Vulnerability CVE-2020-7063

Vulnerability Name:

CVE-2020-7063 (CCN-177006)

Assigned:

2020-01-08

Published:

2020-01-08

Updated:

2022-05-08

Summary:

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-281
CWE-284

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-7063

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2020:0341

Source: CCN
Type: PHP Web site
PHP

Source: CCN
Type: PHP Sec Bug #79082
Files added to tar with Phar::buildFromIterator have all-access permissions

Source: MISC
Type: Exploit, Vendor Advisory
https://bugs.php.net/bug.php?id=79082

Source: XF
Type: UNKNOWN
php-cve20207063-info-disc(177006)

Source: MLIST
Type: Third Party Advisory
[debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update

Source: GENTOO
Type: Third Party Advisory
GLSA-202003-57

Source: UBUNTU
Type: Third Party Advisory
USN-4330-1

Source: DEBIAN
Type: Third Party Advisory
DSA-4717

Source: DEBIAN
Type: Third Party Advisory
DSA-4719

Source: CCN
Type: IBM Security Bulletin 6208332 (API Connect)
IBM API Connect is vulnerable to vulnerabilities in PHP (CVE-2020-7061, CVE-2020-7062, CVE-2020-7063)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://www.tenable.com/security/tns-2021-14

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-7063

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.2.0 and <= 7.2.27)

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.3.0 and <= 7.3.14)

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.4.0 and <= 7.4.2)

Configuration 2:

cpe:/a:tenable:tenable.sc:*:*:*:*:*:*:*:* (Version < 5.19.0)

Configuration 3:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:7.3.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.2.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.4.0:-:*:*:*:*:*:*

