Chiencc / asuswrt-gt-ac5300

asuswrt-gt-ac5300
Other
0 stars 0 forks source link

asuswrt-gt-ac5300386.45958: 27 vulnerabilities (highest severity is: 8.1) #29

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Vulnerable Source Files (1)

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (asuswrt-gt-ac5300386.45958 version) Remediation Possible**
CVE-2017-13082 High 8.1 detected in multiple dependencies Direct hostapd - 2.6-6;wpa_supplicant - 1:2.6-11
CVE-2019-10064 High 7.5 asuswrt-gt-ac5300386.45958 Direct hostap_2_6
CVE-2016-10743 High 7.5 asuswrt-gt-ac5300386.45958 Direct 2.6
CVE-2016-4476 High 7.5 detected in multiple dependencies Direct hostap_2_6
CVE-2020-10704 High 7.5 asuswrt-gt-ac5300386.45958 Direct 2020.2
CVE-2021-20254 Medium 6.8 asuswrt-gt-ac5300386.45958 Direct samba-4.12.15, 4.13.8, 4.14.4
CVE-2017-13086 Medium 6.8 detected in multiple dependencies Direct hostapd - 2.5-2;wpa_supplicant - 1:2.5-2
CVE-2017-13084 Medium 6.8 detected in multiple dependencies Direct hostapd - 2.6-6;wpa_supplicant - 1:2.6-11
CVE-2017-13077 Medium 6.8 detected in multiple dependencies Direct hostapd - 2.6-6;wpa_supplicant - 1:2.6-11
CVE-2019-20503 Medium 6.5 asuswrt-gt-ac5300386.45958 Direct usrsctp2019-12-20,firefox-bin-68.6.0
CVE-2021-3670 Medium 6.5 detected in multiple dependencies Direct samba-4.14.11,samba-4.15.3
CVE-2018-16851 Medium 6.5 asuswrt-gt-ac5300386.45958 Direct 4.7.12, 4.8.7, 4.9.3
CVE-2016-2111 Medium 6.3 asuswrt-gt-ac5300386.45958 Direct 4.2.11,4.3.8,4.4.2
CVE-2016-2110 Medium 5.9 asuswrt-gt-ac5300386.45958 Direct 4.2.11,4.3.8,4.4.2
CVE-2016-2112 Medium 5.9 detected in multiple dependencies Direct 4.2.11,4.3.8,4.4.2
CVE-2016-2114 Medium 5.9 asuswrt-gt-ac5300386.45958 Direct 4.4.2,4.3.8,4.2.11
CVE-2016-2115 Medium 5.9 detected in multiple dependencies Direct 4.2.11,4.3.8,4.4.2
CVE-2014-3686 Medium 5.6 asuswrt-gt-ac5300386.45958 Direct 2.3
CVE-2020-14323 Medium 5.5 asuswrt-gt-ac5300386.45958 Direct python3-samba-test - 4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3;samba-common - 4.13.3-3,4.10.16-9;samba-winbind-krb5-locator - 4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9;samba-debugsource - 4.13.3-3,4.13.3-3;libwbclient-debuginfo - 4.13.3-3,4.13.3-3;samba-client-debuginfo - 4.13.3-3,4.13.3-3;libsmbclient - 4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3;samba-winbind-modules-debuginfo - 4.13.3-3,4.13.3-3;python3-samba - 4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3;libwbclient - 4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9;samba - 4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9;samba-python - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9;openchange-client-debuginfo - 2.3-27,2.3-27;samba-test-libs - 4.10.16-9,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9;libwbclient-devel - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9;openchange-debuginfo - 2.3-27,2.3-27;ctdb-tests - 4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3;samba-python-test - 4.10.16-9,4.10.16-9,4.10.16-9;samba-winbind-debuginfo - 4.13.3-3,4.13.3-3;samba-common-tools-debuginfo - 4.13.3-3,4.13.3-3;samba-debuginfo - 4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9;samba-winbind-clients-debuginfo - 4.13.3-3,4.13.3-3;samba-winbind - 4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3;samba-vfs-glusterfs-debuginfo - 4.13.3-3;samba-devel - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9;samba-common-tools - 4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9;openchange - 2.3-27,2.3-27,2.3-27,2.3-27,2.3-27,2.3-27;ctdb-debuginfo - 4.13.3-3,4.13.3-3;samba-dc-libs - 4.10.16-9,4.10.16-9,4.10.16-9;samba-dc - 4.10.16-9,4.10.16-9,4.10.16-9;openchange-debugsource - 2.3-27,2.3-27;samba-common-libs-debuginfo - 4.13.3-3,4.13.3-3;ctdb-tests-debuginfo - 4.13.3-3,4.13.3-3;ctdb - 4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3;samba-libs-debuginfo - 4.13.3-3,4.13.3-3;samba-test-debuginfo - 4.13.3-3,4.13.3-3;samba-krb5-printing - 4.13.3-3,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3;samba-common-libs - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3;samba-winexe - 4.13.3-3;samba-winbind-clients - 4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9;samba-krb5-printing-debuginfo - 4.13.3-3,4.13.3-3;libsmbclient-debuginfo - 4.13.3-3,4.13.3-3;samba-test-libs-debuginfo - 4.13.3-3,4.13.3-3;samba-winbind-modules - 4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.10.16-9,4.10.16-9;samba-client-libs-debuginfo - 4.13.3-3,4.13.3-3;samba-client-libs - 4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3;samba-vfs-glusterfs - 4.10.16-9;python3-samba-debuginfo - 4.13.3-3,4.13.3-3;libsmbclient-devel - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9;samba-winbind-krb5-locator-debuginfo - 4.13.3-3,4.13.3-3;samba-libs - 4.13.3-3,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3;samba-pidl - 4.10.16-9,4.13.3-3;samba-test - 4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3;samba-client - 4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9
CVE-2017-13088 Medium 5.3 detected in multiple dependencies Direct hostapd - 2.6-6;wpa_supplicant - 1:2.6-11
CVE-2017-13087 Medium 5.3 detected in multiple dependencies Direct hostapd - 2.6-6;wpa_supplicant - 1:2.6-11
CVE-2017-13080 Medium 5.3 detected in multiple dependencies Direct hostapd - 2.6-6;wpa_supplicant - 1:2.6-11
CVE-2017-13081 Medium 5.3 detected in multiple dependencies Direct hostapd - 2.6-6;wpa_supplicant - 1:2.6-11
CVE-2021-30004 Medium 5.3 asuswrt-gt-ac5300386.45958 Direct wpa-supplicant - 2.9
CVE-2017-13079 Medium 5.3 detected in multiple dependencies Direct hostapd - 2.6-6;wpa_supplicant - 1:2.6-11
CVE-2017-13078 Medium 5.3 detected in multiple dependencies Direct hostapd - 2.6-6;wpa_supplicant - 1:2.6-11
CVE-2015-4141 Low 3.1 asuswrt-gt-ac5300386.45958 Direct 2.5

