Security Report for TrueNAS SCALE 22.02.4

This is a security scan report of a default install of TrueNAS SCALE 22.02.4. When enabled, TrueNAS system services must be properly configured to prevent introducing any additional threat vectors. Follow industry best practices and the TrueNAS Documentation. If assistance is required, contact the iXsystems Support Team. If you are concered about results from a separate security audit that finds issues that are not listed below, contact the iXsystems Support Team for assistance.

  • Known Issues: 807 (See bottom of report)
  • False Flags: 0
  • Critical Severity Alerts: 0
  • High Severity Alerts: 0
  • Medium Severity Alerts: 2
  • Low Severity Alerts: 0
  • Information Alerts: 29


Security Scan Results

Medium Severity Alerts: 2

Nessus Alert ID 51192 - SSL Certificate Cannot Be Trusted Synopsis: The SSL certificate for this service cannot be trusted.

Nessus Alert ID 57582 - SSL Self-Signed Certificate Synopsis: The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

Solution: Install a proper SSL Certification to resolve these issues. Refer to the TrueNAS SCALE User Guide.

*Nessus Alert ID 12218 - mDNS Detection Synopsis: It is possible to obtain information about the remote host.


Information Alerts: 29

The remaining alerts are items that can be flagged as a security vulnerability by automated security scans, but are not vulnerabilities. For example, one of the listed alerts flags that TrueNAS uses an nginx web server. TrueNAS uses a web server to provide a User Interface for system configuration. This is a normal part of TrueNAS operation. The TrueNAS nginx server is current and contains all the latest security patches. If you have more specific security concerns regarding any of these alerts, please contact the iXsystems Support Team.


Nessus ID 45590 - Common Platform Enumeration (CPE) Synopsis: It was possible to enumerate CPE names that matched on the remote system.

Response:

The remote operating system matched the following CPE : cpe:/o:microsoft:windows_vista


Nessus ID 54615 - Device Type Synopsis: It is possible to guess the remote device type.

Response:

Remote device type : general-purpose Confidence level : 65


Nessus ID 35716 - Ethernet Card Manufacturer Detection Synopsis: The manufacturer can be identified from the Ethernet OUI.


Nessus ID 86420 - Ethernet MAC Addresses Synopsis : This plugin gathers MAC addresses from various sources and consolidates them into a list.


Nessus ID 10107 - HTTP Server Type and Version Synopsis : A web server is running on the remote host.

The remote web server type is : nginx The remote web server type is : Python/3.8 aiohttp/3.6.2 Ports 80, 443, 600


Nessus ID 24260 - HyperText Transfer Protocol (HTTP) Information Synopsis : Some information about the remote HTTP configuration can be extracted.

Ports 80, 443, 6000


Nessus ID 10114 - ICMP Timestamp Request Remote Date Disclosure Synopsis : It is possible to determine the exact time set on the remote host.

The remote clock is synchronized with the local clock.

If this is a concern in your operating environment, contact the iXsystems Support Team for assistance.


Nessus ID 11219 - Nessus SYN scanner Synopsis : It is possible to determine which TCP ports are open.

Ports 80, 111, 443, 6000


Nessus ID 19506 - Nessus Scan Information Synopsis : This plugin displays information about the Nessus scan.

Information about this scan : Nessus version : 8.14.0 Plugin feed version : 202105241315


Nessus ID 42823 - Non-compliant Strict Transport Security (STS) Synopsis: The remote web server implements Strict Transport Security incorrectly. Port 80

The Strict-Transport-Security header must not be sent over an unencrypted channel. Port 443 The response from the web server listening on port 80:

  • does not contain a Status-Code of 301.
  • does not contain a Location header field.

If this is a concern in your operating environment, contact the iXsystems Support Team for assistance.


Nessus ID 11936 - OS Identification Synopsis: It is possible to guess the remote operating system.

Response:

Remote operating system : Microsoft Windows Vista Confidence level : 65


Nessus ID 122364 - Python Remote HTTP Detection Synopsis: Python is running on the remote host. Port 6000

Path : / Version : 3.9 Product : Python


Nessus ID 11111 - RPC Services Enumeration Synopsis: An ONC RPC service is running on the remote host.. Port 111

The following RPC services are available on TCP port 111 :

  • program: 100000 (portmapper), version: 4
  • program: 100000 (portmapper), version: 3
  • program: 100000 (portmapper), version: 2

Nessus ID 53335 - RPC portmapper (TCP) Synopsis: An ONC RPC service is running on the remote host.. Port 111

tcp/111/rpc-portmapper


Nessus ID 10223 - RPC portmapper Service Detection Synopsis: An ONC RPC service is running on the remote host.. Port 111

udp/111/rpc-portmapper


Nessus ID 56984 - SSL / TLS Versions Supported Synopsis : The remote service encrypts communications.

tcp/443/www : This port supports TLSv1.3/TLSv1.2.


