Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE]:Update container the base image #1805

Open
clcc2019 opened this issue Oct 12, 2024 · 1 comment
Open

[FEATURE]:Update container the base image #1805

clcc2019 opened this issue Oct 12, 2024 · 1 comment
Labels
feature request New feature request

Comments

@clcc2019
Copy link

clcc2019 commented Oct 12, 2024

Concisely describe the proposed feature:

I would like to update the base image of the ilogtail container to replace CentOS, as CentOS is no longer receiving updates and CVE vulnerabilities are not being addressed in a timely manner.

Describe the solution you'd like (if any):

To mitigate security risks from outdated CentOS, I propose switching to a more actively maintained base image, such as ubuntu,debian,alpine,minideb, or another secure and regularly updated Linux distribution. This will ensure ilogtail stays secure and compliant with the latest security patches.

Additional comments:

By updating the base image, we can address security vulnerabilities more efficiently. This change will ensure that the ilogtail container remains robust and secure, without exposing users to known CVEs.

    {
      "Target": "sls-opensource-registry.cn-shanghai.cr.aliyuncs.com/ilogtail-community-edition/ilogtail:latest (centos 7.9.2009)",
      "Class": "os-pkgs",
      "Type": "centos",
      "Vulnerabilities": [
        {
          "VulnerabilityID": "CVE-2023-4408",
          "VendorIDs": [
            "RHSA-2024:3741"
          ],
          "PkgID": "bind-license@9.11.4-26.P2.el7_9.15.noarch",
          "PkgName": "bind-license",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/bind-license@9.11.4-26.P2.el7_9.15?arch=noarch\u0026distro=centos-7.9.2009\u0026epoch=32",
            "UID": "1673398edb905dc4"
          },
          "InstalledVersion": "32:9.11.4-26.P2.el7_9.15",
          "FixedVersion": "32:9.11.4-26.P2.el7_9.16",
          "Status": "fixed",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4408",
          "Title": "bind9: Parsing large DNS messages may cause excessive CPU load",
          "Description": "The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
          "Severity": "HIGH",
          "VendorSeverity": {
            "alma": 3,
            "amazon": 3,
            "azure": 3,
            "cbl-mariner": 3,
            "oracle-oval": 3,
            "photon": 3,
            "redhat": 3,
            "rocky": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "V3Score": 7.5
            }
          },
          "References": [
            "http://www.openwall.com/lists/oss-security/2024/02/13/1",
            "https://access.redhat.com/errata/RHSA-2024:2551",
            "https://access.redhat.com/security/cve/CVE-2023-4408",
            "https://bugzilla.redhat.com/2263896",
            "https://bugzilla.redhat.com/2263897",
            "https://bugzilla.redhat.com/2263909",
            "https://bugzilla.redhat.com/2263911",
            "https://bugzilla.redhat.com/2263914",
            "https://bugzilla.redhat.com/2263917",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263896",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263897",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263909",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263911",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263914",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263917",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6516",
            "https://errata.almalinux.org/9/ALSA-2024-2551.html",
            "https://errata.rockylinux.org/RLSA-2024:2551",
            "https://kb.isc.org/docs/cve-2023-4408",
            "https://linux.oracle.com/cve/CVE-2023-4408.html",
            "https://linux.oracle.com/errata/ELSA-2024-3741.html",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/",
            "https://nvd.nist.gov/vuln/detail/CVE-2023-4408",
            "https://security.netapp.com/advisory/ntap-20240426-0001/",
            "https://ubuntu.com/security/notices/USN-6633-1",
            "https://ubuntu.com/security/notices/USN-6642-1",
            "https://www.cve.org/CVERecord?id=CVE-2023-4408"
          ],
          "PublishedDate": "2024-02-13T14:15:45.253Z",
          "LastModifiedDate": "2024-04-26T09:15:08.727Z"
        },
        {
          "VulnerabilityID": "CVE-2023-50387",
          "VendorIDs": [
            "RHSA-2024:3741"
          ],
          "PkgID": "bind-license@9.11.4-26.P2.el7_9.15.noarch",
          "PkgName": "bind-license",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/bind-license@9.11.4-26.P2.el7_9.15?arch=noarch\u0026distro=centos-7.9.2009\u0026epoch=32",
            "UID": "1673398edb905dc4"
          },
          "InstalledVersion": "32:9.11.4-26.P2.el7_9.15",
          "FixedVersion": "32:9.11.4-26.P2.el7_9.16",
          "Status": "fixed",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50387",
          "Title": "bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator",
          "Description": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-770"
          ],
          "VendorSeverity": {
            "alma": 3,
            "amazon": 3,
            "azure": 3,
            "cbl-mariner": 3,
            "nvd": 3,
            "oracle-oval": 3,
            "photon": 3,
            "redhat": 3,
            "rocky": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "nvd": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "V3Score": 7.5
            },
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "V3Score": 7.5
            }
          },
          "References": [
            "http://www.openwall.com/lists/oss-security/2024/02/16/2",
            "http://www.openwall.com/lists/oss-security/2024/02/16/3",
            "https://access.redhat.com/errata/RHSA-2024:2551",
            "https://access.redhat.com/security/cve/CVE-2023-50387",
            "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released",
            "https://bugzilla.redhat.com/2263896",
            "https://bugzilla.redhat.com/2263897",
            "https://bugzilla.redhat.com/2263909",
            "https://bugzilla.redhat.com/2263911",
            "https://bugzilla.redhat.com/2263914",
            "https://bugzilla.redhat.com/2263917",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263896",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263897",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263909",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263911",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263914",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263917",
            "https://bugzilla.suse.com/show_bug.cgi?id=1219823",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6516",
            "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html",
            "https://errata.almalinux.org/9/ALSA-2024-2551.html",
            "https://errata.rockylinux.org/RLSA-2024:2551",
            "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1",
            "https://kb.isc.org/docs/cve-2023-50387",
            "https://linux.oracle.com/cve/CVE-2023-50387.html",
            "https://linux.oracle.com/errata/ELSA-2024-3741.html",
            "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html",
            "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/",
            "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html",
            "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387",
            "https://news.ycombinator.com/item?id=39367411",
            "https://news.ycombinator.com/item?id=39372384",
            "https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt",
            "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/",
            "https://nvd.nist.gov/vuln/detail/CVE-2023-50387",
            "https://security.netapp.com/advisory/ntap-20240307-0007/",
            "https://ubuntu.com/security/notices/USN-6633-1",
            "https://ubuntu.com/security/notices/USN-6642-1",
            "https://ubuntu.com/security/notices/USN-6657-1",