AND

cpe:/a:ibm:api_connect:2018.4.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:2018.4.1.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20207063	V	CVE-2020-7063	2023-06-22
oval:org.opensuse.security:def:8075	P	apache2-mod_php7-7.4.33-150400.4.22.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:52002	P	Security update for haproxy (Critical)	2023-02-14
oval:org.opensuse.security:def:51992	P	Security update for vim (Moderate)	2023-01-30
oval:org.opensuse.security:def:51973	P	Security update for cni (Important)	2022-12-20
oval:org.opensuse.security:def:639	P	Security update for grafana (Important) (in QA)	2022-10-06
oval:org.opensuse.security:def:4738	P	Security update for oracleasm (Important)	2022-08-10
oval:org.opensuse.security:def:94257	P	(Important)	2022-07-11
oval:org.opensuse.security:def:3434	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3217	P	libnetpbm11-10.66.3-8.7.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3105	P	ibus-1.5.13-15.11.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3145	P	libXrender1-0.9.8-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3194	P	libjbig2-2.0-12.13 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3100	P	gvim-7.4.326-17.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3540	P	krb5-1.12.5-40.37.7 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3218	P	libnghttp2-14-1.7.1-1.84 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3112	P	java-1_7_0-openjdk-1.7.0.231-43.27.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3153	P	libapr-util1-1.5.3-2.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3221	P	libopenssl-1_0_0-devel-1.0.2p-3.11.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3203	P	libldb1-1.5.4-1.28 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3215	P	libncurses5-32bit-5.9-64.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3126	P	libICE6-1.0.8-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3164	P	libdcerpc-binding0-32bit-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:4297	P	Security update for drbd (Important)	2022-06-22
oval:org.opensuse.security:def:95064	P	apache2-mod_php7-7.4.25-150400.2.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95170	P	apache2-mod_php8-8.0.10-150400.2.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:5274	P	Security update for webkit2gtk3 (Important)	2022-06-15
oval:org.opensuse.security:def:4616	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5) (Important)	2022-06-05
oval:org.opensuse.security:def:4611	P	Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) (Important)	2022-05-21
oval:org.opensuse.security:def:4609	P	Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP5) (Important)	2022-05-21
oval:org.opensuse.security:def:5249	P	Security update for MozillaFirefox (Important)	2022-05-19
oval:org.opensuse.security:def:4754	P	Security update for openldap2 (Important)	2022-05-16
oval:org.opensuse.security:def:4604	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:4599	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP5) (Important)	2022-05-10
oval:org.opensuse.security:def:4596	P	Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) (Important)	2022-05-09
oval:org.opensuse.security:def:4592	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:4591	P	Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:4588	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:4577	P	Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) (Important)	2022-04-15
oval:org.opensuse.security:def:4564	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2022-03-29
oval:org.opensuse.security:def:4706	P	Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP5) (Important)	2022-03-29
oval:org.opensuse.security:def:4740	P	Security update for the Linux RT Kernel (Critical)	2022-02-22
oval:org.opensuse.security:def:4678	P	Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP5) (Critical)	2022-02-16
oval:org.opensuse.security:def:1687	P	Security update for wireshark (Moderate)	2022-02-14
oval:org.opensuse.security:def:4661	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP5) (Important)	2022-02-01
oval:org.opensuse.security:def:113132	P	php7-7.4.24-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113137	P	php8-8.0.11-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:30169	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:4701	P	Security update for the Linux Kernel (Important)	2022-01-13
oval:org.opensuse.security:def:4536	P	Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) (Important)	2021-12-14
oval:org.opensuse.security:def:4543	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2021-12-14
oval:org.opensuse.security:def:4236	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:65681	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:34595	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:69553	P	Security update for busybox (Important)	2021-10-27
oval:org.opensuse.security:def:30258	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:106565	P	php7-7.4.24-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106567	P	php8-8.0.11-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:64578	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:4220	P	Security update for grilo (Important)	2021-09-23
oval:org.opensuse.security:def:66926	P	Security update for xen (Moderate)	2021-09-18
oval:org.opensuse.security:def:4492	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP5) (Important)	2021-09-16
oval:org.opensuse.security:def:33973	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:70282	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:33962	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:33961	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:4466	P	Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP5) (Important)	2021-08-17
oval:org.opensuse.security:def:4478	P	Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP5) (Important)	2021-08-17
oval:org.opensuse.security:def:4474	P	Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP5) (Important)	2021-08-17
oval:org.opensuse.security:def:14049	P	unixODBC-2.3.4-6.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14297	P	libtasn1-4.9-1.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14184	P	libFLAC++6-1.3.0-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14390	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14020	P	python-requests-2.8.1-6.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14321	P	logwatch-7.4.3-15.65 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15028	P	libmms0-0.6.2-15.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14377	P	ruby-2.1-1.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14050	P	unzip-6.00-32.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14185	P	libHX28-3.18-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14391	P	systemtap-3.0-10.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14117	P	davfs2-1.5.2-2.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14322	P	mailman-2.1.17-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14203	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15029	P	libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14118	P	dbus-1-1.8.22-28.19 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14365	P	python-requests-2.8.1-6.16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14027	P	rsync-3.1.0-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14204	P	libXv1-1.0.10-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15050	P	libpcsclite1-1.8.10-7.6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14166	P	hardlink-1.0-6.38 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14296	P	libtag1-1.9.1-1.218 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14019	P	python-pywbem-0.7.0-4.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14366	P	python3-3.4.6-24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14028	P	rsyslog-8.4.0-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15051	P	libplist3-1.12-20.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14167	P	hplip-3.16.11-1.33 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14376	P	rtkit-0.11_git201205151338-8.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:94292	P	php7-embed-7.4.6-1.11 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63469	P	ffmpeg-3.4.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101005	P	php7-embed-7.4.6-1.11 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2359	P	php7-embed-7.4.6-1.11 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63414	P	apache2-mod_php7-7.4.6-3.17.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:107671	P	php7-embed-7.4.6-1.11 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101415	P	apache2-mod_php7-7.4.6-3.17.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2418	P	php7-embed-7.4.6-3.17.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63448	P	php7-embed-7.4.6-1.11 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63507	P	php7-embed-7.4.6-3.17.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2325	P	apache2-mod_php7-7.4.6-3.17.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62795	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62763	P	libICE6-32bit-1.0.9-1.25 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72471	P	gnome-settings-daemon-3.34.2+0-4.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62767	P	libSDL2-2_0-0-2.0.8-9.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62770	P	libXinerama1-32bit-1.1.3-1.22 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100970	P	libseccomp-devel-2.4.1-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:4208	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:4461	P	Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP5) (Important)	2021-07-27