Nessus ID 10863 - SSL Certificate Information Synopsis : This plugin displays the SSL certificate.


Nessus ID 21643 - SSL Cipher Suites Supported Synopsis : The remote service encrypts communications using SSL.


Nessus ID 57041 - SSL Perfect Forward Secrecy Cipher Suites Supported Synopsis : The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.


Nessus ID 156899 - SSL/TLS Recommended Cipher Suites Synopsis : The remote host advertises discouraged SSL/TLS ciphers.

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below: High Strength Ciphers (>= 112-bit key) Name Code KEX Auth Encryption MAC


DHE-RSA-AES-128-CCM-AEAD 0xC0, 0x9E DH RSA AES-CCM(128) AEAD DHE-RSA-AES-128-CCM8-AEAD 0xC0, 0xA2 DH RSA AES-CCM8(128) AEAD DHE-RSA-AES-256-CCM-AEAD 0xC0, 0x9F DH RSA AES-CCM(256) AEAD DHE-RSA-AES-256-CCM8-AEAD 0xC0, 0xA3 DH RSA AES-CCM8(256) AEAD DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256 The fields above are : {Tenable ciphername} {Cipher ID code} Kex={key exchange} Auth={authentication} Encrypt={symmetric encryption method} MAC={message authentication code} {export flag}


Nessus ID 22964 - Service Detection Synopsis : The remote service could be identified.

tcp/80 : A web server is running on this port. tcp/443 : A TLSv1.2 server answered on this port. tcp/443 : A web server is running on this port through TLSv1.2.


Nessus ID 42822 - Strict Transport Security (STS) Detection Synopsis : The remote web server implements Strict Transport Security.

Ports: 80,443


Nessus ID 25220 - TCP/IP Timestamps Supported Synopsis : The remote service implements TCP timestamps.


Nessus ID 62564 - TLS Next Protocols Supported Synopsis : The remote service advertises one or more protocols as being supported over TLS.


Nessus ID 136318 - TLS Version 1.2 Protocol Detection Synopsis: The remote service encrypts traffic using a version of TLS.

Nessus ID 138330 - TLS Version 1.3 Protocol Detection Synopsis: The remote service encrypts traffic using a version of TLS.

Solution: The ability to control these globally is included in TrueNAS. If this is a concern in your operating environment, contact the iXsystems Support Team for assistance.


Nessus ID 10287 - Traceroute Information Synopsis : It was possible to obtain traceroute information.


Nessus ID 10386 - Web Server No 404 Error Code Check Synopsis : The remote web server does not return 404 error codes.

Ports 80, 443

All invalid URLS are redirected to the signin page.


Nessus ID 106375 - nginx HTTP Server Detection Synopsis : The nginx HTTP server was detected on the remote host.

Ports 80, 443



Known Issues : 807

KNOWN CVES

amd64-microcode 3.20191218.1: CVE-2019-9836

apache2 2.4.52: CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813

apparmor 2.13.6: CVE-2016-1585

avahi: CVE-2021-3468

bind 9.11.0: CVE-2021-25220 CVE-2021-25220 CVE-2021-25220

busybox: CVE-2021-28831 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVE-2022-28391

cifs-utils: CVE-2022-27239 CVE-2022-29869

consul 1.8.7: CVE-2021-37219 CVE-2021-38698 CVE-2022-24687 CVE-2022-29153

coreutils 8.32: CVE-2016-2781

cpio 2.13: CVE-2021-38185

curl 7.74.0: CVE-2021-22898 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 CVE-2022-22576 CVE-2022-27774 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 CVE-2022-35252

dirmngr 2.2.27: CVE-2022-34903

dnsmasq 2.85: CVE-2022-0934

dpkg 1.20.9: CVE-2022-1664 CVE-2022-1664

e2fsprogs 1.46.2: CVE-2022-1304

exim4 4.94.2: CVE-2021-38371

firmware-linux: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2021-23168 CVE-2021-23223 CVE-2021-37409 CVE-2021-44545 CVE-2022-21181

