ID

VAR-202005-0223


CVE

CVE-2020-13631


TITLE

SQLite In Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005730

DESCRIPTION

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. SQLite There is an unspecified vulnerability in.Information may be tampered with. SQLite is an open source embedded relational database management system based on C language developed by American D.Richard Hipp software developer. The system has the characteristics of independence, isolation and cross-platform. An attacker could exploit this vulnerability to rename the virtual form to the name of one of the shadow forms. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS 14.0 and iPadOS 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211850. AppleAVD Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9958: Mohamed Ghannam (@_simo36) Assets Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker may be able to misuse a trust relationship to download malicious content Description: A trust issue was addressed by removing a legacy API. CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup Entry updated November 12, 2020 Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreAudio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreCapture Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas Entry added November 12, 2020 Disk Images Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Entry added November 12, 2020 Icons Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs IDE Device Support Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network Description: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium zLabs Entry updated September 17, 2020 ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab Entry added November 12, 2020 ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Entry added November 12, 2020 IOSurfaceAccelerator Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03) Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Entry added November 12, 2020 Keyboard Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9981: found by OSS-Fuzz Entry added November 12, 2020 Mail Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Entry added November 12, 2020 Messages Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9988: William Breuer of the Netherlands CVE-2020-9989: von Brunn Media Entry added November 12, 2020 Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-13520: Aleksandar Nikolic of Cisco Talos Entry added November 12, 2020 Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-6147: Aleksandar Nikolic of Cisco Talos CVE-2020-9972: Aleksandar Nikolic of Cisco Talos Entry added November 12, 2020 Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9973: Aleksandar Nikolic of Cisco Talos NetworkExtension Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to elevate privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro Entry added November 12, 2020 Phone Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: The screen lock may not engage after the specified time period Description: This issue was addressed with improved checks. CVE-2020-9946: Daniel Larsson of iolight AB Quick Look Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious app may be able to determine the existence of files on the computer Description: The issue was addressed with improved handling of icon caches. CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security Entry added November 12, 2020 Safari Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to determine a user's open tabs in Safari Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2020-9977: Josh Parnham (@joshparnham) Entry added November 12, 2020 Safari Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved UI handling. CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski Entry added November 12, 2020 Sandbox Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added November 12, 2020 Sandbox Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec Entry updated September 17, 2020 Siri Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen Description: A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. CVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan Gulguler SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Entry added November 12, 2020 WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9947: cc working with Trend Micro Zero Day Initiative CVE-2020-9950: cc working with Trend Micro Zero Day Initiative CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos Entry added November 12, 2020 WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9983: zhunki Entry added November 12, 2020 WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com) Wi-Fi Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2020-10013: Yu Wang of Didi Research America Entry added November 12, 2020 Additional recognition App Store We would like to acknowledge Giyas Umarov of Holmdel High School for their assistance. Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab for their assistance. Entry added November 12, 2020 Bluetooth We would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance. CallKit We would like to acknowledge Federico Zanetello for their assistance. CarPlay We would like to acknowledge an anonymous researcher for their assistance. Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Entry added November 12, 2020 Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. debugserver We would like to acknowledge Linus Henze (pinauten.de) for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. iBoot We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. Entry updated November 12, 2020 libarchive We would like to acknowledge Dzmitry Plotnikau and an anonymous researcher for their assistance. lldb We would like to acknowledge Linus Henze (pinauten.de) for their assistance. Entry added November 12, 2020 Location Framework We would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance. Entry updated October 19, 2020 Mail We would like to acknowledge an anonymous researcher for their assistance. Entry added November 12, 2020 Mail Drafts We would like to acknowledge Jon Bottarini of HackerOne for their assistance. Entry added November 12, 2020 Maps We would like to acknowledge Matthew Dolan of Amazon Alexa for their assistance. NetworkExtension We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo Song’ of ‘Symantec, a division of Broadcom’ for their assistance. Phone Keypad We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz University, an anonymous researcher for their assistance. Entry updated November 12, 2020 Safari We would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance. Entry added November 12, 2020 Safari Reader We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 Security We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance. Entry added November 12, 2020 Status Bar We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and an anonymous researcher for their assistance. Telephony We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey @canbkmaz, Yiğit Can YILMAZ (@yilmazcanyigit), an anonymous researcher for their assistance. Entry updated November 12, 2020 UIKit We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt, and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk Inc for their assistance. Web App We would like to acknowledge Augusto Alvarez of Outcourse Limited for their assistance. WebKit We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 14.0 and iPadOS 14.0". This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6 jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n 7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8 pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg /isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8 uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA= =WdqR -----END PGP SIGNATURE----- . Bug Fix(es): * Configuring the system with non-RT kernel will hang the system (BZ#1923220) 3. Bugs fixed (https://bugzilla.redhat.com/): 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 5. JIRA issues fixed (https://issues.jboss.org/): CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs CNF-854 - Performance tests in CNF Tests 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SQLite: Multiple vulnerabilities Date: July 27, 2020 Bugs: #716748 ID: 202007-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code. Background ========= SQLite is a C library that implements an SQL database engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/sqlite < 3.32.3 >= 3.32.3 Description ========== Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All SQLite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-db/sqlite-3.32.3" References ========= [ 1 ] CVE-2019-20218 https://nvd.nist.gov/vuln/detail/CVE-2019-20218 [ 2 ] CVE-2020-11655 https://nvd.nist.gov/vuln/detail/CVE-2020-11655 [ 3 ] CVE-2020-11656 https://nvd.nist.gov/vuln/detail/CVE-2020-11656 [ 4 ] CVE-2020-13434 https://nvd.nist.gov/vuln/detail/CVE-2020-13434 [ 5 ] CVE-2020-13435 https://nvd.nist.gov/vuln/detail/CVE-2020-13435 [ 6 ] CVE-2020-13630 https://nvd.nist.gov/vuln/detail/CVE-2020-13630 [ 7 ] CVE-2020-13631 https://nvd.nist.gov/vuln/detail/CVE-2020-13631 [ 8 ] CVE-2020-13632 https://nvd.nist.gov/vuln/detail/CVE-2020-13632 [ 9 ] CVE-2020-13871 https://nvd.nist.gov/vuln/detail/CVE-2020-13871 [ 10 ] CVE-2020-15358 https://nvd.nist.gov/vuln/detail/CVE-2020-15358 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-26 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. Bug Fix(es): * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479) * The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251) * The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634) * [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414) * The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991) * Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081) * [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122) 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup 5. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Release of OpenShift Serverless 1.12.0 Advisory ID: RHSA-2021:0146-01 Product: Red Hat OpenShift Serverless Advisory URL: https://access.redhat.com/errata/RHSA-2021:0146 Issue date: 2021-01-14 CVE Names: CVE-2018-20843 CVE-2019-5018 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-16168 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-6405 CVE-2020-7595 CVE-2020-9327 CVE-2020-10029 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-24553 CVE-2020-24659 CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 ===================================================================== 1. Summary: Release of OpenShift Serverless 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section. 2. Description: Red Hat OpenShift Serverless 1.12.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Security Fix(es): * golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS (CVE-2020-24553) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) * golang: malicious symbol names can lead to code execution at build time (CVE-2020-28366) * golang: improper validation of cgo flags can lead to code execution at build time (CVE-2020-28367) For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. 3. Solution: See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0 5. References: https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-24553 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-28366 https://access.redhat.com/security/cve/CVE-2020-28367 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc

Trust: 2.34

sources: NVD: CVE-2020-13631 // JVNDB: JVNDB-2020-005730 // VULHUB: VHN-166429 // PACKETSTORM: 160061 // PACKETSTORM: 161548 // PACKETSTORM: 158592 // PACKETSTORM: 161016 // PACKETSTORM: 160062 // PACKETSTORM: 161742 // PACKETSTORM: 160961

AFFECTED PRODUCTS

vendor:oraclemodel:communications network charging and controlscope:lteversion:12.0.3

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.0

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.0

Trust: 1.0

vendor:oraclemodel:outside in technologyscope:eqversion:8.5.5

Trust: 1.0

vendor:brocademodel:fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:11.5

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.10.9

Trust: 1.0

vendor:oraclemodel:communications network charging and controlscope:eqversion:6.0.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:sqlitemodel:sqlitescope:ltversion:3.32.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.0

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.0.1

Trust: 1.0

vendor:oraclemodel:outside in technologyscope:eqversion:8.5.4

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications network charging and controlscope:gteversion:12.0.0

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:sqlitemodel:sqlitescope:eqversion:3.32.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-005730 // NVD: CVE-2020-13631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-13631
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005730
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-1351
value: MEDIUM

Trust: 0.6

VULHUB: VHN-166429
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-13631
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005730
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-166429
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-13631
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005730
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-166429 // JVNDB: JVNDB-2020-005730 // CNNVD: CNNVD-202005-1351 // NVD: CVE-2020-13631

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-13631

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1351

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1351

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005730

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-166429

PATCH

title:FEDORA-2020-0477f8840eurl:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/

