fix(oval): fix RDB query #1347

MaineK00n · 2021-12-24T01:40:09Z

What did you implement:

OS other than Amazon/Oracle do not have Arch information in Package. With the current query, when searching for vuls with arch information, there is a problem that OS such as Debian cannot be scanned correctly.
Updated the mod as the fix for goval-dictionary search has been merged.

Type of change

Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

commit: `0c6a892`

vuls scan vuls-target && vuls report
[Dec 24 10:32:25]  INFO [localhost] vuls-v0.19.0-build-20211207_094022_0c6a892
[Dec 24 10:32:25]  INFO [localhost] Start scanning
[Dec 24 10:32:25]  INFO [localhost] config: /home/mainek00n/github/github.com/MaineK00n/vuls/config.toml
[Dec 24 10:32:25]  INFO [localhost] Validating config...
[Dec 24 10:32:25]  INFO [localhost] Detecting Server/Container OS... 
[Dec 24 10:32:25]  INFO [localhost] Detecting OS of servers... 
[Dec 24 10:32:25]  INFO [localhost] (1/1) Detected: vuls-target: centos 8.1.1911
[Dec 24 10:32:25]  INFO [localhost] Detecting OS of containers... 
[Dec 24 10:32:25]  INFO [localhost] Checking Scan Modes... 
[Dec 24 10:32:25]  INFO [localhost] Detecting Platforms... 
[Dec 24 10:32:26]  INFO [localhost] (1/1) vuls-target is running on other
[Dec 24 10:32:26]  INFO [vuls-target] Scanning OS pkg in fast mode
[Dec 24 10:32:29]  WARN [localhost] Some warnings occurred during scanning on vuls-target. Please fix the warnings to get a useful information. Execute configtest subcommand before scanning to know the cause of the warnings. warnings: [Standard OS support will be end in 3 months. EOL date: 2021-12-31]


Scan Summary
================
vuls-target	centos8.1.1911	193 installed, 117 updatable

Warning: [Standard OS support will be end in 3 months. EOL date: 2021-12-31]



To view the detail, vuls tui is useful.
To send a report, run vuls report -h.
[Dec 24 10:32:29]  INFO [localhost] vuls-v0.19.0-build-20211207_094022_0c6a892
[Dec 24 10:32:29]  INFO [localhost] Validating config...
[Dec 24 10:32:29]  INFO [localhost] cveDict.type=sqlite3, cveDict.url=, cveDict.SQLite3Path=/usr/share/vuls-data/cve.sqlite3
[Dec 24 10:32:29]  INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/usr/share/vuls-data/oval.sqlite3
[Dec 24 10:32:29]  INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/usr/share/vuls-data/gost.sqlite3
[Dec 24 10:32:29]  INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/usr/share/vuls-data/go-exploitdb.sqlite3
[Dec 24 10:32:29]  INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/usr/share/vuls-data/go-msfdb.sqlite3
[Dec 24 10:32:29]  INFO [localhost] kevuln.type=sqlite3, kevuln.url=, kevuln.SQLite3Path=/usr/share/vuls-data/go-kev.sqlite3
[Dec 24 10:32:29]  INFO [localhost] Loaded: /home/mainek00n/github/github.com/MaineK00n/vuls/results/2021-12-24T10:32:26+09:00
[Dec 24 10:32:29]  INFO [localhost] OVAL centos 8.1.1911 found. defs: 790
[Dec 24 10:32:29]  INFO [localhost] OVAL centos 8.1.1911 is fresh. lastModified: 2021-12-24T10:26:40+09:00
[Dec 24 10:32:29]  INFO [localhost] vuls-target: 0 CVEs are detected with OVAL
[Dec 24 10:32:29]  INFO [localhost] vuls-target: 14 unfixed CVEs are detected with gost
[Dec 24 10:32:29]  INFO [localhost] vuls-target: 0 CVEs are detected with CPE
[Dec 24 10:32:30]  INFO [localhost] vuls-target: 0 PoC are detected
[Dec 24 10:32:30]  INFO [localhost] vuls-target: 0 exploits are detected
[Dec 24 10:32:30]  INFO [localhost] vuls-target: total 14 CVEs detected
[Dec 24 10:32:30]  INFO [localhost] vuls-target: 0 CVEs filtered by --confidence-over=80
vuls-target (centos8.1.1911)
============================
Total: 14 (Critical:0 High:4 Medium:10 Low:0 ?:0)
0/14 Fixed, 5 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
193 installed