            "https://ubuntu.com/security/notices/USN-6657-2",
            "https://ubuntu.com/security/notices/USN-6665-1",
            "https://ubuntu.com/security/notices/USN-6723-1",
            "https://www.athene-center.de/aktuelles/key-trap",
            "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf",
            "https://www.cve.org/CVERecord?id=CVE-2023-50387",
            "https://www.isc.org/blogs/2024-bind-security-release/",
            "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html",
            "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/",
            "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/"
          ],
          "PublishedDate": "2024-02-14T16:15:45.3Z",
          "LastModifiedDate": "2024-06-10T17:16:15.963Z"
        },
        {
          "VulnerabilityID": "CVE-2023-50868",
          "VendorIDs": [
            "RHSA-2024:3741"
          ],
          "PkgID": "bind-license@9.11.4-26.P2.el7_9.15.noarch",
          "PkgName": "bind-license",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/bind-license@9.11.4-26.P2.el7_9.15?arch=noarch\u0026distro=centos-7.9.2009\u0026epoch=32",
            "UID": "1673398edb905dc4"
          },
          "InstalledVersion": "32:9.11.4-26.P2.el7_9.15",
          "FixedVersion": "32:9.11.4-26.P2.el7_9.16",
          "Status": "fixed",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50868",
          "Title": "bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources",
          "Description": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.",
          "Severity": "HIGH",
          "VendorSeverity": {
            "alma": 3,
            "amazon": 3,
            "azure": 3,
            "cbl-mariner": 3,
            "oracle-oval": 3,
            "photon": 3,
            "redhat": 3,
            "rocky": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "V3Score": 7.5
            }
          },
          "References": [
            "http://www.openwall.com/lists/oss-security/2024/02/16/2",
            "http://www.openwall.com/lists/oss-security/2024/02/16/3",
            "https://access.redhat.com/errata/RHSA-2024:2551",
            "https://access.redhat.com/security/cve/CVE-2023-50868",
            "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released",
            "https://bugzilla.redhat.com/2263896",
            "https://bugzilla.redhat.com/2263897",
            "https://bugzilla.redhat.com/2263909",
            "https://bugzilla.redhat.com/2263911",
            "https://bugzilla.redhat.com/2263914",
            "https://bugzilla.redhat.com/2263917",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263896",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263897",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263909",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263911",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263914",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2263917",
            "https://bugzilla.suse.com/show_bug.cgi?id=1219826",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6516",
            "https://datatracker.ietf.org/doc/html/rfc5155",
            "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html",
            "https://errata.almalinux.org/9/ALSA-2024-2551.html",
            "https://errata.rockylinux.org/RLSA-2024:2551",
            "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1",
            "https://kb.isc.org/docs/cve-2023-50868",
            "https://linux.oracle.com/cve/CVE-2023-50868.html",
            "https://linux.oracle.com/errata/ELSA-2024-3741.html",
            "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html",
            "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/",
            "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/",
            "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html",
            "https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt",
            "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/",
            "https://nvd.nist.gov/vuln/detail/CVE-2023-50868",
            "https://security.netapp.com/advisory/ntap-20240307-0008/",
            "https://ubuntu.com/security/notices/USN-6633-1",
            "https://ubuntu.com/security/notices/USN-6642-1",
            "https://ubuntu.com/security/notices/USN-6657-1",
            "https://ubuntu.com/security/notices/USN-6657-2",
            "https://ubuntu.com/security/notices/USN-6665-1",
            "https://ubuntu.com/security/notices/USN-6723-1",
            "https://www.cve.org/CVERecord?id=CVE-2023-50868",
            "https://www.isc.org/blogs/2024-bind-security-release/",
            "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html"
          ],
          "PublishedDate": "2024-02-14T16:15:45.377Z",
          "LastModifiedDate": "2024-06-10T17:16:16.2Z"
        },
        {
          "VulnerabilityID": "CVE-2024-1737",
          "VendorIDs": [
            "RHSA-2024:5930"
          ],
          "PkgID": "bind-license@9.11.4-26.P2.el7_9.15.noarch",
          "PkgName": "bind-license",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/bind-license@9.11.4-26.P2.el7_9.15?arch=noarch\u0026distro=centos-7.9.2009\u0026epoch=32",
            "UID": "1673398edb905dc4"
          },
          "InstalledVersion": "32:9.11.4-26.P2.el7_9.15",
          "FixedVersion": "32:9.11.4-26.P2.el7_9.17",
          "Status": "fixed",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-1737",
          "Title": "bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam",
          "Description": "Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-770"
          ],
          "VendorSeverity": {
            "alma": 3,
            "amazon": 3,
            "azure": 3,
            "cbl-mariner": 3,
            "oracle-oval": 3,
            "photon": 3,
            "redhat": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "V3Score": 7.5
            }
          },
          "References": [
            "http://www.openwall.com/lists/oss-security/2024/07/23/1",
            "http://www.openwall.com/lists/oss-security/2024/07/31/2",
            "https://access.redhat.com/errata/RHSA-2024:5231",
            "https://access.redhat.com/security/cve/CVE-2024-1737",
            "https://bugzilla.redhat.com/2298893",
            "https://bugzilla.redhat.com/2298901",
            "https://bugzilla.redhat.com/2298904",
            "https://errata.almalinux.org/9/ALSA-2024-5231.html",
            "https://kb.isc.org/docs/cve-2024-1737",
            "https://kb.isc.org/docs/rrset-limits-in-zones",
            "https://linux.oracle.com/cve/CVE-2024-1737.html",
            "https://linux.oracle.com/errata/ELSA-2024-5524.html",
            "https://nvd.nist.gov/vuln/detail/CVE-2024-1737",
            "https://ubuntu.com/security/notices/USN-6909-1",
            "https://ubuntu.com/security/notices/USN-6909-2",
            "https://ubuntu.com/security/notices/USN-6909-3",
            "https://www.cve.org/CVERecord?id=CVE-2024-1737"
          ],
          "PublishedDate": "2024-07-23T15:15:03.74Z",
          "LastModifiedDate": "2024-08-01T13:46:11.85Z"
        },
        {
          "VulnerabilityID": "CVE-2024-1975",
          "VendorIDs": [
            "RHSA-2024:5930"
          ],
          "PkgID": "bind-license@9.11.4-26.P2.el7_9.15.noarch",
          "PkgName": "bind-license",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/bind-license@9.11.4-26.P2.el7_9.15?arch=noarch\u0026distro=centos-7.9.2009\u0026epoch=32",
            "UID": "1673398edb905dc4"
          },
          "InstalledVersion": "32:9.11.4-26.P2.el7_9.15",
          "FixedVersion": "32:9.11.4-26.P2.el7_9.17",
          "Status": "fixed",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-1975",
          "Title": "bind9: bind: SIG(0) can be used to exhaust CPU resources",
          "Description": "If a server hosts a zone containing a \"KEY\" Resource Record, or a resolver DNSSEC-validates a \"KEY\" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.\nThis issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-770"
