source: REDHAT
Type: UNKNOWN
RHSA-2017:3002

Source: XF
Type: UNKNOWN
nodejs-cve201711499-dos(129465)

Source: CCN
Type: Node Security Web site
Security updates for all active release lines, July 2017

Source: CONFIRM
Type: Patch, Vendor Advisory
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/

Source: CCN
Type: IBM Security Bulletin 2006298 (SDK for Node.js)
Multiple vulnerabilities might affect IBM SDK for Node.js

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-11499

Vulnerable Configuration:

Configuration 1:

cpe:/a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.5.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.6.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.6.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.6.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.7.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.7.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.7.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.7.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.8.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.8.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.8.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.8.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.10.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.10.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.11.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.11.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.12.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.2.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.2.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.3.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.3.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.4.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.5.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.6.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.7.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.8.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.8.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.9.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.9.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.9.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.9.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.9.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.9.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.10.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.10.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.10.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.10.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.11.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.11.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.2.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.3.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.4.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.5.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.6.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.7.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.7.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.7.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.7.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.7.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.8.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.9.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.10.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.10.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:8.1.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:8.1.3:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:nodejs:node.js:4.8.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.11.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:7.10.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:rational_application_developer:9.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.0.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1:*:*:*:websphere:*:*:*

OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.5:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:datapower_gateway:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.6:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:sdk:*:*:node.js:*:bluemix:*:*:*

