ID

VAR-202006-0222


CVE

CVE-2020-14155


TITLE

Red Hat Security Advisory 2022-5840-01

Trust: 0.1

sources: PACKETSTORM: 167956

DESCRIPTION

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. PCRE is an open source regular expression library written in C language by Philip Hazel software developer. An input validation error vulnerability exists in libpcre in versions prior to PCRE 8.44. An attacker could exploit this vulnerability to execute arbitrary code or cause an application to crash on the system with a large number of requests. Summary: The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bug Fix(es): * Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216) * [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] (BZ#2091965) * MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step (BZ#2099856) * Correct DNS validation for destination namespace (BZ#2102231) * Deselecting all pvcs from UI still results in an attempted PVC transfer (BZ#2106073) 3. Bugs fixed (https://bugzilla.redhat.com/): 2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2082216 - Velero and Restic are using incorrect SCCs [OADP-BL] 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2091965 - [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] 2099856 - MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step 2102231 - Correct DNS validation for destination namespace 2106073 - Deselecting all pvcs from UI still results in an attempted PVC transfer 5. JIRA issues fixed (https://issues.jboss.org/): MIG-1155 - Update to newer ansible runner image for hooks MIG-1242 - Must set upper bound on OADP dep to prevent jump to 1.1 MIG-1254 - Investigate impact of deprecated Docker V2 Schema 1 for MTC on OCP3.11 6. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 macOS Big Sur 11.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211931. AMD Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27914: Yu Wang of Didi Research America CVE-2020-27915: Yu Wang of Didi Research America Entry added December 14, 2020 App Store Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Bluetooth Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: Multiple integer overflows were addressed with improved input validation. CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab CoreCapture Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas CoreGraphics Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro Crash Reporter Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27922: Mickey Jin of Trend Micro Entry added December 14, 2020 CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9999: Apple Entry updated December 14, 2020 Disk Images Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Finder Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Users may be unable to remove metadata indicating where files were downloaded from Description: The issue was addressed with additional user controls. CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com) FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved size validation. CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27931: Apple Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27930: Google Project Zero FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab Foundation Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins HomeKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to unexpectedly alter application state Description: This issue was addressed with improved setting propagation. CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27924: Lei Sun Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab CVE-2020-27923: Lei Sun Entry updated December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington Entry added December 14, 2020 Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Entry added December 14, 2020 Image Processing Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2020-9967: Alex Plaskett (@alexjplaskett) Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9975: Tielei Wang of Pangu Lab Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2020-27921: Linus Henze (pinauten.de) Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory initialization issue was addressed. CVE-2020-27950: Google Project Zero Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03) Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling. CVE-2020-27932: Google Project Zero libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27917: found by OSS-Fuzz CVE-2020-27920: found by OSS-Fuzz Entry updated December 14, 2020 libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Entry added December 14, 2020 libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to break out of its sandbox Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Logging Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03) Mail Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Messages Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9988: William Breuer of the Netherlands CVE-2020-9989: von Brunn Media Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-10011: Aleksandar Nikolic of Cisco Talos Entry added December 14, 2020 Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-13524: Aleksandar Nikolic of Cisco Talos Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-10004: Aleksandar Nikolic of Cisco Talos NetworkExtension Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved restrictions. CVE-2020-27901: Thijs Alkemade of Computest Research Division Entry added December 14, 2020 NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to preview files it does not have access to Description: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. CVE-2020-27900: Thijs Alkemade of Computest Research Division PCRE Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.44. CVE-2019-20838 CVE-2020-14155 Power Management Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative python Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Cookies belonging to one origin may be sent to another origin Description: Multiple issues were addressed with improved logic. CVE-2020-27896: an anonymous researcher Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious app may be able to determine the existence of files on the computer Description: The issue was addressed with improved handling of icon caches. CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted document may lead to a cross site scripting attack Description: An access issue was addressed with improved access restrictions. CVE-2020-10012: Heige of KnownSec 404 Team (https://www.knownsec.com/) and Bo Qu of Palo Alto Networks (https://www.paloaltonetworks.com/) Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to modify the file system Description: A path handling issue was addressed with improved