ID

VAR-202003-1125


CVE

CVE-2020-1712


TITLE

Systemd Resource Management Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-14277 // CNNVD: CNNVD-202002-302

DESCRIPTION

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. systemd Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Systemd is a Linux-based system and service manager for German Lennart Poettering software developers. This product is compatible with SysV and LSB startup scripts, and provides a framework for expressing dependencies between system services. Systemd has a resource management error vulnerability, which originates from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are provided at this time. (CVE-2018-16888). Bug Fix(es): * systemd: systemctl reload command breaks ordering dependencies between units (BZ#1781712) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: systemd security update Advisory ID: RHSA-2020:0564-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0564 Issue date: 2020-02-20 CVE Names: CVE-2020-1712 ==================================================================== 1. Summary: An update for systemd is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux BaseOS E4S (v. 8.0): Source: systemd-239-13.el8_0.7.src.rpm aarch64: systemd-239-13.el8_0.7.aarch64.rpm systemd-container-239-13.el8_0.7.aarch64.rpm systemd-container-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-debugsource-239-13.el8_0.7.aarch64.rpm systemd-devel-239-13.el8_0.7.aarch64.rpm systemd-journal-remote-239-13.el8_0.7.aarch64.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-libs-239-13.el8_0.7.aarch64.rpm systemd-libs-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-pam-239-13.el8_0.7.aarch64.rpm systemd-pam-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-tests-239-13.el8_0.7.aarch64.rpm systemd-tests-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-udev-239-13.el8_0.7.aarch64.rpm systemd-udev-debuginfo-239-13.el8_0.7.aarch64.rpm ppc64le: systemd-239-13.el8_0.7.ppc64le.rpm systemd-container-239-13.el8_0.7.ppc64le.rpm systemd-container-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-debugsource-239-13.el8_0.7.ppc64le.rpm systemd-devel-239-13.el8_0.7.ppc64le.rpm systemd-journal-remote-239-13.el8_0.7.ppc64le.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-libs-239-13.el8_0.7.ppc64le.rpm systemd-libs-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-pam-239-13.el8_0.7.ppc64le.rpm systemd-pam-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-tests-239-13.el8_0.7.ppc64le.rpm systemd-tests-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-udev-239-13.el8_0.7.ppc64le.rpm systemd-udev-debuginfo-239-13.el8_0.7.ppc64le.rpm s390x: systemd-239-13.el8_0.7.s390x.rpm systemd-container-239-13.el8_0.7.s390x.rpm systemd-container-debuginfo-239-13.el8_0.7.s390x.rpm systemd-debuginfo-239-13.el8_0.7.s390x.rpm systemd-debugsource-239-13.el8_0.7.s390x.rpm systemd-devel-239-13.el8_0.7.s390x.rpm systemd-journal-remote-239-13.el8_0.7.s390x.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.s390x.rpm systemd-libs-239-13.el8_0.7.s390x.rpm systemd-libs-debuginfo-239-13.el8_0.7.s390x.rpm systemd-pam-239-13.el8_0.7.s390x.rpm systemd-pam-debuginfo-239-13.el8_0.7.s390x.rpm systemd-tests-239-13.el8_0.7.s390x.rpm systemd-tests-debuginfo-239-13.el8_0.7.s390x.rpm systemd-udev-239-13.el8_0.7.s390x.rpm systemd-udev-debuginfo-239-13.el8_0.7.s390x.rpm x86_64: systemd-239-13.el8_0.7.i686.rpm systemd-239-13.el8_0.7.x86_64.rpm systemd-container-239-13.el8_0.7.i686.rpm systemd-container-239-13.el8_0.7.x86_64.rpm systemd-container-debuginfo-239-13.el8_0.7.i686.rpm systemd-container-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-debuginfo-239-13.el8_0.7.i686.rpm systemd-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-debugsource-239-13.el8_0.7.i686.rpm systemd-debugsource-239-13.el8_0.7.x86_64.rpm systemd-devel-239-13.el8_0.7.i686.rpm systemd-devel-239-13.el8_0.7.x86_64.rpm systemd-journal-remote-239-13.el8_0.7.x86_64.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.i686.