Warning: Some warnings occurred.
[Standard OS support will be end in 3 months. EOL date: 2021-12-31]


+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
|     CVE-ID     | CVSS | ATTACK | POC |   ALERT   |  FIXED  |                       NVD                       |
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
| CVE-2021-40153 |  8.1 |  AV:N  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-40153 |
| CVE-2021-38185 |  7.8 |  AV:L  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-38185 |
| CVE-2021-43618 |  7.5 |  AV:L  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-43618 |
| CVE-2021-41617 |  7.0 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-41617 |
| CVE-2021-23177 |  6.6 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-23177 |
| CVE-2017-14166 |  6.5 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-14166 |
| CVE-2017-14501 |  6.5 |  AV:N  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-14501 |
| CVE-2021-35938 |  6.5 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-35938 |
| CVE-2021-35939 |  6.5 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-35939 |
| CVE-2021-35937 |  6.3 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-35937 |
| CVE-2021-40528 |  5.9 |  AV:N  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-40528 |
| CVE-2018-18700 |  5.5 |  AV:N  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-18700 |
| CVE-2021-31566 |  4.4 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-31566 |
| CVE-2021-3521  |  4.4 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3521  |
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+

MaineK00n/fix-rdb-query

$ vuls scan vuls-target && $ vuls report
[Dec 24 10:31:45]  INFO [localhost] vuls-v0.19.0-build-20211224_102834_2b7294a
[Dec 24 10:31:45]  INFO [localhost] Start scanning
[Dec 24 10:31:45]  INFO [localhost] config: /home/mainek00n/github/github.com/MaineK00n/vuls/config.toml
[Dec 24 10:31:45]  INFO [localhost] Validating config...
[Dec 24 10:31:45]  INFO [localhost] Detecting Server/Container OS... 
[Dec 24 10:31:45]  INFO [localhost] Detecting OS of servers... 
[Dec 24 10:31:46]  INFO [localhost] (1/1) Detected: vuls-target: centos 8.1.1911
[Dec 24 10:31:46]  INFO [localhost] Detecting OS of containers... 
[Dec 24 10:31:46]  INFO [localhost] Checking Scan Modes... 
[Dec 24 10:31:46]  INFO [localhost] Detecting Platforms... 
[Dec 24 10:31:47]  INFO [localhost] (1/1) vuls-target is running on other
[Dec 24 10:31:47]  INFO [vuls-target] Scanning OS pkg in fast mode
[Dec 24 10:31:56]  WARN [localhost] Some warnings occurred during scanning on vuls-target. Please fix the warnings to get a useful information. Execute configtest subcommand before scanning to know the cause of the warnings. warnings: [Standard OS support will be end in 3 months. EOL date: 2021-12-31]


Scan Summary
================
vuls-target	centos8.1.1911	193 installed, 117 updatable

Warning: [Standard OS support will be end in 3 months. EOL date: 2021-12-31]



To view the detail, vuls tui is useful.
To send a report, run vuls report -h.
[Dec 24 10:31:56]  INFO [localhost] vuls-v0.19.0-build-20211224_102834_2b7294a
[Dec 24 10:31:56]  INFO [localhost] Validating config...
[Dec 24 10:31:56]  INFO [localhost] cveDict.type=sqlite3, cveDict.url=, cveDict.SQLite3Path=/usr/share/vuls-data/cve.sqlite3
[Dec 24 10:31:56]  INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/usr/share/vuls-data/oval.sqlite3
[Dec 24 10:31:56]  INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/usr/share/vuls-data/gost.sqlite3
[Dec 24 10:31:56]  INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/usr/share/vuls-data/go-exploitdb.sqlite3
[Dec 24 10:31:56]  INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/usr/share/vuls-data/go-msfdb.sqlite3
[Dec 24 10:31:56]  INFO [localhost] kevuln.type=sqlite3, kevuln.url=, kevuln.SQLite3Path=/usr/share/vuls-data/go-kev.sqlite3
[Dec 24 10:31:56]  INFO [localhost] Loaded: /home/mainek00n/github/github.com/MaineK00n/vuls/results/2021-12-24T10:31:47+09:00
[Dec 24 10:31:56]  INFO [localhost] OVAL centos 8.1.1911 found. defs: 790
[Dec 24 10:31:56]  INFO [localhost] OVAL centos 8.1.1911 is fresh. lastModified: 2021-12-24T10:26:40+09:00
[Dec 24 10:31:57]  INFO [localhost] vuls-target: 172 CVEs are detected with OVAL
[Dec 24 10:31:57]  INFO [localhost] vuls-target: 14 unfixed CVEs are detected with gost
[Dec 24 10:31:57]  INFO [localhost] vuls-target: 0 CVEs are detected with CPE
[Dec 24 10:31:59]  INFO [localhost] vuls-target: 1 PoC are detected
[Dec 24 10:31:59]  INFO [localhost] vuls-target: 1 exploits are detected
[Dec 24 10:31:59]  INFO [localhost] vuls-target: total 186 CVEs detected
[Dec 24 10:31:59]  INFO [localhost] vuls-target: 0 CVEs filtered by --confidence-over=80
vuls-target (centos8.1.1911)
============================
Total: 186 (Critical:17 High:94 Medium:73 Low:2 ?:0)
172/186 Fixed, 73 poc, 1 exploits, cisa: 1, uscert: 2, jpcert: 3 alerts
193 installed