firmware-linux-nonfree: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2021-23168 CVE-2021-23223 CVE-2021-37409 CVE-2021-44545 CVE-2022-21181

gcc: CVE-2013-7445 CVE-2018-12928 CVE-2019-19378 CVE-2019-19449 CVE-2019-19814 CVE-2019-20794 CVE-2020-0347 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-14304 CVE-2020-15802 CVE-2020-26140 CVE-2020-26142 CVE-2020-26143 CVE-2020-26555 CVE-2020-36516 CVE-2021-26401 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33061 CVE-2021-33655 CVE-2021-33656 CVE-2021-3669 CVE-2021-3714 CVE-2021-3759 CVE-2021-3847 CVE-2021-3864 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-4037 CVE-2021-4149 CVE-2021-4155 CVE-2021-4197 CVE-2021-43976 CVE-2021-44879 CVE-2021-45095 CVE-2021-45469 CVE-2022-0001 CVE-2022-0002 CVE-2022-0330 CVE-2022-0435 CVE-2022-0480 CVE-2022-0492 CVE-2022-0494 CVE-2022-0617 CVE-2022-0854 CVE-2022-1011 CVE-2022-1012 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1247 CVE-2022-1280 CVE-2022-1353 CVE-2022-1462 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20368 CVE-2022-20369 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-2153 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-2318 CVE-2022-2380 CVE-2022-23816 CVE-2022-23825 CVE-2022-23960 CVE-2022-24448 CVE-2022-24958 CVE-2022-2503 CVE-2022-25258 CVE-2022-25375 CVE-2022-2586 CVE-2022-2588 CVE-2022-26365 CVE-2022-26373 CVE-2022-2639 CVE-2022-26490 CVE-2022-2663 CVE-2022-26966 CVE-2022-27223 CVE-2022-28356 CVE-2022-28388 CVE-2022-28390 CVE-2022-2873 CVE-2022-2961 CVE-2022-2964 CVE-2022-2978 CVE-2022-29900 CVE-2022-29901 CVE-2022-3028 CVE-2022-30594 CVE-2022-3061 CVE-2022-3169 CVE-2022-3202 CVE-2022-32250 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33744 CVE-2022-33981 CVE-2022-36879 CVE-2022-36946 CVE-2022-39188 CVE-2022-39189 CVE-2022-39842 CVE-2022-40307

git 2.30.2: CVE-2022-24765 CVE-2022-29187 CVE-2022-24765 CVE-2022-29187

gnupg 2.2.27: CVE-2022-34903

gnutls28: CVE-2021-4209 CVE-2022-2509 CVE-2021-4209 CVE-2022-2509

gzip 1.10: CVE-2022-1271

intel-microcode: CVE-2021-0127 CVE-2021-0145 CVE-2021-33117 CVE-2021-33120 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21151 CVE-2022-21166 CVE-2022-21233

keepalived: CVE-2021-44225

libapparmor1: CVE-2016-1585

libarchive13: CVE-2021-23177 CVE-2021-31566

libblas3: CVE-2021-4048

libbpf0: CVE-2021-45940 CVE-2021-45941

libc-bin: CVE-2021-33574 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219

libcairo-gobject2: CVE-2017-7475 CVE-2018-18064 CVE-2019-6461 CVE-2019-6462

libcom-err2 : CVE-2022-1304

libconfuse: CVE-2022-40320

libcpupower1: CVE-2013-7445 CVE-2018-12928 CVE-2019-19378 CVE-2019-19449 CVE-2019-19814 CVE-2019-20794 CVE-2020-0347 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-14304 CVE-2020-15802 CVE-2020-26140 CVE-2020-26142 CVE-2020-26143 CVE-2020-26555 CVE-2020-36516 CVE-2021-26401 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33061 CVE-2021-33655 CVE-2021-33656 CVE-2021-3669 CVE-2021-3714 CVE-2021-3759 CVE-2021-3847 CVE-2021-3864 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-4037 CVE-2021-4149 CVE-2021-4155 CVE-2021-4197 CVE-2021-43976 CVE-2021-44879 CVE-2021-45095 CVE-2021-45469 CVE-2022-0001 CVE-2022-0002 CVE-2022-0330 CVE-2022-0435 CVE-2022-0480 CVE-2022-0492 CVE-2022-0494 CVE-2022-0617 CVE-2022-0854 CVE-2022-1011 CVE-2022-1012 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1247 CVE-2022-1280 CVE-2022-1353 CVE-2022-1462 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20368 CVE-2022-20369 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-2153 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-2318 CVE-2022-2380 CVE-2022-23816 CVE-2022-23825 CVE-2022-23960 CVE-2022-24448 CVE-2022-24958 CVE-2022-2503 CVE-2022-25258 CVE-2022-25375 CVE-2022-2586 CVE-2022-2588 CVE-2022-26365 CVE-2022-26373 CVE-2022-2639 CVE-2022-26490 CVE-2022-2663 CVE-2022-26966 CVE-2022-27223 CVE-2022-28356 CVE-2022-28388 CVE-2022-28390 CVE-2022-2873 CVE-2022-2961 CVE-2022-2964 CVE-2022-2978 CVE-2022-29900 CVE-2022-29901 CVE-2022-3028 CVE-2022-30594 CVE-2022-3061 CVE-2022-3169 CVE-2022-3202 CVE-2022-32250 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33744 CVE-2022-33981 CVE-2022-36879 CVE-2022-36946 CVE-2022-39188 CVE-2022-39189 CVE-2022-39842 CVE-2022-40307