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-libs-239-13.el8_0.7.i686.rpm systemd-libs-239-13.el8_0.7.x86_64.rpm systemd-libs-debuginfo-239-13.el8_0.7.i686.rpm systemd-libs-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-pam-239-13.el8_0.7.x86_64.rpm systemd-pam-debuginfo-239-13.el8_0.7.i686.rpm systemd-pam-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-tests-239-13.el8_0.7.x86_64.rpm systemd-tests-debuginfo-239-13.el8_0.7.i686.rpm systemd-tests-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-udev-239-13.el8_0.7.x86_64.rpm systemd-udev-debuginfo-239-13.el8_0.7.i686.rpm systemd-udev-debuginfo-239-13.el8_0.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1712 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXk8DR9zjgjWX9erEAQgBCg//bdjwG4MYbuUKH41pwWeyyVXLClAEkUTT irLt1PiN07Ij5q0Gd9UTrd0SAsmUZTWpgSfPktIHldaWmTSfUPAX6v7ls2Rsivqr ut7n34YIP5DFKk6UKVl6HBGv8O+H/4Now/2NyizaNVjM0FI8vE27OlObfE7Y2UX6 BUPtRK/4rEl2pqEthSI1Kj/PRgc2B+nfvXbhK2BrRqG8WW0CUeDBC1I1GvpJbQEG D/IVBt5GKFdAN+f2MvN4aldShOej31BbUGrewISOsfd61epJl4QTGHMKqt0e58q2 axRrPcigMj5tKDa6Dr55ubs1xDQ2sAk/3wyy+RLhQEexWTZJUc19O+nvM8/stfFd 0DlYxg7j8p0BKODcab733VcveoRZj+AQp87umHjvvoTHR9eaCECCXqyHGOF9Tgfy X2PhZniainF2qMH9jlEQeF3n1EwRw0aaFhrEX49OOMufeGHHBCz3yAyAlvb73qcT gfFiZb3Y2X3FbnRZTwv8bSXy9/tp1LA9QWfrX/hNpHYnPNcsJAdrLxOAjdLXL7sd XLIPPQ3kydDRjZ1S4tUzJgRwiq4T6gR4HMF6lHF0s9HIp9l6R3PoQpfPZiK1Ffsf HSzoC6UXy+fI9OesRyKQuCOErujb9ZBpNIcZkxjXLt6vUAh75peSOd9vnzullSAl QZ/iez2MHuc=dZRW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: systemd: Heap use-after-free Date: March 15, 2020 Bugs: #708806 ID: 202003-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A heap use-after-free flaw in systemd at worst might allow an attacker to execute arbitrary code. Background ========== A system and service manager. Workaround ========== There is no known workaround at this time. Resolution ========== All systemd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/systemd-244.3" References ========== [ 1 ] CVE-2020-1712 https://nvd.nist.gov/vuln/detail/CVE-2020-1712 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-20 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. CodeReady Workspaces runs in OpenShift and is well-suited for container-based development. Solution: To start using CodeReady Workspaces, download and install it using the instructions provided in the Red Hat CodeReady Workspaces Installation Guide linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1816789 - CVE-2020-10689 che: pods in kubernetes cluster can bypass JWT proxy and send unauthenticated requests to workspace pods 5. JIRA issues fixed (https://issues.jboss.org/): CRW-402 - CRW 2.1 devfiles CRW-507 - CRW 2.1 Overall Epic CRW-510 - When not using TLS, Openshift plugin does not allow login via UI (but does work via console login) CRW-533 - Factory are never redirecting to the IDE once loaded CRW-535 - update factories link in CRW dashboard to point to updated user doc CRW-537 - Patches in che-theia repo for theia are not applied in crw-theia build CRW-544 - CRW 2.1 plugins+images CRW-572 - Node 10 example results in "Error: Cannot find module 'express'" CRW-573 - CRW 2.0.x branding update CRW-574 - Cannot inject a devfile or plugin at runtime (container doesn't include yq or build scripts) CRW-784 - Tag not replaced by digest in the `latest` version of plugins in the registry 6. ========================================================================== Ubuntu Security Notice USN-4269-1 February 05, 2020 systemd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in systemd. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888) It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. (CVE-2019-20386) Jann Horn discovered that systemd incorrectly handled services that use the DynamicUser property. A local attacker could possibly use this issue to access resources owned by a different service in the future. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-1712) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: systemd 242-7ubuntu3.6 Ubuntu 18.04 LTS: systemd 237-3ubuntu10.38 Ubuntu 16.04 LTS: systemd 229-4ubuntu21.27 After a standard system update you need to reboot your computer to make all the necessary changes

