Vulnerability CVE-2019-0201 - CERT Civis.Net

Vulnerability Name:

CVE-2019-0201 (CCN-161303)

Assigned:

2018-11-14

Published:

2019-05-20

Updated:

2022-04-19

Summary:

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2019-0201

Source: CCN
Type: IBM Security Bulletin 964995 (Watson Explorer)
Watson Explorer is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)

Source: BID
Type: Third Party Advisory, VDB Entry
108427

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:3140

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:3892

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:4352

Source: XF
Type: UNKNOWN
apache-zookeeper-cve20190201-info-disc(161303)

Source: MISC
Type: Issue Tracking, Patch, Vendor Advisory
https://issues.apache.org/jira/browse/ZOOKEEPER-1392

Source: MLIST
Type: Mailing List, Vendor Advisory
[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar

Source: MLIST
Type: Mailing List, Vendor Advisory
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Patch, Vendor Advisory
[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)

Source: MLIST
Type: Mailing List, Vendor Advisory
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

Source: MLIST
Type: Mailing List, Vendor Advisory
[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5

Source: MLIST
Type: Mailing List, Vendor Advisory
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Vendor Advisory
[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20190612 [SECURITY] [DSA 4461-1] zookeeper security update

Source: CCN
Type: oss-sec Mailing List, Mon, 20 May 2019 19:15:24 +0200
[CVE-2019-0201] Information disclosure vulnerability in Apache ZooKeeper

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20190619-0001/

Source: DEBIAN
Type: Third Party Advisory
DSA-4461

Source: CCN
Type: IBM Security Bulletin 888067 (Event Streams)
IBM Event Streams is affected by Apache ZooKeeper vulnerability CVE-2019-0201

Source: CCN
Type: IBM Security Bulletin 957455 (Cloud App Management)
A vulnerability in Apache ZooKeeper could affect IBM Cloud App Management

Source: CCN
Type: IBM Security Bulletin 958553 (Netcool Agile Service Manager)
IBM Netcool Agile Service Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)

Source: CCN
Type: IBM Security Bulletin 1119117 (Netcool Operations Insight)
Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)

Source: CCN
Type: IBM Security Bulletin 6151677 (Agile Lifecycle Manager)
IBM Agile Lifecycle Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)

Source: CCN
Type: IBM Security Bulletin 6198380 (DB2 for Linux- UNIX and Windows)
Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation.

Source: CCN
Type: IBM Security Bulletin 6210366 (Monitoring)
Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Source: CCN
Type: IBM Security Bulletin 6335235 (QRadar SIEM)
Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2019-0201)

Source: CCN
Type: IBM Security Bulletin 6444771 (Log Analysis)
IBM Operations Analytics - Log Analysis is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)

Source: CCN
Type: IBM Security Bulletin 6444895 (Db2 Warehouse)
IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2

Source: CCN
Type: IBM Security Bulletin 6491163 (Planning Analytics)
IBM Planning Analytics Workspace is affected by security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6605881 (PureData System for Operational Analytics)
Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6830683 (Sterling B2B Integrator)
IBM Sterling B2B Integrator B2B API vulnerable to multiple issues due to Apache Zookeeper (CVE-2019-0201, CVE-2021-21409)

Source: CCN
Type: IBM Security Bulletin 1071708 (Tivoli Netcool/OMNIbus)
Multiple vulnerabilities have been identified in bundled libraries of IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-12086, CVE-2019-0201)

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CCN
Type: Oracle CPUOct2020
Oracle Critical Patch Update Advisory - October 2020

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-0201

Source: CCN
Type: Apache Web site
Welcome to Apache ZooKeepe

Source: CONFIRM
Type: Vendor Advisory
https://zookeeper.apache.org/security.html#CVE-2019-0201

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:activemq:5.15.9:*:*:*:*:*:*:*

OR cpe:/a:apache:drill:1.16.0:*:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:*:*:*:*:*:*:*:* (Version >= 1.0.0 and <= 3.4.13)

OR cpe:/a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.4:beta:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:redhat:fuse:1.0.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:* (Version < 19.1.0.0.1)

OR cpe:/a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:* (Version <= 21.5)

OR cpe:/a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:* (Version < 18.1.3.1.0)