          ],
          "VendorSeverity": {
            "alma": 3,
            "amazon": 3,
            "azure": 3,
            "cbl-mariner": 3,
            "oracle-oval": 3,
            "photon": 3,
            "redhat": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "V3Score": 7.5
            }
          },
          "References": [
            "http://www.openwall.com/lists/oss-security/2024/07/23/1",
            "http://www.openwall.com/lists/oss-security/2024/07/31/2",
            "https://access.redhat.com/errata/RHSA-2024:5231",
            "https://access.redhat.com/security/cve/CVE-2024-1975",
            "https://bugzilla.redhat.com/2298893",
            "https://bugzilla.redhat.com/2298901",
            "https://bugzilla.redhat.com/2298904",
            "https://errata.almalinux.org/9/ALSA-2024-5231.html",
            "https://kb.isc.org/docs/cve-2024-1975",
            "https://linux.oracle.com/cve/CVE-2024-1975.html",
            "https://linux.oracle.com/errata/ELSA-2024-5524.html",
            "https://nvd.nist.gov/vuln/detail/CVE-2024-1975",
            "https://ubuntu.com/security/notices/USN-6909-1",
            "https://ubuntu.com/security/notices/USN-6909-2",
            "https://ubuntu.com/security/notices/USN-6909-3",
            "https://www.cve.org/CVERecord?id=CVE-2024-1975"
          ],
          "PublishedDate": "2024-07-23T15:15:03.943Z",
          "LastModifiedDate": "2024-08-01T13:46:16.177Z"
        },
        {
          "VulnerabilityID": "CVE-2024-2961",
          "VendorIDs": [
            "RHSA-2024:3588"
          ],
          "PkgID": "glibc@2.17-326.el7_9.x86_64",
          "PkgName": "glibc",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/glibc@2.17-326.el7_9?arch=x86_64\u0026distro=centos-7.9.2009",
            "UID": "c13be43ad935a7"
          },
          "InstalledVersion": "2.17-326.el7_9",
          "FixedVersion": "2.17-326.el7_9.3",
          "Status": "fixed",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961",
          "Title": "glibc: Out of bounds write in iconv may lead to remote code execution",
          "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-787"
          ],
          "VendorSeverity": {
            "alma": 3,
            "amazon": 3,
            "oracle-oval": 3,
            "photon": 3,
            "redhat": 3,
            "rocky": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "V3Score": 8.8
            }
          },
          "References": [
            "http://www.openwall.com/lists/oss-security/2024/04/17/9",
            "http://www.openwall.com/lists/oss-security/2024/04/18/4",
            "http://www.openwall.com/lists/oss-security/2024/04/24/2",
            "http://www.openwall.com/lists/oss-security/2024/05/27/1",
            "http://www.openwall.com/lists/oss-security/2024/05/27/2",
            "http://www.openwall.com/lists/oss-security/2024/05/27/3",
            "http://www.openwall.com/lists/oss-security/2024/05/27/4",
            "http://www.openwall.com/lists/oss-security/2024/05/27/5",
            "http://www.openwall.com/lists/oss-security/2024/05/27/6",
            "http://www.openwall.com/lists/oss-security/2024/07/22/5",
            "https://access.redhat.com/errata/RHSA-2024:3339",
            "https://access.redhat.com/security/cve/CVE-2024-2961",
            "https://bugzilla.redhat.com/2273404",
            "https://bugzilla.redhat.com/2277202",
            "https://bugzilla.redhat.com/2277204",
            "https://bugzilla.redhat.com/2277205",
            "https://bugzilla.redhat.com/2277206",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2273404",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277202",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277204",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277205",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277206",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602",
            "https://errata.almalinux.org/9/ALSA-2024-3339.html",
            "https://errata.rockylinux.org/RLSA-2024:3339",
            "https://linux.oracle.com/cve/CVE-2024-2961.html",
            "https://linux.oracle.com/errata/ELSA-2024-3588.html",
            "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/",
            "https://nvd.nist.gov/vuln/detail/CVE-2024-2961",
            "https://security.netapp.com/advisory/ntap-20240531-0002/",
            "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004",
            "https://ubuntu.com/security/notices/USN-6737-1",
            "https://ubuntu.com/security/notices/USN-6737-2",
            "https://ubuntu.com/security/notices/USN-6762-1",
            "https://www.cve.org/CVERecord?id=CVE-2024-2961",
            "https://www.openwall.com/lists/oss-security/2024/04/17/9"
          ],
          "PublishedDate": "2024-04-17T18:15:15.833Z",
          "LastModifiedDate": "2024-07-22T18:15:03.19Z"
        },
        {
          "VulnerabilityID": "CVE-2024-33599",
          "VendorIDs": [
            "RHSA-2024:3588"
          ],
          "PkgID": "glibc@2.17-326.el7_9.x86_64",
          "PkgName": "glibc",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/glibc@2.17-326.el7_9?arch=x86_64\u0026distro=centos-7.9.2009",
            "UID": "c13be43ad935a7"
          },
          "InstalledVersion": "2.17-326.el7_9",
          "FixedVersion": "2.17-326.el7_9.3",
          "Status": "fixed",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599",
          "Title": "glibc: stack-based buffer overflow in netgroup cache",
          "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow.  This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-121"
          ],
          "VendorSeverity": {
            "alma": 3,
            "cbl-mariner": 3,
            "oracle-oval": 3,
            "photon": 2,
            "redhat": 3,
            "rocky": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
              "V3Score": 7.6
            }
          },
          "References": [
            "http://www.openwall.com/lists/oss-security/2024/07/22/5",
            "https://access.redhat.com/errata/RHSA-2024:3339",
            "https://access.redhat.com/security/cve/CVE-2024-33599",
            "https://bugzilla.redhat.com/2273404",
            "https://bugzilla.redhat.com/2277202",
            "https://bugzilla.redhat.com/2277204",
            "https://bugzilla.redhat.com/2277205",
            "https://bugzilla.redhat.com/2277206",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2273404",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277202",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277204",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277205",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277206",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602",
            "https://errata.almalinux.org/9/ALSA-2024-3339.html",
            "https://errata.rockylinux.org/RLSA-2024:3339",
            "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/",
            "https://linux.oracle.com/cve/CVE-2024-33599.html",
            "https://linux.oracle.com/errata/ELSA-2024-3588.html",
            "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html",
            "https://nvd.nist.gov/vuln/detail/CVE-2024-33599",
            "https://security.netapp.com/advisory/ntap-20240524-0011/",
            "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005",
            "https://ubuntu.com/security/notices/USN-6804-1",
            "https://www.cve.org/CVERecord?id=CVE-2024-33599",
            "https://www.openwall.com/lists/oss-security/2024/04/24/2"
          ],
          "PublishedDate": "2024-05-06T20:15:11.437Z",
          "LastModifiedDate": "2024-07-22T18:15:03.323Z"
        },
        {
          "VulnerabilityID": "CVE-2024-2961",
          "VendorIDs": [
            "RHSA-2024:3588"
          ],
          "PkgID": "glibc-common@2.17-326.el7_9.x86_64",