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2017-13082 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Publish Date: 2017-10-17

URL: CVE-2017-13082

### CVSS 3 Score Details (8.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13082

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.6-6;wpa_supplicant - 1:2.6-11

CVE-2019-10064 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/wpa_supplicant/wpa_supplicant/ctrl_iface.c /release/src/router/wpa_supplicant/wpa_supplicant/ctrl_iface.c

### Vulnerability Details

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

Publish Date: 2020-02-28

URL: CVE-2019-10064

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10064

Release Date: 2020-02-28

Fix Resolution: hostap_2_6

CVE-2016-10743 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/wpa_supplicant/wpa_supplicant/ctrl_iface.c /release/src/router/wpa_supplicant/wpa_supplicant/ctrl_iface.c

### Vulnerability Details

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

Publish Date: 2019-03-23

URL: CVE-2016-10743

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10743

Release Date: 2019-03-23

Fix Resolution: 2.6

CVE-2016-4476 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

Publish Date: 2016-05-09

URL: CVE-2016-4476

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4476

Release Date: 2016-05-09

Fix Resolution: hostap_2_6

CVE-2020-10704 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Publish Date: 2020-05-06

URL: CVE-2020-10704

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12704

Release Date: 2020-05-06

Fix Resolution: 2020.2

CVE-2021-20254 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Publish Date: 2021-05-05

URL: CVE-2021-20254

### CVSS 3 Score Details (6.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.samba.org/samba/security/CVE-2021-20254.html

Release Date: 2021-05-05

Fix Resolution: samba-4.12.15, 4.13.8, 4.14.4

CVE-2017-13086 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Publish Date: 2017-10-17

URL: CVE-2017-13086

### CVSS 3 Score Details (6.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13086

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.5-2;wpa_supplicant - 1:2.5-2

CVE-2017-13084 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Publish Date: 2017-10-17

URL: CVE-2017-13084

### CVSS 3 Score Details (6.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13084

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.6-6;wpa_supplicant - 1:2.6-11