Configuration 5:

cpe:/o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*

AND

cpe:/h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/a:netapp:element_software:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:zookeeper:3.4.13:-:*:*:*:*:*:*

OR cpe:/a:apache:zookeeper:3.5.4:beta:*:*:*:*:*:*

AND

cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*

OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2018.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2018.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:netcool_agile_service_manager:1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*

OR cpe:/a:ibm:agile_lifecycle_manager:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:agile_lifecycle_manager:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.1.0:*:*:*:standard:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20190201	V	CVE-2019-0201	2022-05-22
oval:org.opensuse.security:def:59878	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:60440	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:61606	P	minicom-2.7.1-1.19 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61607	P	mozilla-nspr-32bit-4.20-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61630	P	procmail-3.22-2.34 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:60344	P	Security update for spectre-meltdown-checker (Moderate)	2021-08-27
oval:org.opensuse.security:def:63445	P	oath-toolkit-2.6.2-1.15 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63353	P	libvirglrenderer0-0.6.0-4.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63340	P	libfreebl3-hmac-3.53.1-3.51.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63423	P	graphviz-gnome-2.40.1-6.3.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63495	P	libstaroffice-0_0-0-0.0.7-7.3.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63023	P	libtidy-devel-5.4.0-3.2.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62072	P	file-5.32-7.11.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62266	P	nmap-7.70-3.12.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62160	P	libjansson-devel-2.9-1.24 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62356	P	xorg-x11-devel-7.6.1-1.16 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63529	P	bluez-cups-5.48-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:59744	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:60228	P	Security update for clamav (Important)	2021-04-13
oval:org.opensuse.security:def:60485	P	Security update for openssl-1_1 (Important)	2021-03-25
oval:org.opensuse.security:def:59448	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:59442	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:62925	P	rpm-build-4.14.1-10.16.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62488	P	pulseaudio-11.1-4.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63055	P	python2-numpy-gnu-hpc-1.16.5-1.164 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62702	P	libtag-devel-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63157	P	libcacard-devel-2.5.3-1.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61691	P	alsa-1.1.5-6.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61799	P	libXt-devel-1.1.5-2.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63251	P	apache2-mod_auth_openidc-2.3.8-3.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61692	P	amavisd-new-2.11.1-6.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63154	P	guestfs-data-1.38.0-3.52 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63289	P	nut-2.7.4-4.72 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61715	P	clamav-0.100.3-3.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63257	P	davfs2-1.5.4-1.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63390	P	jakarta-commons-fileupload-1.1.1-2.82 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61886	P	libsqlite3-0-3.28.0-3.9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62396	P	bluez-5.48-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63392	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62606	P	typelib-1_0-JavaScriptCore-4_0-2.24.1-3.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:59695	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:60560	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59284	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:60700	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:59629	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:60649	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:60784	P	Security update for sane-backends (Important)	2020-12-01
oval:org.opensuse.security:def:60599	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:60822	P	Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)	2020-12-01
oval:org.opensuse.security:def:59929	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:60677	P	Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper (Moderate)	2020-12-01
oval:org.opensuse.security:def:60913	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:59017	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:59996	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:60863	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:59018	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:60185	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:60942	P	Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper (Moderate)	2020-12-01
oval:org.opensuse.security:def:59040	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:59261	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:59196	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:60522	P	python-libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59262	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:60603	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:87996	P	Security update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper (Moderate)	2020-05-05
oval:org.opensuse.security:def:88300	P	Security update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper (Moderate)	2020-05-05
oval:org.opensuse.security:def:83943	P	Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper (Moderate)	2020-04-22
oval:org.opensuse.security:def:84395	P	Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper (Moderate)	2020-04-22
oval:com.ubuntu.cosmic:def:201902010000000	V	CVE-2019-0201 on Ubuntu 18.10 (cosmic) - low.	2019-05-23
oval:com.ubuntu.bionic:def:201902010000000	V	CVE-2019-0201 on Ubuntu 18.04 LTS (bionic) - low.	2019-05-23
oval:com.ubuntu.xenial:def:201902010000000	V	CVE-2019-0201 on Ubuntu 16.04 LTS (xenial) - low.	2019-05-23
oval:com.ubuntu.disco:def:201902010000000	V	CVE-2019-0201 on Ubuntu 19.04 (disco) - low.	2019-05-23