oval:org.opensuse.security:def:4448	P	Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP5) (Important)	2021-07-22
oval:org.opensuse.security:def:51920	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:66834	P	Security update for jetty-minimal (Important)	2021-06-17
oval:org.opensuse.security:def:4135	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:64520	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:38123	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:69118	P	Security update for postgresql13 (Moderate)	2021-05-27
oval:org.opensuse.security:def:4411	P	Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP5) (Important)	2021-05-25
oval:org.opensuse.security:def:38122	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:64690	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:73617	P	Security update for the Linux Kernel (Important)	2021-05-12
oval:org.opensuse.security:def:74632	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:38779	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:4122	P	Security update for webkit2gtk3 (Important)	2021-04-29
oval:org.opensuse.security:def:51553	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:69448	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:5016	P	Security update for the Linux Kernel (Important)	2021-04-15
oval:org.opensuse.security:def:4721	P	Security update for the Linux Kernel (Important)	2021-04-13
oval:org.opensuse.security:def:51186	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:52026	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:34653	P	Security update for s390-tools (Important)	2021-03-12
oval:org.opensuse.security:def:30037	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:4177	P	Security update for python-bottle (Important)	2021-02-16
oval:org.opensuse.security:def:51729	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:4731	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:51719	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:38778	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:51588	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:51151	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:34437	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:70177	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:29963	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:4114	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:29952	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:29951	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:4368	P	Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP5) (Important)	2020-12-07
oval:org.opensuse.security:def:3872	P	cyrus-sasl-devel-2.1.26-8.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63406	P	apache2-mod_php7-7.4.6-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72355	P	gnome-shell-3.34.4+4-1.58 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107636	P	apache2-mod_php7-7.4.6-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117194	P	apache2-mod_php7-7.4.6-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62973	P	perl-Config-IniFiles-2.94-1.23 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63616	P	gegl-0_3-0.3.34-1.30 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2317	P	apache2-mod_php7-7.4.6-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63266	P	gtk-vnc-devel-1.0.0-2.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3859	P	bash-devel-4.3-83.23.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:5535	P	Security update for python-waitress (Moderate)	2020-12-02
oval:org.opensuse.security:def:4877	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:4994	P	Security update for nodejs8 (Important)	2020-12-02
oval:org.opensuse.security:def:5566	P	Security update for php7 (Important)	2020-12-02
oval:org.opensuse.security:def:4884	P	Security update for salt (Moderate)	2020-12-02
oval:org.opensuse.security:def:4813	P	Security update for ovmf (Important)	2020-12-02
oval:org.opensuse.security:def:4349	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4897	P	Security update for dpdk (Critical)	2020-12-02
oval:org.opensuse.security:def:4838	P	Security update for mariadb, mariadb-connector-c (Important)	2020-12-02
oval:org.opensuse.security:def:4352	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4356	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4344	P	Security update for the Linux Kernel (Live Patch 12 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4317	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:5392	P	Security update for openldap2 (Important)	2020-12-02
oval:org.opensuse.security:def:4870	P	Security update for dpdk (Moderate)	2020-12-02
oval:org.opensuse.security:def:5420	P	Security update for php7 (Important)	2020-12-02
oval:org.opensuse.security:def:4744	P	Security update for rsyslog (Moderate)	2020-12-02
oval:org.opensuse.security:def:4342	P	Security update for the Linux Kernel (Live Patch 14 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:50756	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:49972	P	python3-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51833	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:38818	P	vorbis-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53523	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:66217	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:38039	P	python-PyYAML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50382	P	Security update for nmap (Moderate)	2020-12-01
oval:org.opensuse.security:def:39571	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38363	P	librelp0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38846	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19173	P	Security update for pcp (Important)	2020-12-01
oval:org.opensuse.security:def:30401	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:38671	P	libgcrypt20 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34702	P	Security update for Image Magick	2020-12-01
oval:org.opensuse.security:def:18746	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:18315	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:38420	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64418	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52273	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Moderate)	2020-12-01
oval:org.opensuse.security:def:38890	P	cyrus-sasl-digestmd5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38027	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50901	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:34193	P	Security update for pam-modules (Moderate)	2020-12-01
oval:org.opensuse.security:def:18493	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:64174	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:38729	P	libsrtp1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18770	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:50074	P	libosinfo-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53595	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:18178	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:51447	P	Security update for graphviz (Moderate)	2020-12-01
oval:org.opensuse.security:def:18676	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:18500	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:52309	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:18058	P	Security update for gc (Moderate)	2020-12-01
oval:org.opensuse.security:def:50915	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:18302	P	Security update for libmicrohttpd (Moderate)	2020-12-01
oval:org.opensuse.security:def:19198	P	Security update for php72 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50632	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:18234	P	Security update for gegl (Moderate)	2020-12-01