          "PkgName": "glibc-common",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/glibc-common@2.17-326.el7_9?arch=x86_64\u0026distro=centos-7.9.2009",
            "UID": "a92585d1e88ca9b0"
          },
          "InstalledVersion": "2.17-326.el7_9",
          "FixedVersion": "2.17-326.el7_9.3",
          "Status": "fixed",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961",
          "Title": "glibc: Out of bounds write in iconv may lead to remote code execution",
          "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-787"
          ],
          "VendorSeverity": {
            "alma": 3,
            "amazon": 3,
            "oracle-oval": 3,
            "photon": 3,
            "redhat": 3,
            "rocky": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "V3Score": 8.8
            }
          },
          "References": [
            "http://www.openwall.com/lists/oss-security/2024/04/17/9",
            "http://www.openwall.com/lists/oss-security/2024/04/18/4",
            "http://www.openwall.com/lists/oss-security/2024/04/24/2",
            "http://www.openwall.com/lists/oss-security/2024/05/27/1",
            "http://www.openwall.com/lists/oss-security/2024/05/27/2",
            "http://www.openwall.com/lists/oss-security/2024/05/27/3",
            "http://www.openwall.com/lists/oss-security/2024/05/27/4",
            "http://www.openwall.com/lists/oss-security/2024/05/27/5",
            "http://www.openwall.com/lists/oss-security/2024/05/27/6",
            "http://www.openwall.com/lists/oss-security/2024/07/22/5",
            "https://access.redhat.com/errata/RHSA-2024:3339",
            "https://access.redhat.com/security/cve/CVE-2024-2961",
            "https://bugzilla.redhat.com/2273404",
            "https://bugzilla.redhat.com/2277202",
            "https://bugzilla.redhat.com/2277204",
            "https://bugzilla.redhat.com/2277205",
            "https://bugzilla.redhat.com/2277206",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2273404",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277202",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277204",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277205",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277206",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602",
            "https://errata.almalinux.org/9/ALSA-2024-3339.html",
            "https://errata.rockylinux.org/RLSA-2024:3339",
            "https://linux.oracle.com/cve/CVE-2024-2961.html",
            "https://linux.oracle.com/errata/ELSA-2024-3588.html",
            "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/",
            "https://nvd.nist.gov/vuln/detail/CVE-2024-2961",
            "https://security.netapp.com/advisory/ntap-20240531-0002/",
            "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004",
            "https://ubuntu.com/security/notices/USN-6737-1",
            "https://ubuntu.com/security/notices/USN-6737-2",
            "https://ubuntu.com/security/notices/USN-6762-1",
            "https://www.cve.org/CVERecord?id=CVE-2024-2961",
            "https://www.openwall.com/lists/oss-security/2024/04/17/9"
          ],
          "PublishedDate": "2024-04-17T18:15:15.833Z",
          "LastModifiedDate": "2024-07-22T18:15:03.19Z"
        },
        {
          "VulnerabilityID": "CVE-2024-33599",
          "VendorIDs": [
            "RHSA-2024:3588"
          ],
          "PkgID": "glibc-common@2.17-326.el7_9.x86_64",
          "PkgName": "glibc-common",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/glibc-common@2.17-326.el7_9?arch=x86_64\u0026distro=centos-7.9.2009",
            "UID": "a92585d1e88ca9b0"
          },
          "InstalledVersion": "2.17-326.el7_9",
          "FixedVersion": "2.17-326.el7_9.3",
          "Status": "fixed",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599",
          "Title": "glibc: stack-based buffer overflow in netgroup cache",
          "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow.  This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-121"
          ],
          "VendorSeverity": {
            "alma": 3,
            "cbl-mariner": 3,
            "oracle-oval": 3,
            "photon": 2,
            "redhat": 3,
            "rocky": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
              "V3Score": 7.6
            }
          },
          "References": [
            "http://www.openwall.com/lists/oss-security/2024/07/22/5",
            "https://access.redhat.com/errata/RHSA-2024:3339",
            "https://access.redhat.com/security/cve/CVE-2024-33599",
            "https://bugzilla.redhat.com/2273404",
            "https://bugzilla.redhat.com/2277202",
            "https://bugzilla.redhat.com/2277204",
            "https://bugzilla.redhat.com/2277205",
            "https://bugzilla.redhat.com/2277206",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2273404",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277202",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277204",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277205",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2277206",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602",
            "https://errata.almalinux.org/9/ALSA-2024-3339.html",
            "https://errata.rockylinux.org/RLSA-2024:3339",
            "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/",
            "https://linux.oracle.com/cve/CVE-2024-33599.html",
            "https://linux.oracle.com/errata/ELSA-2024-3588.html",
            "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html",
            "https://nvd.nist.gov/vuln/detail/CVE-2024-33599",
            "https://security.netapp.com/advisory/ntap-20240524-0011/",
            "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005",
            "https://ubuntu.com/security/notices/USN-6804-1",
            "https://www.cve.org/CVERecord?id=CVE-2024-33599",
            "https://www.openwall.com/lists/oss-security/2024/04/24/2"
          ],
          "PublishedDate": "2024-05-06T20:15:11.437Z",
          "LastModifiedDate": "2024-07-22T18:15:03.323Z"
        },
        {
          "VulnerabilityID": "CVE-2014-3566",
          "PkgID": "nss@3.90.0-2.el7_9.x86_64",
          "PkgName": "nss",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/nss@3.90.0-2.el7_9?arch=x86_64\u0026distro=centos-7.9.2009",
            "UID": "d3aa5802e6e3fbd4"
          },
          "InstalledVersion": "3.90.0-2.el7_9",
          "Status": "under_investigation",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3566",
          "Title": "SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack",
          "Description": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-310"
          ],
          "VendorSeverity": {
            "amazon": 3,
            "nvd": 1,
            "oracle-oval": 3,
            "redhat": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "nvd": {
              "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
              "V2Score": 4.3,
              "V3Score": 3.4
            },
            "redhat": {
              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "V2Score": 5
            }
          },
          "References": [
            "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc",
            "http://advisories.mageia.org/MGASA-2014-0416.html",
            "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc",
            "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
            "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html",
            "http://askubuntu.com/a/537196",
            "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566",
            "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html",
            "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/",
            "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx",
            "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf",
            "http://downloads.asterisk.org/pub/security/AST-2014-011.html",