libcuda1: CVE-2022-21813 CVE-2022-21814 CVE-2022-28181 CVE-2022-28183 CVE-2022-28184 CVE-2022-28185 CVE-2022-28191 CVE-2022-28192 CVE-2022-31607 CVE-2022-31608 CVE-2022-31615

libcups2: CVE-2022-26691

libcurl3-gnutls: CVE-2021-22898 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 CVE-2022-22576 CVE-2022-27774 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 CVE-2022-35252

libcurl4: CVE-2021-22898 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 CVE-2022-22576 CVE-2022-27774 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 CVE-2022-35252

libdb5.3: CVE-2019-8457

libdpkg-perl: CVE-2022-1664

libexpat1: CVE-2022-40674

libext2fs2: CVE-2022-1304

libflac8: CVE-2021-0561

libfreetype6: CVE-2022-27404 CVE-2022-27405 CVE-2022-27406

libfribidi0: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310

libgcrypt20: CVE-2021-33560

libgd3: CVE-2021-38115 CVE-2021-40812

libglx-nvidia0: CVE-2022-21813 CVE-2022-21814 CVE-2022-28181 CVE-2022-28183 CVE-2022-28184 CVE-2022-28185 CVE-2022-28191 CVE-2022-28192 CVE-2022-31607 CVE-2022-31608 CVE-2022-31615

libharfbuzz0b: CVE-2022-33068

libhttp-daemon-perl:* CVE-2022-31081

libjpeg62-turbo: CVE-2021-46822

liblapack3: CVE-2021-4048

libldap: CVE-2022-29155

liblua: CVE-2019-6706 CVE-2020-24370 CVE-2021-43519

liblzma5: CVE-2022-1271

libmariadb3: CVE-2021-35604 CVE-2021-46659 CVE-2021-46661 CVE-2021-46662 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46667 CVE-2021-46668 CVE-2021-46669 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27385 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVE-2022-31621 CVE-2022-31622 CVE-2022-31623 CVE-2022-31624 CVE-2022-32081 CVE-2022-32082 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32086 CVE-2022-32087 CVE-2022-32088 CVE-2022-32089 CVE-2022-32091 CVE-2022-38791

libmodbus5: CVE-2022-0367

libncurses6: CVE-2022-29458

libnss: CVE-2021-3997

libnvcuvid1: CVE-2022-21813 CVE-2022-21814 CVE-2022-28181 CVE-2022-28183 CVE-2022-28184 CVE-2022-28185 CVE-2022-28191 CVE-2022-28192 CVE-2022-31607 CVE-2022-31608 CVE-2022-31615

libpam: CVE-2021-3997

libpcre2: CVE-2022-1586 CVE-2022-1587

libperl: CVE-2020-16156

libpolkit: CVE-2016-2568

libpq5: CVE-2022-1552 CVE-2022-2625

libprotobuf: CVE-2022-33070 CVE-2021-22569

librados2: CVE-2021-3979 CVE-2022-0670

librbd1: CVE-2021-3979 CVE-2022-0670

librte: CVE-2022-2132

libsasl2: CVE-2022-24407

libsepol1: CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087

libsndfile1: CVE-2021-4156

libsnmp: CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810

libsqlite3: CVE-2021-45346

libss2: CVE-2022-1304

libssl1.1: CVE-2022-2097

libsystemd0: CVE-2021-3997

libtiff: CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-22844 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-34526