Trust: 0.8

title:Check-in [eca0ba2c]url:https://sqlite.org/src/info/eca0ba2cf4c0fdf7

Trust: 0.8

title:SQLite Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=121034

Trust: 0.6

sources: JVNDB: JVNDB-2020-005730 // CNNVD: CNNVD-202005-1351

EXTERNAL IDS

db:NVDid:CVE-2020-13631

Trust: 3.2

db:SIEMENSid:SSA-389290

Trust: 1.7

db:PACKETSTORMid:161548

Trust: 0.8

db:PACKETSTORMid:160061

Trust: 0.8

db:PACKETSTORMid:158592

Trust: 0.8

db:PACKETSTORMid:160961

Trust: 0.8

db:JVNDBid:JVNDB-2020-005730

Trust: 0.8

db:PACKETSTORMid:162659

Trust: 0.7

db:PACKETSTORMid:159817

Trust: 0.7

db:PACKETSTORMid:160125

Trust: 0.7

db:PACKETSTORMid:160545

Trust: 0.7

db:CNNVDid:CNNVD-202005-1351

Trust: 0.7

db:PACKETSTORMid:158024

Trust: 0.6

db:AUSCERTid:ESB-2021.0584

Trust: 0.6

db:AUSCERTid:ESB-2020.3181.2

Trust: 0.6

db:AUSCERTid:ESB-2021.2412

Trust: 0.6

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2021.0691

Trust: 0.6

db:AUSCERTid:ESB-2020.2019

Trust: 0.6

db:AUSCERTid:ESB-2020.4513

Trust: 0.6

db:AUSCERTid:ESB-2020.4100

Trust: 0.6

db:AUSCERTid:ESB-2021.1727

Trust: 0.6

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:AUSCERTid:ESB-2021.2515

Trust: 0.6

db:AUSCERTid:ESB-2021.0234

Trust: 0.6

db:AUSCERTid:ESB-2021.0171

Trust: 0.6

db:AUSCERTid:ESB-2021.1679

Trust: 0.6

db:AUSCERTid:ESB-2021.3221

Trust: 0.6

db:AUSCERTid:ESB-2021.0099

Trust: 0.6

db:AUSCERTid:ESB-2021.0864

Trust: 0.6

db:AUSCERTid:ESB-2020.3884

Trust: 0.6

db:CS-HELPid:SB2022071831

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:CS-HELPid:SB2021052221

Trust: 0.6

db:CS-HELPid:SB2021072292

Trust: 0.6

db:CS-HELPid:SB2022060618

Trust: 0.6

db:NSFOCUSid:46787

Trust: 0.6

db:LENOVOid:LEN-60182

Trust: 0.6

db:PACKETSTORMid:160062

Trust: 0.2

db:PACKETSTORMid:162694

Trust: 0.1

db:PACKETSTORMid:160064

Trust: 0.1

db:CNVDid:CNVD-2020-50093

Trust: 0.1

db:VULHUBid:VHN-166429

Trust: 0.1

db:PACKETSTORMid:161016

Trust: 0.1

db:PACKETSTORMid:161742

Trust: 0.1

sources: VULHUB: VHN-166429 // JVNDB: JVNDB-2020-005730 // PACKETSTORM: 160061 // PACKETSTORM: 161548 // PACKETSTORM: 158592 // PACKETSTORM: 161016 // PACKETSTORM: 160062 // PACKETSTORM: 161742 // PACKETSTORM: 160961 // CNNVD: CNNVD-202005-1351 // NVD: CVE-2020-13631

REFERENCES

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13631

Trust: 1.9

url:https://security.gentoo.org/glsa/202007-26

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://support.apple.com/kb/ht211843

Trust: 1.7

url:https://support.apple.com/kb/ht211844

Trust: 1.7

url:https://support.apple.com/kb/ht211850

Trust: 1.7

url:https://support.apple.com/kb/ht211931

Trust: 1.7

url:https://support.apple.com/kb/ht211935

Trust: 1.7

url:https://support.apple.com/kb/ht211952

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20200608-0002/

Trust: 1.7

url:https://security.freebsd.org/advisories/freebsd-sa-20:22.sqlite.asc

Trust: 1.7

url:http://seclists.org/fulldisclosure/2020/nov/20

Trust: 1.7

url:http://seclists.org/fulldisclosure/2020/nov/19

Trust: 1.7

url:http://seclists.org/fulldisclosure/2020/nov/22

Trust: 1.7

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 1.7

url:https://bugs.chromium.org/p/chromium/issues/detail?id=1080459

Trust: 1.7

url:https://sqlite.org/src/info/eca0ba2cf4c0fdf7

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.7

url:https://usn.ubuntu.com/4394-1/

Trust: 1.7

url:https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3cissues.guacamole.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l7kxqwhiy2mqp4lnm6odwjenmxyyqybn/

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13631

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7kxqwhiy2mqp4lnm6odwjenmxyyqybn/

Trust: 0.7

url:https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3cissues.guacamole.apache.org%3e

Trust: 0.7

url:http://www.nsfocus.net/vulndb/46787

Trust: 0.6

url:https://packetstormsecurity.com/files/160125/red-hat-security-advisory-2020-5149-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/160961/red-hat-security-advisory-2021-0146-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-3/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-60182

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2515

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1727

Trust: 0.6

url:https://support.apple.com/en-us/ht211844

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4513/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0234/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2019/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0584

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3884/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071831

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0171/

Trust: 0.6

url:https://support.apple.com/en-us/ht211935

Trust: 0.6

url:https://packetstormsecurity.com/files/162659/red-hat-security-advisory-2021-1968-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072292

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0864

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1679

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060618

Trust: 0.6

url:https://packetstormsecurity.com/files/158024/ubuntu-security-notice-usn-4394-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4100/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052221

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0691

Trust: 0.6

url:https://packetstormsecurity.com/files/160545/apple-security-advisory-2020-12-14-4.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3221

Trust: 0.6

url:https://packetstormsecurity.com/files/158592/gentoo-linux-security-advisory-202007-26.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2412

Trust: 0.6

url:https://packetstormsecurity.com/files/159817/red-hat-security-advisory-2020-4442-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/160061/apple-security-advisory-2020-11-13-3.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0099/

Trust: 0.6

url:https://vigilance.fr/vulnerability/sqlite-three-vulnerabilities-32354

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-wml-ce-sqlite-through-3-32-0-has-various-security-issues/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3181.2/

Trust: 0.6

url:https://packetstormsecurity.com/files/161548/red-hat-security-advisory-2020-5364-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-13630