            "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html",
            "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581",
            "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034",
            "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
            "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html",
            "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html",
            "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html",
            "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html",
            "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html",
            "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624619906067",
            "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2",
            "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2",
            "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1652.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1653.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1692.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1876.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1877.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1880.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1881.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1882.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1920.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1948.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0068.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0079.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0080.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0085.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0086.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0264.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0698.html",
            "http://rhn.redhat.com/errata/RHSA-2015-1545.html",
            "http://rhn.redhat.com/errata/RHSA-2015-1546.html",
            "http://secunia.com/advisories/59627",
            "http://secunia.com/advisories/60056",
            "http://secunia.com/advisories/60206",
            "http://secunia.com/advisories/60792",
            "http://secunia.com/advisories/60859",
            "http://secunia.com/advisories/61019",
            "http://secunia.com/advisories/61130",
            "http://secunia.com/advisories/61303",
            "http://secunia.com/advisories/61316",
            "http://secunia.com/advisories/61345",
            "http://secunia.com/advisories/61359",
            "http://secunia.com/advisories/61782",
            "http://secunia.com/advisories/61810",
            "http://secunia.com/advisories/61819",
            "http://secunia.com/advisories/61825",
            "http://secunia.com/advisories/61827",
            "http://secunia.com/advisories/61926",
            "http://secunia.com/advisories/61995",
            "http://support.apple.com/HT204244",
            "http://support.citrix.com/article/CTX200238",
            "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle",
            "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431",
            "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21687172",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21687611",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21688283",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21692299",
            "http://www.debian.org/security/2014/dsa-3053",
            "http://www.debian.org/security/2015/dsa-3144",
            "http://www.debian.org/security/2015/dsa-3147",
            "http://www.debian.org/security/2015/dsa-3253",
            "http://www.debian.org/security/2016/dsa-3489",
            "http://www.kb.cert.org/vuls/id/577193",
            "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203",
            "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062",
            "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
            "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
            "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
            "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
            "http://www.securityfocus.com/archive/1/533724/100/0/threaded",
            "http://www.securityfocus.com/archive/1/533746",
            "http://www.securityfocus.com/archive/1/533747",
            "http://www.securityfocus.com/bid/70574",
            "http://www.securitytracker.com/id/1031029",
            "http://www.securitytracker.com/id/1031039",
            "http://www.securitytracker.com/id/1031085",
            "http://www.securitytracker.com/id/1031086",
            "http://www.securitytracker.com/id/1031087",
            "http://www.securitytracker.com/id/1031088",
            "http://www.securitytracker.com/id/1031089",
            "http://www.securitytracker.com/id/1031090",
            "http://www.securitytracker.com/id/1031091",
            "http://www.securitytracker.com/id/1031092",
            "http://www.securitytracker.com/id/1031093",
            "http://www.securitytracker.com/id/1031094",
            "http://www.securitytracker.com/id/1031095",
            "http://www.securitytracker.com/id/1031096",
            "http://www.securitytracker.com/id/1031105",
            "http://www.securitytracker.com/id/1031106",
            "http://www.securitytracker.com/id/1031107",
            "http://www.securitytracker.com/id/1031120",
            "http://www.securitytracker.com/id/1031123",
            "http://www.securitytracker.com/id/1031124",
            "http://www.securitytracker.com/id/1031130",
            "http://www.securitytracker.com/id/1031131",
            "http://www.securitytracker.com/id/1031132",
            "http://www.ubuntu.com/usn/USN-2486-1",
            "http://www.ubuntu.com/usn/USN-2487-1",
            "http://www.us-cert.gov/ncas/alerts/TA14-290A",
            "http://www.vmware.com/security/advisories/VMSA-2015-0003.html",
            "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
            "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm",
            "https://access.redhat.com/articles/1232123",
            "https://access.redhat.com/security/cve/CVE-2014-3566",
            "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/",
            "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6",
            "https://bto.bluecoat.com/security-advisory/sa83",
            "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1152789",
            "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip",
            "https://github.com/mpgn/poodle-PoC",
            "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946",
            "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090",
            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091",
            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104",
            "https://linux.oracle.com/cve/CVE-2014-3566.html",
            "https://linux.oracle.com/errata/ELSA-2015-0085.html",
            "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E",
            "https://nvd.nist.gov/vuln/detail/CVE-2014-3566",
            "https://puppet.com/security/cve/poodle-sslv3-vulnerability",
            "https://security.gentoo.org/glsa/201507-14",
            "https://security.gentoo.org/glsa/201606-11",
            "https://security.netapp.com/advisory/ntap-20141015-0001/",
            "https://support.apple.com/HT205217",
            "https://support.apple.com/kb/HT6527",
            "https://support.apple.com/kb/HT6529",
            "https://support.apple.com/kb/HT6531",
            "https://support.apple.com/kb/HT6535",
            "https://support.apple.com/kb/HT6536",
            "https://support.apple.com/kb/HT6541",
            "https://support.apple.com/kb/HT6542",
            "https://support.citrix.com/article/CTX216642",
            "https://support.lenovo.com/product_security/poodle",
            "https://support.lenovo.com/us/en/product_security/poodle",
            "https://technet.microsoft.com/library/security/3009008.aspx",