OR cpe:/a:ibm:datapower_gateway:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.5:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:sdk:4.0:*:*:*:node.js:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.5.0.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:integration_bus:10.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1.2:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.5.0.2:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.7:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:api_connect:5.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sdk:6.0:*:*:*:node.js:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:api_connect:5.0.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.6:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:api_connect:5.0.6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.6.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:api_connect:5.0.7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.6.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.6.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201711499	V	CVE-2017-11499	2022-09-02
oval:org.opensuse.security:def:94261	P	(Important)	2022-07-14
oval:org.opensuse.security:def:1682	P	Security update for apache2 (Important) (in QA)	2022-06-14
oval:org.opensuse.security:def:1673	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:1095	P	Security update for wavpack (Moderate)	2022-03-28
oval:org.opensuse.security:def:1691	P	Security update for mariadb (Important)	2022-03-04
oval:org.opensuse.security:def:32286	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:1086	P	Security update for openexr (Important)	2022-01-12
oval:org.opensuse.security:def:33753	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:33060	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:30159	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:33742	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:33037	P	Security update for tomcat (Important)	2021-11-03
oval:org.opensuse.security:def:35273	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:38320	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:29429	P	Security update for libqt5-qtbase (Important)	2021-09-30
oval:org.opensuse.security:def:38717	P	Security update for atftp (Moderate)	2021-09-29
oval:org.opensuse.security:def:57102	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:66930	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:71349	P	mutt-1.10.1-3.3.4 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64762	P	Security update for apache2 (Important)	2021-09-03
oval:org.opensuse.security:def:29417	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:29418	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:30120	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:34514	P	Security update for qemu (Moderate)	2021-08-23
oval:org.opensuse.security:def:47616	P	gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47752	P	libopenjp2-7-2.1.0-4.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48160	P	libopenssl-1_0_0-devel-1.0.2p-3.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47945	P	ant-1.9.4-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48308	P	spice-vdagent-0.16.0-8.5.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48077	P	libXfont1-1.5.1-11.3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13928	P	libmodplug1-0.8.8.4-13.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14949	P	libSDL-1_2-0-1.2.15-15.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48169	P	libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13950	P	libqt4-32bit-4.8.6-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14927	P	iputils-s20121221-2.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48317	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14018	P	python-pyOpenSSL-16.0.0-2.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14066	P	xorg-x11-7.6_1-14.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47608	P	file-5.22-10.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14084	P	apache2-mod_apparmor-2.8.2-49.21 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47622	P	glibc-2.22-15.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14103	P	coolkey-1.1.0-147.67 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47607	P	fetchmail-6.3.26-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47743	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13920	P	libksba8-1.3.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14196	P	libXi6-1.7.4-17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14265	P	libopenjp2-7-2.1.0-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47617	P	gdm-3.10.0.1-54.6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47936	P	zypper-1.13.45-21.23.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14221	P	libevent-2_0-5-2.0.21-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14276	P	libpolkit0-0.113-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47631	P	grub2-2.02-11.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48068	P	libQt5WebKit5-5.6.2-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14289	P	libsoup-2_4-1-2.54.1-4.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100974	P	libsndfile-devel-1.0.28-5.5.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:84184	P	Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema (Moderate)	2021-07-28
oval:org.opensuse.security:def:84643	P	Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema (Moderate)	2021-07-28
oval:org.opensuse.security:def:57970	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31224	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:30222	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:68009	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) (Important)	2021-07-14
oval:org.opensuse.security:def:66838	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:57946	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:32949	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:81082	P	Security update for crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store (Moderate)	2021-06-11
oval:org.opensuse.security:def:88454	P	Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone (Moderate)	2021-06-11
oval:org.opensuse.security:def:88141	P	Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone (Moderate)	2021-06-11
oval:org.opensuse.security:def:48668	P	empathy-3.10.3-1.131 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48522	P	libmodplug1-0.8.8.4-13.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48733	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48606	P	python-imaging-1.1.7-21.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48764	P	bash-lang-4.3-78.39 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48677	P	java-1_7_0-openjdk-plugin-1.5.1-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48835	P	gegl-0_2-0.2.0-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48531	P	libotr5-4.0.0-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48742	P	libqt4-sql-mysql-32bit-4.8.6-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48615	P	rpcbind-0.2.3-21.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48773	P	gd-32bit-2.1.0-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48844	P	java-1_7_0-openjdk-plugin-1.6.2-2.8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31180	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:33657	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:56996	P	Security update for the Linux Kernel (Important)	2021-05-18
oval:org.opensuse.security:def:34430	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:30071	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:33899	P	Security update for permissions (Important)	2021-04-29
oval:org.opensuse.security:def:34418	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:31159	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:34419	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:57896	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:30178	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:32892	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:38678	P	Security update for OpenEXR (Moderate)	2021-04-07
oval:org.opensuse.security:def:33104	P	Security update for tar (Low)	2021-03-29
oval:org.opensuse.security:def:64675	P	Security update for zstd (Moderate)	2021-03-24
oval:org.opensuse.security:def:28955	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:68109	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)	2021-03-17
oval:org.opensuse.security:def:32275	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:34650	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:33781	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:57553	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:30016	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:32998	P	Security update for python-urllib3 (Moderate)	2021-02-03
oval:org.opensuse.security:def:73621	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:70286	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:57827	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35911	P	gstreamer-0_10-plugins-base-0.10.35-5.15.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2321	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35952	P	libgnomesu-1.0.0-307.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:90089	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107640	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63392	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2303	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63401	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117198	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2312	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71462	P	cracklib-2.9.6-9.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63410	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103744	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:38629	P	kernel-default on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38745	P	libxcb-dri2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30494	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29777	P	Security update for GnuTLS	2020-12-01
oval:org.opensuse.security:def:28906	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:29011	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:31862	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:56423	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:38789	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30409	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30626	P	Security update for Xen and libvirt	2020-12-01
oval:org.opensuse.security:def:29863	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29055	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:33810	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:50078	P	libspice-server-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56445	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:30716	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:50132	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37928	P	libopenjp2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34163	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:56422	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:56585	P	Security update for spice-gtk (Important)	2020-12-01
oval:org.opensuse.security:def:30773	P	Security update for automake	2020-12-01
oval:org.opensuse.security:def:39427	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:37939	P	libplist3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34749	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34056	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:34202	P	Security update for perl-Archive-Zip (Moderate)	2020-12-01
oval:org.opensuse.security:def:28276	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:56823	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:39469	P	Security update for nodejs4, nodejs6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30860	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:29729	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:37927	P	libnm-glib-vpn1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38023	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34806	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34114	P	Security update for nagios (Moderate)	2020-12-01
oval:org.opensuse.security:def:34227	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30408	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28343	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31015	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:73503	P	graphviz-perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38160	P	cups-pk-helper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34896	P	Security update for cyrus-imapd (Low)	2020-12-01
oval:org.opensuse.security:def:35163	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:34271	P	Security update for puppet (Moderate)	2020-12-01
oval:org.opensuse.security:def:28265	P	Security update for mercurial (Important)	2020-12-01
oval:org.opensuse.security:def:28474	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:70181	P	ncurses-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32363	P	Security update for sudo (Moderate)	2020-12-01
oval:org.opensuse.security:def:31071	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50060	P	graphviz-tcl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38262	P	libXtst6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35055	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:35202	P	Security update for PostgreSQL 9.1	2020-12-01
oval:org.opensuse.security:def:28559	P	Security update for gtk2	2020-12-01
oval:org.opensuse.security:def:57268	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:57753	P	kdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50114	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33428	P	Security update for clamav, clamav-db, clamav-debuginfo, clamav-debugsource	2020-12-01
oval:org.opensuse.security:def:32498	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31120	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:30897	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:35114	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:35229	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:29501	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28616	P	Security update for xorg-x11-libXext	2020-12-01
oval:org.opensuse.security:def:34909	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:33439	P	Security update for ethereal and wireshark	2020-12-01
oval:org.opensuse.security:def:32592	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29693	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:38410	P	libzypp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34949	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:29633	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:28700	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:57661	P	alsa on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57865	P	libusbmuxd4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33427	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:33521	P	Security update for strongswan	2020-12-01
oval:org.opensuse.security:def:32649	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50069	P	libfpm_pb0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28264	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:38570	P	cups-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30420	P	Security update for xorg-x11-libXpm (Moderate)	2020-12-01
oval:org.opensuse.security:def:29720	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28852	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28994	P	Security update for conntrack-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:50123	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32736	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31900	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:80605	P	Security update for nodejs4, nodejs6 (Moderate)	2017-08-15
oval:com.ubuntu.bionic:def:2017114990000000	V	CVE-2017-11499 on Ubuntu 18.04 LTS (bionic) - medium.	2017-07-25
oval:com.ubuntu.artful:def:201711499000	V	CVE-2017-11499 on Ubuntu 17.10 (artful) - medium.	2017-07-25
oval:com.ubuntu.xenial:def:201711499000	V	CVE-2017-11499 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-25
oval:com.ubuntu.xenial:def:2017114990000000	V	CVE-2017-11499 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-25
oval:com.ubuntu.bionic:def:201711499000	V	CVE-2017-11499 on Ubuntu 18.04 LTS (bionic) - medium.	2017-07-25
oval:com.ubuntu.disco:def:2017114990000000	V	CVE-2017-11499 on Ubuntu 19.04 (disco) - medium.	2017-07-25
oval:com.ubuntu.cosmic:def:201711499000	V	CVE-2017-11499 on Ubuntu 18.10 (cosmic) - medium.	2017-07-25
oval:com.ubuntu.cosmic:def:2017114990000000	V	CVE-2017-11499 on Ubuntu 18.10 (cosmic) - medium.	2017-07-25
oval:com.ubuntu.trusty:def:201711499000	V	CVE-2017-11499 on Ubuntu 14.04 LTS (trusty) - medium.	2017-07-25