Trust: 2.79

sources: NVD: CVE-2020-1712 // JVNDB: JVNDB-2020-003920 // CNVD: CNVD-2020-14277 // VULMON: CVE-2020-1712 // PACKETSTORM: 156510 // PACKETSTORM: 156465 // PACKETSTORM: 159727 // PACKETSTORM: 156740 // PACKETSTORM: 157228 // PACKETSTORM: 156226

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14277

AFFECTED PRODUCTS

vendor:redhatmodel:discoveryscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:4.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:ceph storagescope:eqversion:4.0

Trust: 1.0

vendor:redhatmodel:migration toolkitscope:eqversion:1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:systemdmodel:systemdscope:lteversion:244

Trust: 1.0

vendor:freedesktopmodel:systemdscope:eqversion:245-rc1

Trust: 0.8

vendor:red hatmodel:ceph storagescope: - version: -

Trust: 0.8

vendor:red hatmodel:discoveryscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope: - version: -

Trust: 0.8

vendor:red hatmodel:migration toolkitscope: - version: -

Trust: 0.8

vendor:red hatmodel:openshift container platformscope: - version: -

Trust: 0.8

vendor:systemdmodel:systemdscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-14277 // JVNDB: JVNDB-2020-003920 // NVD: CVE-2020-1712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1712
value: HIGH

Trust: 1.0

secalert@redhat.com: CVE-2020-1712
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003920
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-14277
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-302
value: HIGH

Trust: 0.6

VULMON: CVE-2020-1712
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1712
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003920
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-14277
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1712
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-003920
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14277 // VULMON: CVE-2020-1712 // JVNDB: JVNDB-2020-003920 // CNNVD: CNNVD-202002-302 // NVD: CVE-2020-1712 // NVD: CVE-2020-1712

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.8

sources: JVNDB: JVNDB-2020-003920 // NVD: CVE-2020-1712

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 156226 // CNNVD: CNNVD-202002-302

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202002-302

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003920

PATCH

title:sd-bus: introduce API for re-enqueuing incoming messagesurl:https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54

Trust: 0.8

title:polkit: when authorizing via PK let's re-resolve callback/userdata in…url:https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb

Trust: 0.8

title:Fix typo in function nameurl:https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d

Trust: 0.8

title:Merge branch 'polkit-ref-count'url:https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2

Trust: 0.8

title:Bug 1794578url:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712

Trust: 0.8

title:Patch for Systemd Resource Management Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/205305

Trust: 0.6

title:systemd Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110682

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2020/04/06/security_roundup/

Trust: 0.2

title:Red Hat: Important: systemd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200564 - Security Advisory

Trust: 0.1

title:Red Hat: Important: systemd security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200575 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: systemd: CVE-2020-1712url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2c2746b33bd39124d12ed8e5982f4f46

Trust: 0.1

title:Arch Linux Advisories: [ASA-202002-8] systemd: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202002-8

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1388url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1388

Trust: 0.1

title:Ubuntu Security Notice: systemd vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4269-1

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-1712 log

Trust: 0.1

title:Red Hat: Moderate: Red Hat CodeReady Workspaces 2.1.0 releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201475 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2020-1712

Trust: 0.1

title:CacheCheckerurl:https://github.com/SamanthaYu/CacheChecker

Trust: 0.1

title:master_librarianurl:https://github.com/CoolerVoid/master_librarian

Trust: 0.1

title:snykouturl:https://github.com/garethr/snykout

Trust: 0.1

sources: CNVD: CNVD-2020-14277 // VULMON: CVE-2020-1712 // JVNDB: JVNDB-2020-003920 // CNNVD: CNNVD-202002-302

EXTERNAL IDS

db:NVDid:CVE-2020-1712

Trust: 3.7

db:OPENWALLid:OSS-SECURITY/2020/02/05/1

Trust: 2.5

db:JVNDBid:JVNDB-2020-003920

Trust: 0.8

db:PACKETSTORMid:156510

Trust: 0.7

db:PACKETSTORMid:156465

Trust: 0.7

db:PACKETSTORMid:156740

Trust: 0.7

db:PACKETSTORMid:157228

Trust: 0.7

db:PACKETSTORMid:156226

Trust: 0.7

db:CNVDid:CNVD-2020-14277

Trust: 0.6

db:AUSCERTid:ESB-2020.0443

Trust: 0.6

db:AUSCERTid:ESB-2020.3700

Trust: 0.6

db:AUSCERTid:ESB-2020.0633

Trust: 0.6

db:AUSCERTid:ESB-2020.1349

Trust: 0.6

db:AUSCERTid:ESB-2020.0661

Trust: 0.6

db:CNNVDid:CNNVD-202002-302

Trust: 0.6

db:VULMONid:CVE-2020-1712

Trust: 0.1

db:PACKETSTORMid:159727

Trust: 0.1

sources: CNVD: CNVD-2020-14277 // VULMON: CVE-2020-1712 // JVNDB: JVNDB-2020-003920 // PACKETSTORM: 156510 // PACKETSTORM: 156465 // PACKETSTORM: 159727 // PACKETSTORM: 156740 // PACKETSTORM: 157228 // PACKETSTORM: 156226 // CNNVD: CNNVD-202002-302 // NVD: CVE-2020-1712