Warning: Some warnings occurred.
[Standard OS support will be end in 3 months. EOL date: 2021-12-31]


+------------------+------+--------+-----+-----------+---------+---------------------------------------------------+
|      CVE-ID      | CVSS | ATTACK | POC |   ALERT   |  FIXED  |                        NVD                        |
+------------------+------+--------+-----+-----------+---------+---------------------------------------------------+
| CVE-2018-18074   |  9.8 |  AV:A  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-18074   |
| CVE-2018-20060   |  9.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20060   |
| CVE-2019-18218   |  9.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18218   |
| CVE-2019-18276   |  9.8 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18276   |
| CVE-2019-19603   |  9.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19603   |
| CVE-2019-20218   |  9.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20218   |
| CVE-2019-5481    |  9.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5481    |
| CVE-2019-5482    |  9.8 |  AV:A  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5482    |
| CVE-2019-8457    |  9.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-8457    |
| CVE-2020-27619   |  9.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-27619   |
| CVE-2021-20231   |  9.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20231   |
| CVE-2021-20232   |  9.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20232   |
| CVE-2021-27219   |  9.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-27219   |
| CVE-2021-3177    |  9.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3177    |
| CVE-2021-3520    |  9.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3520    |
| CVE-2021-42574   |  9.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-42574   |
| CVE-2020-11501   |  9.1 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11501   |
| CVE-2019-13734   |  8.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13734   |
| CVE-2019-18408   |  8.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18408   |
| CVE-2020-11080   |  8.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11080   |
| CVE-2020-12049   |  8.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12049   |
| CVE-2020-13777   |  8.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13777   |
| CVE-2020-1712    |  8.9 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-1712    |
| CVE-2020-1971    |  8.9 |  AV:N  |     |      CERT |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-1971    |
| CVE-2020-8616    |  8.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8616    |
| CVE-2020-8617    |  8.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8617    |
| CVE-2020-8625    |  8.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8625    |
| CVE-2021-20305   |  8.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20305   |
| CVE-2021-25215   |  8.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-25215   |
| CVE-2021-25217   |  8.9 |  AV:A  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-25217   |
| CVE-2021-33910   |  8.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-33910   |
| CVE-2021-3449    |  8.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3449    |
| CVE-2021-3450    |  8.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3450    |
| CVE-2018-1000858 |  8.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-1000858 |
| CVE-2019-17594   |  8.8 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17594   |
| CVE-2019-5827    |  8.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5827    |
| CVE-2020-13543   |  8.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13543   |
| CVE-2020-13584   |  8.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13584   |
| CVE-2020-9948    |  8.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9948    |
| CVE-2020-9951    |  8.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9951    |
| CVE-2020-9983    |  8.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9983    |
| CVE-2021-1817    |  8.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-1817    |
| CVE-2021-30661   |  8.8 |  AV:N  |     |      CISA |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-30661   |
| CVE-2021-3518    |  8.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3518    |
| CVE-2021-3517    |  8.6 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3517    |
| CVE-2019-13627   |  8.1 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13627   |
| CVE-2019-5018    |  8.1 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5018    |
| CVE-2021-1825    |  8.1 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-1825    |
| CVE-2021-1826    |  8.1 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-1826    |
| CVE-2021-40153   |  8.1 |  AV:N  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-40153   |
| CVE-2019-20916   |  8.0 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20916   |
| CVE-2019-3843    |  7.8 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-3843    |
| CVE-2019-3844    |  7.8 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-3844    |
| CVE-2019-5436    |  7.8 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5436    |
| CVE-2020-12762   |  7.8 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12762   |
| CVE-2020-14382   |  7.8 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14382   |
| CVE-2021-3516    |  7.8 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3516    |
| CVE-2021-3778    |  7.8 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3778    |
| CVE-2021-38185   |  7.8 |  AV:L  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-38185   |
| CVE-2017-14502   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2017-14502   |
| CVE-2018-14404   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14404   |
| CVE-2018-20843   |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20843   |
| CVE-2019-11324   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11324   |
| CVE-2019-13012   |  7.5 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13012   |
| CVE-2019-13050   |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13050   |
| CVE-2019-15165   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15165   |
| CVE-2019-15847   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15847   |
| CVE-2019-15903   |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15903   |
| CVE-2019-16056   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16056   |
| CVE-2019-16168   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16168   |
| CVE-2019-19906   |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19906   |
| CVE-2019-19923   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19923   |
| CVE-2019-19925   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19925   |
| CVE-2019-19956   |  7.5 |  AV:N  |     |      CERT |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19956   |
| CVE-2019-19959   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19959   |
| CVE-2019-20388   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20388   |
| CVE-2019-20454   |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20454   |
| CVE-2019-20838   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20838   |
| CVE-2019-20907   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20907   |
| CVE-2019-5188    |  7.5 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5188    |
| CVE-2019-6477    |  7.5 |  AV:N  |     |      CERT |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6477    |
| CVE-2020-24659   |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-24659   |
| CVE-2020-28196   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-28196   |
| CVE-2020-29361   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-29361   |
| CVE-2020-29363   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-29363   |
| CVE-2020-7595    |  7.5 |  AV:N  |     |      CERT |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-7595    |
| CVE-2020-8231    |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8231    |
| CVE-2020-8285    |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8285    |
| CVE-2020-8286    |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8286    |
| CVE-2020-8492    |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8492    |