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-6405

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20387

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20218

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-1751

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13632

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-16168

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-20218

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-10029

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-24659

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13630

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-1752

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-9327

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19221

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13631

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-5018

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20387

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-5018

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-16168

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-15165

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14382

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19221

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17450

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-27813

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20916

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8492

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9961

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9951

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9947

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9944

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9954

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9943

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9965

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9876

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10013

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9949

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9849

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9950

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9952

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17450

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20916

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10029

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15165

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13632

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9802

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9895

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8625

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8812

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3899

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11068

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8819

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3867

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9893

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8808

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3902

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18197

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3900

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9805

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8820

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8769

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8710

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8813

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9850

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8811

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9803

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9862

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3885

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15503

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10018

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8835

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8764

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8844

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3865

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3864

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14391

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3862

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3901

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8823

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3895

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11793

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9894

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8816

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8771

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3897

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9806

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8814

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8743

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9915

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8815

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8783

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11068

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8766

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3868

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8846

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3894

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8782

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.2

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9964

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6147

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9963

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9941

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9958

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14899

Trust: 0.1

url:https://support.apple.com/ht211850.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9959

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25211

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10726

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10725

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10723

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10725

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10722

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10726

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5364

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5633

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11655

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11656

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13871

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8743

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1551

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1551

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8625

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9983

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9981

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9991

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9966

Trust: 0.1

url:https://support.apple.com/ht211843.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9969

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9979

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16300

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25684

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15166

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26160

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16230

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3156

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14467

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10103

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14469

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16229

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14882

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16227

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25683

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14461

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14881

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14463

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14879

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29652

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14469

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12321

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14461

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14882

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16230

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14467

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14462

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29661

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25682

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16300

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14462

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16229

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8622

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25685

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10103

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16228

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14463

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25686

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14879

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14470

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25681

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14470

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1752

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0146

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28362

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24553

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24553

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28366

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28366

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28367

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28367

Trust: 0.1

sources: VULHUB: VHN-166429 // JVNDB: JVNDB-2020-005730 // PACKETSTORM: 160061 // PACKETSTORM: 161548 // PACKETSTORM: 158592 // PACKETSTORM: 161016 // PACKETSTORM: 160062 // PACKETSTORM: 161742 // PACKETSTORM: 160961 // CNNVD: CNNVD-202005-1351 // NVD: CVE-2020-13631

CREDITS

Red Hat

Trust: 1.0

sources: PACKETSTORM: 161548 // PACKETSTORM: 161016 // PACKETSTORM: 161742 // PACKETSTORM: 160961 // CNNVD: CNNVD-202005-1351

SOURCES

db:VULHUBid:VHN-166429
db:JVNDBid:JVNDB-2020-005730
db:PACKETSTORMid:160061
db:PACKETSTORMid:161548
db:PACKETSTORMid:158592
db:PACKETSTORMid:161016
db:PACKETSTORMid:160062
db:PACKETSTORMid:161742
db:PACKETSTORMid:160961
db:CNNVDid:CNNVD-202005-1351
db:NVDid:CVE-2020-13631

LAST UPDATE DATE

2025-04-02T21:01:51.380000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-166429date:2022-05-13T00:00:00
db:JVNDBid:JVNDB-2020-005730date:2020-06-22T00:00:00
db:CNNVDid:CNNVD-202005-1351date:2023-06-30T00:00:00
db:NVDid:CVE-2020-13631date:2024-11-21T05:01:38.243

SOURCES RELEASE DATE

db:VULHUBid:VHN-166429date:2020-05-27T00:00:00
db:JVNDBid:JVNDB-2020-005730date:2020-06-22T00:00:00
db:PACKETSTORMid:160061date:2020-11-13T20:32:22
db:PACKETSTORMid:161548date:2021-02-25T15:30:03
db:PACKETSTORMid:158592date:2020-07-27T18:32:44
db:PACKETSTORMid:161016date:2021-01-19T14:45:45
db:PACKETSTORMid:160062date:2020-11-13T22:22:22
db:PACKETSTORMid:161742date:2021-03-10T16:02:43
db:PACKETSTORMid:160961date:2021-01-15T15:06:55
db:CNNVDid:CNNVD-202005-1351date:2020-05-27T00:00:00
db:NVDid:CVE-2020-13631date:2020-05-27T15:15:12.947