CVE-2017-13077 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Publish Date: 2017-10-17

URL: CVE-2017-13077

### CVSS 3 Score Details (6.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13077

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.6-6;wpa_supplicant - 1:2.6-11

CVE-2019-20503 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/asusnatnl/pjproject-1.12/third_party/usrsctp/usrsctplib/netinet/sctp_auth.c /release/src/router/asusnatnl/pjproject-1.12/third_party/usrsctp/usrsctplib/netinet/sctp_auth.c

### Vulnerability Details

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

Publish Date: 2020-03-06

URL: CVE-2019-20503

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1695748,https://gitlab.alpinelinux.org/alpine/aports/issues/11296

Release Date: 2020-06-11

Fix Resolution: usrsctp2019-12-20,firefox-bin-68.6.0

CVE-2021-3670 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

MaxQueryDuration not honoured in Samba AD DC LDAP

Publish Date: 2022-08-23

URL: CVE-2021-3670

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.samba.org/show_bug.cgi?id=14694

Release Date: 2021-07-30

Fix Resolution: samba-4.14.11,samba-4.15.3

CVE-2018-16851 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

Publish Date: 2018-11-28

URL: CVE-2018-16851

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://bugs.alpinelinux.org//issues/9705

Release Date: 2018-11-28

Fix Resolution: 4.7.12, 4.8.7, 4.9.3

CVE-2016-2111 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.

Publish Date: 2016-04-25

URL: CVE-2016-2111

### CVSS 3 Score Details (6.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://bugs.alpinelinux.org//issues/5494

Release Date: 2016-04-25

Fix Resolution: 4.2.11,4.3.8,4.4.2

CVE-2016-2110 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.

Publish Date: 2016-04-25

URL: CVE-2016-2110

### CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://bugs.alpinelinux.org//issues/5494

Release Date: 2016-04-25

Fix Resolution: 4.2.11,4.3.8,4.4.2

CVE-2016-2112 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Publish Date: 2016-04-25

URL: CVE-2016-2112

### CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115

Release Date: 2016-04-25

Fix Resolution: 4.2.11,4.3.8,4.4.2

CVE-2016-2114 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.

Publish Date: 2016-04-25

URL: CVE-2016-2114

### CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.samba.org/samba/security/CVE-2016-2114.html

Release Date: 2016-04-25

Fix Resolution: 4.4.2,4.3.8,4.2.11

CVE-2016-2115 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

Publish Date: 2016-04-25

URL: CVE-2016-2115

### CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115

Release Date: 2016-04-25

Fix Resolution: 4.2.11,4.3.8,4.4.2

CVE-2014-3686 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/wpa_supplicant/src/utils/os_win32.c /release/src/router/wpa_supplicant/src/utils/os_win32.c /release/src/router/wpa_supplicant/src/utils/os_win32.c

### Vulnerability Details

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

Publish Date: 2014-10-16

URL: CVE-2014-3686

### CVSS 3 Score Details (5.6)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686

Release Date: 2014-10-16

Fix Resolution: 2.3

CVE-2020-14323 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/samba-3.6.x_opwrt/source/source3/winbindd/winbindd_lookupsids.c /release/src/router/samba-3.6.x_opwrt/source/source3/winbindd/winbindd_lookupsids.c /release/src/router/samba-3.6.x_opwrt/source/source3/winbindd/winbindd_lookupsids.c