            "https://ubuntu.com/security/notices/USN-2486-1",
            "https://ubuntu.com/security/notices/USN-2487-1",
            "https://www-01.ibm.com/support/docview.wss?uid=swg21688165",
            "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7",
            "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html",
            "https://www.cve.org/CVERecord?id=CVE-2014-3566",
            "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html",
            "https://www.elastic.co/blog/logstash-1-4-3-released",
            "https://www.imperialviolet.org/2014/10/14/poodle.html",
            "https://www.openssl.org/news/secadv_20141015.txt",
            "https://www.openssl.org/~bodo/ssl-poodle.pdf",
            "https://www.suse.com/support/kb/doc.php?id=7015773"
          ],
          "PublishedDate": "2014-10-15T00:55:02.137Z",
          "LastModifiedDate": "2023-09-12T14:55:31.563Z"
        },
        {
          "VulnerabilityID": "CVE-2014-3566",
          "PkgID": "nss-sysinit@3.90.0-2.el7_9.x86_64",
          "PkgName": "nss-sysinit",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/nss-sysinit@3.90.0-2.el7_9?arch=x86_64\u0026distro=centos-7.9.2009",
            "UID": "4d0ff0e597e0bee8"
          },
          "InstalledVersion": "3.90.0-2.el7_9",
          "Status": "under_investigation",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3566",
          "Title": "SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack",
          "Description": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-310"
          ],
          "VendorSeverity": {
            "amazon": 3,
            "nvd": 1,
            "oracle-oval": 3,
            "redhat": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "nvd": {
              "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
              "V2Score": 4.3,
              "V3Score": 3.4
            },
            "redhat": {
              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "V2Score": 5
            }
          },
          "References": [
            "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc",
            "http://advisories.mageia.org/MGASA-2014-0416.html",
            "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc",
            "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
            "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html",
            "http://askubuntu.com/a/537196",
            "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566",
            "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html",
            "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/",
            "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx",
            "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf",
            "http://downloads.asterisk.org/pub/security/AST-2014-011.html",
            "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html",
            "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581",
            "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034",
            "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
            "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html",
            "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html",
            "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html",
            "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html",
            "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html",
            "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624619906067",
            "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2",
            "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2",
            "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1652.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1653.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1692.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1876.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1877.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1880.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1881.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1882.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1920.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1948.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0068.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0079.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0080.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0085.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0086.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0264.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0698.html",
            "http://rhn.redhat.com/errata/RHSA-2015-1545.html",
            "http://rhn.redhat.com/errata/RHSA-2015-1546.html",
            "http://secunia.com/advisories/59627",
            "http://secunia.com/advisories/60056",
            "http://secunia.com/advisories/60206",
            "http://secunia.com/advisories/60792",
            "http://secunia.com/advisories/60859",
            "http://secunia.com/advisories/61019",
            "http://secunia.com/advisories/61130",
            "http://secunia.com/advisories/61303",
            "http://secunia.com/advisories/61316",
            "http://secunia.com/advisories/61345",
            "http://secunia.com/advisories/61359",
            "http://secunia.com/advisories/61782",
            "http://secunia.com/advisories/61810",
            "http://secunia.com/advisories/61819",
            "http://secunia.com/advisories/61825",
            "http://secunia.com/advisories/61827",
            "http://secunia.com/advisories/61926",
            "http://secunia.com/advisories/61995",
            "http://support.apple.com/HT204244",
            "http://support.citrix.com/article/CTX200238",
            "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle",
            "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431",
            "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21687172",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21687611",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21688283",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21692299",
            "http://www.debian.org/security/2014/dsa-3053",
            "http://www.debian.org/security/2015/dsa-3144",
            "http://www.debian.org/security/2015/dsa-3147",
            "http://www.debian.org/security/2015/dsa-3253",
            "http://www.debian.org/security/2016/dsa-3489",
            "http://www.kb.cert.org/vuls/id/577193",
            "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203",
            "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062",
            "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
            "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
            "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
            "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
            "http://www.securityfocus.com/archive/1/533724/100/0/threaded",
            "http://www.securityfocus.com/archive/1/533746",
            "http://www.securityfocus.com/archive/1/533747",
            "http://www.securityfocus.com/bid/70574",
            "http://www.securitytracker.com/id/1031029",
            "http://www.securitytracker.com/id/1031039",
            "http://www.securitytracker.com/id/1031085",
            "http://www.securitytracker.com/id/1031086",
            "http://www.securitytracker.com/id/1031087",
            "http://www.securitytracker.com/id/1031088",
            "http://www.securitytracker.com/id/1031089",
            "http://www.securitytracker.com/id/1031090",
            "http://www.securitytracker.com/id/1031091",
            "http://www.securitytracker.com/id/1031092",
            "http://www.securitytracker.com/id/1031093",
            "http://www.securitytracker.com/id/1031094",