libtinfo6: CVE-2022-29458

libtirpc-common: CVE-2021-46828

libunbound8 : CVE-2022-30698 CVE-2022-30699

libusbredirparser1: CVE-2021-3700

libvarnishapi2: CVE-2021-36740 CVE-2022-23959

libvirglrenderer1: CVE-2022-0135

libvirt 7.6.0: CVE-2021-3631 CVE-2021-3975 CVE-2021-4147 CVE-2022-0897

libxml2: CVE-2016-3709 CVE-2022-23308 CVE-2022-29824 CVE-2016-3709

libxslt1.1: CVE-2021-30560

logsave 1.46.2: CVE-2022-1304

mc 4.8.26: CVE-2021-36370

ncurses 6.2: CVE-2022-29458

nginx: CVE-2013-0337 CVE-2020-36309 CVE-2021-3618

nscd 2.31: CVE-2021-33574 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219

ntfs3g: CVE-2021-33285 CVE-2021-39254 CVE-2021-39257 CVE-2021-39258 CVE-2021-39253 CVE-2021-35266 CVE-2021-39261 CVE-2022-30788 CVE-2022-30789 CVE-2021-35267 CVE-2021-39259 CVE-2021-35269 CVE-2021-39255 CVE-2021-39262 CVE-2022-30784 CVE-2021-33287 CVE-2021-39256 CVE-2021-39263 CVE-2022-30787 CVE-2022-30786 CVE-2021-33289 CVE-2021-39251 CVE-2021-39252 CVE-2021-46790 CVE-2022-30783 CVE-2021-33286 CVE-2021-35268 CVE-2021-39260 CVE-2022-30785

open-vm-tools 11.2.5: CVE-2022-31676

openjdk-11-jre-headless 11.0.14: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169

openldap: CVE-2022-29155

opensc 0.21.0: CVE-2021-42778 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782

openssh 8.4: CVE-2021-41617

openssl 1.1.1n: CVE-2022-2097 CVE-2010-0928 CVE-2007-6755

openvpn 2.5.1: CVE-2022-0547

ovmf 2020.11: CVE-2019-14560 CVE-2021-28216 CVE-2021-38575 CVE-2021-38576 CVE-2021-38577 CVE-2021-38578

perl 5.32.1: CVE-2020-16156 CVE-2016-2568

python 2.7: CVE-2015-20107 CVE-2021-23336 CVE-2021-4189

python 3.9: CVE-2021-21240 CVE-2021-46823 CVE-2022-2309 CVE-2022-40023 CVE-2021-33430 CVE-2022-0718 CVE-2021-23437 CVE-2020-13757 CVE-2020-25658 CVE-2015-20107 CVE-2020-10735 CVE-2021-29921 CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVE-2021-4189 CVE-2022-0391 CVE-2015-20107 CVE-2020-10735 CVE-2021-29921 CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVE-2021-4189 CVE-2022-0391

qemu: CVE-2019-12067 CVE-2020-14394 CVE-2020-15469 CVE-2020-25741 CVE-2020-25742 CVE-2020-25743 CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2021-20196 CVE-2021-20203 CVE-2021-20255 CVE-2021-3507 CVE-2021-3735 CVE-2021-3750 CVE-2021-3930 CVE-2022-0216 CVE-2022-2962

rclone 1.56.1: CVE-2019-11840

rsync 3.2.3: CVE-2022-29154

shim-unsigned 15.4: CVE-2022-28737

snmpd 5.9: CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810

sqlite3 3.34.1: CVE-2021-45346

squashfs-tools: CVE-2021-40153 CVE-2021-41072

systemd 247.3: CVE-2021-3997

udev 247.3: CVE-2021-3997

unzip 6.0: CVE-2022-0529 CVE-2022-0530

vim: CVE-2021-3872 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2022-0156 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0408 CVE-2022-0413 CVE-2022-0417 CVE-2022-0443 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1154 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2207 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2862 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134

xz-utils 5.2.5: CVE-2022-1271

zlib1g : CVE-2018-25032 CVE-2022-37434

zsh 5.8: CVE-2021-45444



Service Hardening

Exposed services should be hardened according to your security needs and according to what your deployed environment will allow. There is no “One size fits all” solution. If you have questions or concerns ad have a support contract with iXsystems; contact your support representative. An example of services that may warrant hardening would be: nginx, ntp, openipmi, rpcbind, ssh, winbind, wsdd, etc

Back to SCALE Archive