| CVE-2020-8622    |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8622    |
| CVE-2020-8623    |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8623    |
| CVE-2020-8624    |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8624    |
| CVE-2020-9327    |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9327    |
| CVE-2021-22946   |  7.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22946   |
| CVE-2021-23840   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-23840   |
| CVE-2021-27218   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-27218   |
| CVE-2021-33560   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-33560   |
| CVE-2021-3537    |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3537    |
| CVE-2021-3580    |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3580    |
| CVE-2021-36222   |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-36222   |
| CVE-2021-43618   |  7.5 |  AV:L  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-43618   |
| CVE-2021-3712    |  7.4 |  AV:N  |     |      CERT |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3712    |
| CVE-2019-14866   |  7.3 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14866   |
| CVE-2021-3796    |  7.3 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3796    |
| CVE-2020-26116   |  7.2 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-26116   |
| CVE-2019-14822   |  7.1 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14822   |
| CVE-2020-8177    |  7.1 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8177    |
| CVE-2019-3842    |  7.0 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-3842    |
| CVE-2020-13630   |  7.0 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13630   |
| CVE-2021-41617   |  7.0 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-41617   |
| CVE-2018-20852   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20852   |
| CVE-2018-9251    |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-9251    |
| CVE-2019-11236   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11236   |
| CVE-2019-13750   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13750   |
| CVE-2019-13751   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13751   |
| CVE-2019-13752   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13752   |
| CVE-2019-13753   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13753   |
| CVE-2019-1547    |  6.9 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-1547    |
| CVE-2019-1549    |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-1549    |
| CVE-2019-1563    |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-1563    |
| CVE-2019-16935   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16935   |
| CVE-2019-17595   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17595   |
| CVE-2019-19221   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19221   |
| CVE-2019-19924   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19924   |
| CVE-2019-20807   |  6.9 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20807   |
| CVE-2019-5094    |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5094    |
| CVE-2020-13434   |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13434   |
| CVE-2020-13435   |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13435   |
| CVE-2020-13631   |  6.9 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13631   |
| CVE-2020-13632   |  6.9 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13632   |
| CVE-2020-13776   |  6.9 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13776   |
| CVE-2020-14422   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14422   |
| CVE-2020-15358   |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15358   |
| CVE-2020-16125   |  6.9 |  AV:P  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-16125   |
| CVE-2020-24977   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-24977   |
| CVE-2020-29362   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-29362   |
| CVE-2020-35448   |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-35448   |
| CVE-2020-6405    |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-6405    |
| CVE-2020-8284    |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8284    |
| CVE-2020-8619    |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8619    |
| CVE-2021-1820    |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-1820    |
| CVE-2021-20197   |  6.9 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20197   |
| CVE-2021-20284   |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20284   |
| CVE-2021-22876   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22876   |
| CVE-2021-22898   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22898   |
| CVE-2021-22922   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22922   |
| CVE-2021-22923   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22923   |
| CVE-2021-22924   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22924   |
| CVE-2021-22925   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22925   |
| CVE-2021-22947   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22947   |
| CVE-2021-23336   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-23336   |
| CVE-2021-23841   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-23841   |
| CVE-2021-25214   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-25214   |
| CVE-2021-28153   |  6.9 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-28153   |
| CVE-2021-3426    |  6.9 |  AV:A  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3426    |
| CVE-2021-3487    |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3487    |
| CVE-2021-3541    |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3541    |
| CVE-2021-36084   |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-36084   |
| CVE-2021-36085   |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-36085   |
| CVE-2021-36086   |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-36086   |
| CVE-2021-36087   |  6.9 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-36087   |
| CVE-2021-3733    |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3733    |
| CVE-2021-37750   |  6.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-37750   |
| CVE-2021-3800    |  6.9 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3800    |
| CVE-2021-23177   |  6.6 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-23177   |
| CVE-2017-14166   |  6.5 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-14166   |
| CVE-2017-14501   |  6.5 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-14501   |
| CVE-2019-17450   |  6.5 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17450   |
| CVE-2019-17451   |  6.5 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17451   |
| CVE-2021-35938   |  6.5 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-35938   |
| CVE-2021-35939   |  6.5 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-35939   |
| CVE-2021-35937   |  6.3 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-35937   |
| CVE-2021-40528   |  5.9 |  AV:N  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-40528   |
| CVE-2021-3572    |  5.7 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3572    |
| CVE-2018-18700   |  5.5 |  AV:N  | POC |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-18700   |
| CVE-2018-20673   |  5.5 |  AV:L  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20673   |
| CVE-2019-1010204 |  5.5 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 |
| CVE-2019-1551    |  5.3 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-1551    |
| CVE-2020-14155   |  5.3 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14155   |
| CVE-2020-24370   |  5.3 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-24370   |
| CVE-2021-20269   |  4.7 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20269   |
| CVE-2021-31566   |  4.4 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-31566   |
| CVE-2021-3521    |  4.4 |  AV:L  |     |           | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3521    |
| CVE-2019-20386   |  3.9 |  AV:P  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20386   |
| CVE-2019-2708    |  3.9 |  AV:L  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-2708    |
+------------------+------+--------+-----+-----------+---------+---------------------------------------------------+