            "http://www.securitytracker.com/id/1031095",
            "http://www.securitytracker.com/id/1031096",
            "http://www.securitytracker.com/id/1031105",
            "http://www.securitytracker.com/id/1031106",
            "http://www.securitytracker.com/id/1031107",
            "http://www.securitytracker.com/id/1031120",
            "http://www.securitytracker.com/id/1031123",
            "http://www.securitytracker.com/id/1031124",
            "http://www.securitytracker.com/id/1031130",
            "http://www.securitytracker.com/id/1031131",
            "http://www.securitytracker.com/id/1031132",
            "http://www.ubuntu.com/usn/USN-2486-1",
            "http://www.ubuntu.com/usn/USN-2487-1",
            "http://www.us-cert.gov/ncas/alerts/TA14-290A",
            "http://www.vmware.com/security/advisories/VMSA-2015-0003.html",
            "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
            "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm",
            "https://access.redhat.com/articles/1232123",
            "https://access.redhat.com/security/cve/CVE-2014-3566",
            "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/",
            "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6",
            "https://bto.bluecoat.com/security-advisory/sa83",
            "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1152789",
            "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip",
            "https://github.com/mpgn/poodle-PoC",
            "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946",
            "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090",
            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091",
            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104",
            "https://linux.oracle.com/cve/CVE-2014-3566.html",
            "https://linux.oracle.com/errata/ELSA-2015-0085.html",
            "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E",
            "https://nvd.nist.gov/vuln/detail/CVE-2014-3566",
            "https://puppet.com/security/cve/poodle-sslv3-vulnerability",
            "https://security.gentoo.org/glsa/201507-14",
            "https://security.gentoo.org/glsa/201606-11",
            "https://security.netapp.com/advisory/ntap-20141015-0001/",
            "https://support.apple.com/HT205217",
            "https://support.apple.com/kb/HT6527",
            "https://support.apple.com/kb/HT6529",
            "https://support.apple.com/kb/HT6531",
            "https://support.apple.com/kb/HT6535",
            "https://support.apple.com/kb/HT6536",
            "https://support.apple.com/kb/HT6541",
            "https://support.apple.com/kb/HT6542",
            "https://support.citrix.com/article/CTX216642",
            "https://support.lenovo.com/product_security/poodle",
            "https://support.lenovo.com/us/en/product_security/poodle",
            "https://technet.microsoft.com/library/security/3009008.aspx",
            "https://ubuntu.com/security/notices/USN-2486-1",
            "https://ubuntu.com/security/notices/USN-2487-1",
            "https://www-01.ibm.com/support/docview.wss?uid=swg21688165",
            "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7",
            "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html",
            "https://www.cve.org/CVERecord?id=CVE-2014-3566",
            "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html",
            "https://www.elastic.co/blog/logstash-1-4-3-released",
            "https://www.imperialviolet.org/2014/10/14/poodle.html",
            "https://www.openssl.org/news/secadv_20141015.txt",
            "https://www.openssl.org/~bodo/ssl-poodle.pdf",
            "https://www.suse.com/support/kb/doc.php?id=7015773"
          ],
          "PublishedDate": "2014-10-15T00:55:02.137Z",
          "LastModifiedDate": "2023-09-12T14:55:31.563Z"
        },
        {
          "VulnerabilityID": "CVE-2014-3566",
          "PkgID": "nss-tools@3.90.0-2.el7_9.x86_64",
          "PkgName": "nss-tools",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/nss-tools@3.90.0-2.el7_9?arch=x86_64\u0026distro=centos-7.9.2009",
            "UID": "159868f6d5fe274d"
          },
          "InstalledVersion": "3.90.0-2.el7_9",
          "Status": "under_investigation",
          "Layer": {
            "Digest": "sha256:cc9d0ff701a0876b6fc54f4968f40cb4bba24cab5e0a6f66435be45320c91d75",
            "DiffID": "sha256:1730dd925a68d4809b977751080d4a0154d9c35defb774c7be5af01f8c038063"
          },
          "SeveritySource": "redhat",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3566",
          "Title": "SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack",
          "Description": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-310"
          ],
          "VendorSeverity": {
            "amazon": 3,
            "nvd": 1,
            "oracle-oval": 3,
            "redhat": 3,
            "ubuntu": 2
          },
          "CVSS": {
            "nvd": {
              "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
              "V2Score": 4.3,
              "V3Score": 3.4
            },
            "redhat": {
              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "V2Score": 5
            }
          },
          "References": [
            "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc",
            "http://advisories.mageia.org/MGASA-2014-0416.html",
            "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc",
            "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
            "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html",
            "http://askubuntu.com/a/537196",
            "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566",
            "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html",
            "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/",
            "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx",
            "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf",
            "http://downloads.asterisk.org/pub/security/AST-2014-011.html",
            "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html",
            "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581",
            "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034",
            "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
            "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html",
            "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html",
            "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html",
            "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html",
            "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html",
            "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html",
            "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html",
            "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624619906067",
            "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2",
            "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2",
            "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1652.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1653.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1692.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1876.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1877.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1880.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1881.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1882.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1920.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1948.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0068.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0079.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0080.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0085.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0086.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0264.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0698.html",