### Vulnerability Details

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

Publish Date: 2020-10-29

URL: CVE-2020-14323

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-14323

Release Date: 2020-10-29

Fix Resolution: python3-samba-test - 4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3;samba-common - 4.13.3-3,4.10.16-9;samba-winbind-krb5-locator - 4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9;samba-debugsource - 4.13.3-3,4.13.3-3;libwbclient-debuginfo - 4.13.3-3,4.13.3-3;samba-client-debuginfo - 4.13.3-3,4.13.3-3;libsmbclient - 4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3;samba-winbind-modules-debuginfo - 4.13.3-3,4.13.3-3;python3-samba - 4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3;libwbclient - 4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9;samba - 4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9;samba-python - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9;openchange-client-debuginfo - 2.3-27,2.3-27;samba-test-libs - 4.10.16-9,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9;libwbclient-devel - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9;openchange-debuginfo - 2.3-27,2.3-27;ctdb-tests - 4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3;samba-python-test - 4.10.16-9,4.10.16-9,4.10.16-9;samba-winbind-debuginfo - 4.13.3-3,4.13.3-3;samba-common-tools-debuginfo - 4.13.3-3,4.13.3-3;samba-debuginfo - 4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9;samba-winbind-clients-debuginfo - 4.13.3-3,4.13.3-3;samba-winbind - 4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3;samba-vfs-glusterfs-debuginfo - 4.13.3-3;samba-devel - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9;samba-common-tools - 4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9;openchange - 2.3-27,2.3-27,2.3-27,2.3-27,2.3-27,2.3-27;ctdb-debuginfo - 4.13.3-3,4.13.3-3;samba-dc-libs - 4.10.16-9,4.10.16-9,4.10.16-9;samba-dc - 4.10.16-9,4.10.16-9,4.10.16-9;openchange-debugsource - 2.3-27,2.3-27;samba-common-libs-debuginfo - 4.13.3-3,4.13.3-3;ctdb-tests-debuginfo - 4.13.3-3,4.13.3-3;ctdb - 4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3;samba-libs-debuginfo - 4.13.3-3,4.13.3-3;samba-test-debuginfo - 4.13.3-3,4.13.3-3;samba-krb5-printing - 4.13.3-3,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3;samba-common-libs - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3;samba-winexe - 4.13.3-3;samba-winbind-clients - 4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9;samba-krb5-printing-debuginfo - 4.13.3-3,4.13.3-3;libsmbclient-debuginfo - 4.13.3-3,4.13.3-3;samba-test-libs-debuginfo - 4.13.3-3,4.13.3-3;samba-winbind-modules - 4.13.3-3,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.10.16-9,4.10.16-9;samba-client-libs-debuginfo - 4.13.3-3,4.13.3-3;samba-client-libs - 4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.13.3-3;samba-vfs-glusterfs - 4.10.16-9;python3-samba-debuginfo - 4.13.3-3,4.13.3-3;libsmbclient-devel - 4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9,4.10.16-9;samba-winbind-krb5-locator-debuginfo - 4.13.3-3,4.13.3-3;samba-libs - 4.13.3-3,4.10.16-9,4.10.16-9,4.13.3-3,4.10.16-9,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3;samba-pidl - 4.10.16-9,4.13.3-3;samba-test - 4.10.16-9,4.10.16-9,4.10.16-9,4.13.3-3,4.13.3-3,4.13.3-3,4.13.3-3;samba-client - 4.13.3-3,4.13.3-3,4.10.16-9,4.13.3-3,4.13.3-3,4.10.16-9,4.10.16-9

CVE-2017-13088 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Publish Date: 2017-10-17

URL: CVE-2017-13088

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13088

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.6-6;wpa_supplicant - 1:2.6-11

CVE-2017-13087 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Publish Date: 2017-10-17

URL: CVE-2017-13087

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13087

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.6-6;wpa_supplicant - 1:2.6-11

CVE-2017-13080 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

Publish Date: 2017-10-17

URL: CVE-2017-13080

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13080

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.6-6;wpa_supplicant - 1:2.6-11

CVE-2017-13081 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Publish Date: 2017-10-17

URL: CVE-2017-13081

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13081

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.6-6;wpa_supplicant - 1:2.6-11

CVE-2021-30004 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/wpa_supplicant/src/tls/x509v3.c /release/src/router/wpa_supplicant/src/tls/x509v3.c

### Vulnerability Details

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.

Publish Date: 2021-04-02

URL: CVE-2021-30004

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-30004

Release Date: 2021-04-02

Fix Resolution: wpa-supplicant - 2.9

CVE-2017-13079 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Publish Date: 2017-10-17

URL: CVE-2017-13079

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13079

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.6-6;wpa_supplicant - 1:2.6-11

CVE-2017-13078 ### Vulnerable Libraries - asuswrt-gt-ac5300386.45958, asuswrt-gt-ac5300386.45958

### Vulnerability Details

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

Publish Date: 2017-10-17

URL: CVE-2017-13078

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13078

Release Date: 2017-10-17

Fix Resolution: hostapd - 2.6-6;wpa_supplicant - 1:2.6-11

CVE-2015-4141 ### Vulnerable Library - asuswrt-gt-ac5300386.45958

AsusWRT GT-AC5300 router GPL source code

Library home page: https://github.com/blackfuel/asuswrt-gt-ac5300.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/wpa_supplicant/src/wps/httpread.c /release/src/router/wpa_supplicant/src/wps/httpread.c

### Vulnerability Details

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.

Publish Date: 2015-06-15

URL: CVE-2015-4141

### CVSS 3 Score Details (3.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141

Release Date: 2015-06-15

Fix Resolution: 2.5

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.