Checklist:

You don't have to satisfy all of the following.

Write tests
Write documentation
Check that there aren't other open pull requests for the same issue/feature
Format your source code by make fmt
Pass the test by make test
Provide verification config / commands
Enable "Allow edits from maintainers" for this PR
Update the messages below

Is this ready for review?: YES

Reference

fix(rdb): change query to Package Arch for each OS vulsio/goval-dictionary#178

fix(oval): fix RDB query

a03a75f

MaineK00n requested a review from kotakanbe December 24, 2021 01:40

MaineK00n self-assigned this Dec 24, 2021

kotakanbe merged commit 7aa296b into master Dec 25, 2021

MaineK00n deleted the MaineK00n/fix-rdb-query branch December 25, 2021 23:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(oval): fix RDB query #1347

fix(oval): fix RDB query #1347

MaineK00n commented Dec 24, 2021 •

edited

Loading

fix(oval): fix RDB query #1347

fix(oval): fix RDB query #1347

Conversation

MaineK00n commented Dec 24, 2021 • edited Loading

What did you implement:

Type of change

How Has This Been Tested?

commit: 0c6a892

MaineK00n/fix-rdb-query

Checklist:

Reference

MaineK00n commented Dec 24, 2021 •

edited

Loading

commit: `0c6a892`