            "http://rhn.redhat.com/errata/RHSA-2015-1545.html",
            "http://rhn.redhat.com/errata/RHSA-2015-1546.html",
            "http://secunia.com/advisories/59627",
            "http://secunia.com/advisories/60056",
            "http://secunia.com/advisories/60206",
            "http://secunia.com/advisories/60792",
            "http://secunia.com/advisories/60859",
            "http://secunia.com/advisories/61019",
            "http://secunia.com/advisories/61130",
            "http://secunia.com/advisories/61303",
            "http://secunia.com/advisories/61316",
            "http://secunia.com/advisories/61345",
            "http://secunia.com/advisories/61359",
            "http://secunia.com/advisories/61782",
            "http://secunia.com/advisories/61810",
            "http://secunia.com/advisories/61819",
            "http://secunia.com/advisories/61825",
            "http://secunia.com/advisories/61827",
            "http://secunia.com/advisories/61926",
            "http://secunia.com/advisories/61995",
            "http://support.apple.com/HT204244",
            "http://support.citrix.com/article/CTX200238",
            "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle",
            "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431",
            "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21687172",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21687611",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21688283",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21692299",
            "http://www.debian.org/security/2014/dsa-3053",
            "http://www.debian.org/security/2015/dsa-3144",
            "http://www.debian.org/security/2015/dsa-3147",
            "http://www.debian.org/security/2015/dsa-3253",
            "http://www.debian.org/security/2016/dsa-3489",
            "http://www.kb.cert.org/vuls/id/577193",
            "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203",
            "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062",
            "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
            "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
            "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
            "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
            "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
            "http://www.securityfocus.com/archive/1/533724/100/0/threaded",
            "http://www.securityfocus.com/archive/1/533746",
            "http://www.securityfocus.com/archive/1/533747",
            "http://www.securityfocus.com/bid/70574",
            "http://www.securitytracker.com/id/1031029",
            "http://www.securitytracker.com/id/1031039",
            "http://www.securitytracker.com/id/1031085",
            "http://www.securitytracker.com/id/1031086",
            "http://www.securitytracker.com/id/1031087",
            "http://www.securitytracker.com/id/1031088",
            "http://www.securitytracker.com/id/1031089",
            "http://www.securitytracker.com/id/1031090",
            "http://www.securitytracker.com/id/1031091",
            "http://www.securitytracker.com/id/1031092",
            "http://www.securitytracker.com/id/1031093",
            "http://www.securitytracker.com/id/1031094",
            "http://www.securitytracker.com/id/1031095",
            "http://www.securitytracker.com/id/1031096",
            "http://www.securitytracker.com/id/1031105",
            "http://www.securitytracker.com/id/1031106",
            "http://www.securitytracker.com/id/1031107",
            "http://www.securitytracker.com/id/1031120",
            "http://www.securitytracker.com/id/1031123",
            "http://www.securitytracker.com/id/1031124",
            "http://www.securitytracker.com/id/1031130",
            "http://www.securitytracker.com/id/1031131",
            "http://www.securitytracker.com/id/1031132",
            "http://www.ubuntu.com/usn/USN-2486-1",
            "http://www.ubuntu.com/usn/USN-2487-1",
            "http://www.us-cert.gov/ncas/alerts/TA14-290A",
            "http://www.vmware.com/security/advisories/VMSA-2015-0003.html",
            "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
            "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm",
            "https://access.redhat.com/articles/1232123",
            "https://access.redhat.com/security/cve/CVE-2014-3566",
            "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/",
            "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6",
            "https://bto.bluecoat.com/security-advisory/sa83",
            "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1152789",
            "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip",
            "https://github.com/mpgn/poodle-PoC",
            "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
            "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946",
            "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090",
            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091",
            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104",
            "https://linux.oracle.com/cve/CVE-2014-3566.html",
            "https://linux.oracle.com/errata/ELSA-2015-0085.html",
            "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E",
            "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E",
            "https://nvd.nist.gov/vuln/detail/CVE-2014-3566",
            "https://puppet.com/security/cve/poodle-sslv3-vulnerability",
            "https://security.gentoo.org/glsa/201507-14",
            "https://security.gentoo.org/glsa/201606-11",
            "https://security.netapp.com/advisory/ntap-20141015-0001/",
            "https://support.apple.com/HT205217",
            "https://support.apple.com/kb/HT6527",
            "https://support.apple.com/kb/HT6529",
            "https://support.apple.com/kb/HT6531",
            "https://support.apple.com/kb/HT6535",
            "https://support.apple.com/kb/HT6536",
            "https://support.apple.com/kb/HT6541",
            "https://support.apple.com/kb/HT6542",
            "https://support.citrix.com/article/CTX216642",
            "https://support.lenovo.com/product_security/poodle",
            "https://support.lenovo.com/us/en/product_security/poodle",
            "https://technet.microsoft.com/library/security/3009008.aspx",
            "https://ubuntu.com/security/notices/USN-2486-1",
            "https://ubuntu.com/security/notices/USN-2487-1",
            "https://www-01.ibm.com/support/docview.wss?uid=swg21688165",
            "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7",
            "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html",
            "https://www.cve.org/CVERecord?id=CVE-2014-3566",
            "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html",
            "https://www.elastic.co/blog/logstash-1-4-3-released",
            "https://www.imperialviolet.org/2014/10/14/poodle.html",
            "https://www.openssl.org/news/secadv_20141015.txt",
            "https://www.openssl.org/~bodo/ssl-poodle.pdf",
            "https://www.suse.com/support/kb/doc.php?id=7015773"
          ],
          "PublishedDate": "2014-10-15T00:55:02.137Z",
          "LastModifiedDate": "2023-09-12T14:55:31.563Z"
        }
      ]
    }
@clcc2019 clcc2019 added the feature request New feature request label Oct 12, 2024
@yyuuttaaoo
Copy link
Collaborator

Yes, CentOS 7 has reached its end of life, and we are in the process of replacing it. However, this transition is introducing compatibility issues due to the newer version of glibc. Additionally, the new image must include the GCC 9 toolchain, as our projects depend on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature request New feature request
Projects
None yet
Development

No branches or pull requests

2 participants