REFERENCES

url:https://www.openwall.com/lists/oss-security/2020/02/05/1

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-1712

Trust: 1.9

url:https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2

Trust: 1.7

url:https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2020-1712

Trust: 1.7

url:https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb

Trust: 1.7

url:https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2020-1712

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1712

Trust: 0.8

url:https://access.redhat.com/errata/rhsa-2020

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200353-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3700/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1349/

Trust: 0.6

url:https://packetstormsecurity.com/files/156465/red-hat-security-advisory-2020-0564-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/156226/ubuntu-security-notice-usn-4269-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0443/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0633/

Trust: 0.6

url:https://vigilance.fr/vulnerability/systemd-use-after-free-via-asynchronous-polkit-queries-31527

Trust: 0.6

url:https://packetstormsecurity.com/files/156740/gentoo-linux-security-advisory-202003-20.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0661/

Trust: 0.6

url:https://packetstormsecurity.com/files/156510/red-hat-security-advisory-2020-0575-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157228/red-hat-security-advisory-2020-1475-01.html

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/errata/rhsa-2020:0564

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18408

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10531

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2020-1712

Trust: 0.1

url:https://github.com/samanthayu/cachechecker

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://alas.aws.amazon.com/al2/alas-2020-1388.html

Trust: 0.1

url:https://usn.ubuntu.com/4269-1/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:0575

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8768

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8535

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8611

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8203

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8676

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-9251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20060

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11070

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1547

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7664

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8607

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12052

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15366

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8601

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11324

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11324

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11236

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-10739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16890

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8536

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8686

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8671

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12447

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8544

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12049

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8571

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19519

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8677

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5436

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13753

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11459

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12447

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8679

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20483

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8619

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4298

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8622

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7598

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8681

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3825

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18074

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6237

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6706

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20337

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8687

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13822

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8457

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5953

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15847

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11236

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12245

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8726

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8610

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1563

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16890

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11070

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16056

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-10739

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18074

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11110

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19959

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8563

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010180

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8609

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8587

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8506

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8583

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-9251

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11008

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11459

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8597

Trust: 0.1

url:https://security.gentoo.org/glsa/202003-20

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.1/html-single/installation_guide/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15031

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15030

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15031

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15030

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18397

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18660

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13734

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1475

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10531

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1348

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1349

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1352

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18408

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19527

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1349

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1387

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1387

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18660

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1352

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18397

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1348

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20386

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/systemd/242-7ubuntu3.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.27

Trust: 0.1

url:https://usn.ubuntu.com/4269-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16888

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.38

Trust: 0.1

sources: CNVD: CNVD-2020-14277 // VULMON: CVE-2020-1712 // JVNDB: JVNDB-2020-003920 // PACKETSTORM: 156510 // PACKETSTORM: 156465 // PACKETSTORM: 159727 // PACKETSTORM: 156740 // PACKETSTORM: 157228 // PACKETSTORM: 156226 // CNNVD: CNNVD-202002-302 // NVD: CVE-2020-1712

CREDITS

Ubuntu,Red Hat,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-202002-302

SOURCES

db:CNVDid:CNVD-2020-14277
db:VULMONid:CVE-2020-1712
db:JVNDBid:JVNDB-2020-003920
db:PACKETSTORMid:156510
db:PACKETSTORMid:156465
db:PACKETSTORMid:159727
db:PACKETSTORMid:156740
db:PACKETSTORMid:157228
db:PACKETSTORMid:156226
db:CNNVDid:CNNVD-202002-302
db:NVDid:CVE-2020-1712

LAST UPDATE DATE

2024-08-14T12:44:11.311000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-14277date:2020-02-28T00:00:00
db:VULMONid:CVE-2020-1712date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-003920date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202002-302date:2022-07-01T00:00:00
db:NVDid:CVE-2020-1712date:2023-11-07T03:19:28.413

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-14277date:2020-02-28T00:00:00
db:VULMONid:CVE-2020-1712date:2020-03-31T00:00:00
db:JVNDBid:JVNDB-2020-003920date:2020-04-30T00:00:00
db:PACKETSTORMid:156510date:2020-02-25T15:14:33
db:PACKETSTORMid:156465date:2020-02-21T15:29:04
db:PACKETSTORMid:159727date:2020-10-27T16:59:02
db:PACKETSTORMid:156740date:2020-03-15T14:00:09
db:PACKETSTORMid:157228date:2020-04-15T00:13:27
db:PACKETSTORMid:156226date:2020-02-05T19:03:17
db:CNNVDid:CNNVD-202002-302date:2020-02-07T00:00:00
db:NVDid:CVE-2020-1712date:2020-03-31T17:15:26.577