Vulnerability CVE-2018-1000632 - CERT Civis.Net

Vulnerability Name:

CVE-2018-1000632 (CCN-148750)

Assigned:

2018-07-01

Published:

2018-07-01

Updated:

2021-09-07

Summary:

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2018-1000632

Source: CCN
Type: Oracle CPUJan2019
Oracle Critical Patch Update Advisory - January 2019

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:0362

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:0364

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:0365

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:0380

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:1159

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:1160

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:1161

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:1162

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:3172

Source: XF
Type: UNKNOWN
dom4j-cve20181000632-code-exec(148750)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387

Source: CCN
Type: dom4j GIT Repository
Validate QName inputs #48

Source: CONFIRM
Type: Third Party Advisory
https://github.com/dom4j/dom4j/issues/48

Source: MISC
Type: Exploit, Third Party Advisory
https://ihacktoprotect.com/post/dom4j-xml-injection/

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[maven-commits] 20190601 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year

Source: MLIST
Type: Mailing List, Third Party Advisory
[maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[maven-commits] 20190531 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year

Source: MLIST
Type: Third Party Advisory
[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report

Source: MLIST
Type: Mailing List, Third Party Advisory
[maven-dev] 20190610 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)

Source: MLIST
Type: Mailing List, Third Party Advisory
[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[maven-commits] 20190604 [maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year

Source: MLIST
Type: Mailing List, Third Party Advisory
[maven-dev] 20190603 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)

Source: MLIST
Type: UNKNOWN
[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security update

Source: FEDORA
Type: UNKNOWN
FEDORA-2021-f28c870528

Source: FEDORA
Type: UNKNOWN
FEDORA-2021-8015a8cdc4

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20190530-0001/

Source: CCN
Type: IBM Security Bulletin 6254788 (Planning Analytics)
IBM Planning Analytics Workspace is affected by security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6356447 (QRadar SIEM)
Dom4j as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000632, CVE-2020-10683)

Source: CCN
Type: IBM Security Bulletin 6367929 (Sterling B2B Integrator)
Dom4j XML Injection Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1000632)

Source: CCN
Type: IBM Security Bulletin 6403331 (Security Guardium Data Encryption)
Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Source: CCN
Type: IBM Security Bulletin 6416393 (Spectrum Conductor)
Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0

Source: CCN
Type: IBM Security Bulletin 6444035 (SmartCloud Analytics)
dom4j Vulnerability in Apache Solr shipped with IBM Operations Analytics - Log Analysis Analysis (CVE-2018-1000632)

Source: CCN
Type: IBM Security Bulletin 6508583 (Rational DOORS Next Generation)
Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Source: CCN
Type: IBM Security Bulletin 6570957 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6616093 (TRIRIGA Application Platform)
Tririga is vulnerable to remote hacker due to dom4j open source

Source: CCN
Type: IBM Security Bulletin 6620049 (SPSS Statistics)
Dom4j Vulnerability affects IBM SPSS Statistics (CVE-2018-1000632)

Source: CCN
Type: IBM Security Bulletin 6836923 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to arbitrary code execution due to use of dom4j (CVE-2018-1000632)

Source: CCN
Type: IBM Security Bulletin 6956539 (MobileFirst Platform Foundation)
Multiple vulnerabilities found with third-party libraries used by IBM MobileFirst Platform

Source: CCN
Type: IBM Security Bulletin 6959029 (Spectrum Control)
IBM Spectrum Control is vulnerable to weakness related to dom4j

Source: CCN
Type: IBM Security Bulletin 6967183 (Cloud Pak System Software Suite)
Multiple vulnerabilities in Open Source software used by Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6988889 (Atlas eDiscovery Process Management)
Atlas eDiscovery Process Management is affected by a vulnerable dom4j-1.6.1.jar

Source: CCN
Type: Oracle CPUApr2020
Oracle Critical Patch Update Advisory - April 2020

Source: N/A
Type: Third Party Advisory
N/A

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2021
Oracle Critical Patch Update Advisory - April 2021

Source: MISC
Type: UNKNOWN
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CONFIRM
Type: Patch, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-1000632

Vulnerable Configuration:

Configuration 1:

cpe:/a:dom4j_project:dom4j:*:*:*:*:*:*:*:* (Version >= 2.0.0 and < 2.0.3)

OR cpe:/a:dom4j_project:dom4j:*:*:*:*:*:*:*:* (Version >= 2.1.0 and < 2.1.1)

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 16.1.0.0 and <= 16.2.20.1)

OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 17.1.0.0 and <= 17.12.17.1)

OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 18.1.0.0 and <= 18.8.19.0)

OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 19.12.0.0 and <= 19.12.6.0)

OR cpe:/a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:*:*:*:*:*:*:*:* (Version >= 4.3.0.2.0 and <= 4.3.0.6.0)

OR cpe:/a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:4.4.0.2:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:redhat:satellite:6.6:*:*:*:*:*:*:*

OR cpe:/a:redhat:satellite_capsule:6.6:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 6:

cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

Configuration 7:

cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:snapcenter:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:snapmanager:-:*:*:*:*:oracle:*:*

OR cpe:/a:netapp:snapmanager:-:*:*:*:*:sap:*:*

Configuration CCN 1:

cpe:/a:dom4j_project:dom4j:2.1.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:atlas_ediscovery_process_management:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_framework:4.4.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium_data_encryption:3.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.3.2:*:*:*:standard:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20181000632	V	CVE-2018-1000632	2023-06-22
oval:org.opensuse.security:def:8004	P	dom4j-1.6.1-150200.12.6.3 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:1389	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) (Important)	2022-06-29
oval:org.opensuse.security:def:3379	P	sysvinit-tools-2.88+-101.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3162	P	libcdio14-0.90-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3150	P	libXvnc1-1.6.0-22.7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95009	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:112169	P	dom4j-1.6.1-33.6 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105701	P	dom4j-1.6.1-33.6 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:2431	P	strongswan-nm-5.8.2-11.8.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2425	P	python2-opencv-3.3.1-6.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2421	P	python2-SQLAlchemy-1.3.22-2.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63004	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72723	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100839	P	gdk-pixbuf-loader-rsvg-2.46.5-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101262	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1915	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:51595	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:2443	P	dia-0.97.3-2.32 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48938	P	libpcrecpp0-32bit-8.39-8.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2472	P	transfig-3.2.6a-2.86 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48957	P	libzmq3-4.0.4-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2463	P	libraw-devel-0.18.9-1.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48939	P	libpcsclite1-32bit-1.8.10-7.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2457	P	libmwaw-0_3-3-0.3.13-2.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:66806	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:51533	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:66714	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:2512	P	transfig-3.2.6a-2.86 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2510	P	pidgin-plugin-otr-4.0.2-1.61 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2502	P	libpurple-2.13.0-3.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72666	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94126	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2496	P	libmwaw-0_3-3-0.3.14-4.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107505	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1858	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117063	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62947	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26622	P	openvpn on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27187	P	libgdiplus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49435	P	libexiv2-26 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28059	P	Security update for dom4j (Moderate)	2020-12-01
oval:org.opensuse.security:def:27342	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27036	P	sysconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49289	P	pam_ssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50257	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:50088	P	ovmf on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26952	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49084	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26611	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50184	P	gegl-0_3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50018	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70162	P	dom4j on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26895	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70057	P	gstreamer-plugins-bad on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73379	P	firewall-applet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26610	P	log4net on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27328	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49928	P	python2-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49830	P	dom4j on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26814	P	qt3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49776	P	cargo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27386	P	cyrus-imapd-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27289	P	sendmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49690	P	libquicktime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73497	P	dom4j on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26686	P	dhcpcd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28024	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:50153	P	kernel-default-extra on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27240	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49533	P	libSoundTouch0 on GA media (Moderate)	2020-12-01
oval:com.ubuntu.xenial:def:201810006320000000	V	CVE-2018-1000632 on Ubuntu 16.04 LTS (xenial) - low.	2018-08-20
oval:com.ubuntu.bionic:def:20181000632000	V	CVE-2018-1000632 on Ubuntu 18.04 LTS (bionic) - low.	2018-08-20
oval:com.ubuntu.disco:def:201810006320000000	V	CVE-2018-1000632 on Ubuntu 19.04 (disco) - low.	2018-08-20
oval:com.ubuntu.cosmic:def:20181000632000	V	CVE-2018-1000632 on Ubuntu 18.10 (cosmic) - low.	2018-08-20
oval:com.ubuntu.cosmic:def:201810006320000000	V	CVE-2018-1000632 on Ubuntu 18.10 (cosmic) - low.	2018-08-20
oval:com.ubuntu.trusty:def:20181000632000	V	CVE-2018-1000632 on Ubuntu 14.04 LTS (trusty) - low.	2018-08-20
oval:com.ubuntu.bionic:def:201810006320000000	V	CVE-2018-1000632 on Ubuntu 18.04 LTS (bionic) - low.	2018-08-20
oval:com.ubuntu.xenial:def:20181000632000	V	CVE-2018-1000632 on Ubuntu 16.04 LTS (xenial) - low.	2018-08-20