oval:org.opensuse.security:def:51423	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52247	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:74765	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:50878	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:51023	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:18411	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:50860	P	Security update for java-11-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:53666	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:49637	P	gtk2-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51454	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:35448	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:50128	P	apache2-mod_php7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18050	P	Security update for libgit2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50123	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30698	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:50892	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:19408	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:50626	P	Security update for ruby-bundled-gems-rpmhelper, ruby2.5 (Important)	2020-12-01
oval:org.opensuse.security:def:72788	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31437	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38421	P	nmap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30659	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:38891	P	dia on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:69015	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49617	P	emacs-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38259	P	libXrandr2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30555	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:38730	P	libssh2-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34741	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:52242	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:53740	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:18401	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:38510	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18501	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:35489	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18059	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:51039	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (Important)	2020-12-01
oval:org.opensuse.security:def:34291	P	Security update for python-pam	2020-12-01
oval:org.opensuse.security:def:18531	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:64310	P	libXtst-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52062	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:34766	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:19199	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50757	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18235	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:18512	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:52390	P	Security update for rust, rust-cbindgen (Moderate)	2020-12-01
oval:org.opensuse.security:def:18092	P	Security update for sudo (Moderate)	2020-12-01
oval:org.opensuse.security:def:18412	P	Security update for subversion (Important)	2020-12-01
oval:org.opensuse.security:def:52110	P	Security update for libmspack (Low)	2020-12-01
oval:org.opensuse.security:def:50654	P	Security update for python-SQLAlchemy (Important)	2020-12-01
oval:org.opensuse.security:def:18265	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:18534	P	Security update for libofx (Important)	2020-12-01
oval:org.opensuse.security:def:39528	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52304	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:18051	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:18443	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49765	P	zlib-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73499	P	gdb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38028	P	perl-LWP-Protocol-https on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50223	P	enigmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30717	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:50966	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50631	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38260	P	libXrender1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50719	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:38817	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53377	P	Security update for virt-bootstrap (Moderate)	2020-12-01
oval:org.opensuse.security:def:65771	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:38038	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30315	P	Security update for tftp	2020-12-01
oval:org.opensuse.security:def:38511	P	vorbis-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18734	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30761	P	Security update for php53	2020-12-01
oval:org.opensuse.security:def:39570	P	Security update for php72 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18280	P	Security update for libtirpc (Important)	2020-12-01
oval:org.opensuse.security:def:38362	P	libraptor2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30610	P	Security update for squid	2020-12-01
oval:org.opensuse.security:def:52201	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38845	P	finch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19172	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:19434	P	Security update for php72 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50879	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:34057	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:18459	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:63845	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:38670	P	libgc1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18513	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:72906	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:18093	P	Security update for libquicktime (Moderate)	2020-12-01
oval:org.opensuse.security:def:51276	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:34348	P	Security update for strongswan	2020-12-01
oval:org.opensuse.security:def:18643	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:64311	P	libXv-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52134	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:34810	P	Security update for apache2-mod_jk (Moderate)	2020-12-01
oval:org.opensuse.security:def:66125	P	Security update for mozilla-nspr, mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:38026	P	perl-DBD-mysql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50779	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:18266	P	Security update for tcpdump, libpcap (Moderate)	2020-12-01
oval:org.opensuse.security:def:18535	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:39529	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:53447	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:18272	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18177	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:51318	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18444	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:52169	P	Security update for postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50788	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:18301	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:51867	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:50793	P	Security update for perl-XML-Twig (Moderate)	2020-12-01
oval:org.opensuse.security:def:31399	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:49618	P	eog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51290	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:52101	P	Security update for ant (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20203662	P	RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate)	2020-09-08
oval:org.opensuse.security:def:110427	P	Security update for php7 (Important)	2020-03-15
oval:org.opensuse.security:def:126156	P	Security update for php5 (Moderate)	2020-03-12
oval:org.opensuse.security:def:126155	P	Security update for php72 (Moderate)	2020-03-11
oval:org.opensuse.security:def:91161	P	Security update for php7 (Important)	2020-03-09
oval:org.opensuse.security:def:98126	P	Security update for php7 (Important)	2020-03-09
oval:org.opensuse.security:def:91821	P	Security update for php7 (Important)	2020-03-09
oval:org.opensuse.security:def:98771	P	Security update for php7 (Important)	2020-03-09
oval:org.opensuse.security:def:75522	P	Security update for php7 (Important)	2020-03-09
oval:org.opensuse.security:def:104816	P	Security update for php7 (Important)	2020-03-09
oval:com.ubuntu.bionic:def:202070630000000	V	CVE-2020-7063 on Ubuntu 18.04 LTS (bionic) - low.	2020-02-27
oval:com.ubuntu.xenial:def:202070630000000	V	CVE-2020-7063 on Ubuntu 16.04 LTS (xenial) - low.	2020-02-27

BACK