validation. CVE-2020-27896: an anonymous researcher Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system Description: This issue was addressed with improved checks. CVE-2020-10663: Jeremy Evans Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine a user's open tabs in Safari Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2020-9977: Josh Parnham (@joshparnham) Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab Sandbox Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-9991 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Symptom Framework Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-27899: 08Tc3wBB working with ZecOps Entry added December 14, 2020 System Preferences Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2020-10009: Thijs Alkemade of Computest Research Division TCC Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application with root privileges may be able to access private information Description: A logic issue was addressed with improved restrictions. CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added December 14, 2020 WebKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27918: Liu Long of Ant Security Light-Year Lab Entry updated December 14, 2020 Wi-Fi Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker may be able to bypass Managed Frame Protection Description: A denial of service issue was addressed with improved state handling. CVE-2020-27898: Stephan Marais of University of Johannesburg Xsan Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing Additional recognition 802.1X We would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance. Entry added December 14, 2020 Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab, an anonymous researcher for their assistance. Bluetooth We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance. Entry updated December 14, 2020 Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Crash Reporter We would like to acknowledge Artur Byszko of AFINE for their assistance. Entry added December 14, 2020 Directory Utility We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. libxml2 We would like to acknowledge an anonymous researcher for their assistance. Entry added December 14, 2020 Login Window We would like to acknowledge Rob Morton of Leidos for their assistance. Photos Storage We would like to acknowledge Paulos Yibelo of LimeHats for their assistance. Quick Look We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Reguła of SecuRing (wojciechregula.blog) for their assistance. Safari We would like to acknowledge Gabriel Corona and Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance. Security We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance. System Preferences We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6 jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+ 9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B 1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8= =T5Y8 -----END PGP SIGNATURE----- . CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response Center FairPlay Available for: macOS Big Sur 11.0.1 Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security IOSkywalkFamily Available for: macOS Big Sur 11.0.1 Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1764: @m00nbsd Kernel Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: A malicious application may be able to elevate privileges. CVE-2020-29633: Jewel Lambert of Original Spin, LLC. Messages Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: A user that is removed from an iMessage group could rejoin the group Description: This issue was addressed with improved checks. CVE-2020-15358 Swift Available for: macOS Big Sur 11.0.1 Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1788: Francisco Alonso (@revskills) WebKit Available for: macOS Big Sur 11.0.1 Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1789: @S0rryMybad of 360 Vulcan Team WebKit Available for: macOS Big Sur 11.0.1 Impact: A remote attacker may be able to cause arbitrary code execution. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher WebRTC Available for: macOS Big Sur 11.0.1 Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar Additional recognition Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security fixes: * CVE-2021-3795 semver-regex: inefficient regular expression complexity * CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 Related bugs: * RHACM 2.2.10 images (Bugzilla #2013652) 3. Bugs fixed (https://bugzilla.redhat.com/): 2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images 5. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API. Security Fix(es): * nodejs-ssh2: Command injection by calling vulnerable method with untrusted input (CVE-2020-26301) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873) * Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted 2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update Advisory ID: RHSA-2021:4613-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:4613 Issue date: 2021-11-10 CVE Names: CVE-2019-17567 CVE-2019-20838 CVE-2020-13950 CVE-2020-14155 CVE-2020-35452 CVE-2021-3712 CVE-2021-23840 CVE-2021-23841 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 ===================================================================== 1. Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452) * httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690) * httpd: Heap overflow in mod_session (CVE-2021-26691) * httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567) * httpd: MergeSlashes regression (CVE-2021-30641) * httpd: mod_proxy NULL pointer dereference (CVE-2020-13950) * jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838) * pcre: integer overflow in libpcre (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/): 1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments 1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest 1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 1966738 - CVE-2020-13950 httpd: mod_proxy NULL pointer dereference 1966740 - CVE-2019-17567 httpd: mod_proxy_wstunnel tunneling of non Upgraded connection 1966743 - CVE-2021-30641 httpd: Unexpected URL matching with 'MergeSlashes OFF' 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 5. References: https://access.redhat.com/security/cve/CVE-2019-17567 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13950 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-35452 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-26690 https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-30641 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc

Trust: 1.8

sources: NVD: CVE-2020-14155 // VULHUB: VHN-167005 // PACKETSTORM: 167956 // PACKETSTORM: 165631 // PACKETSTORM: 166309 // PACKETSTORM: 160545 // PACKETSTORM: 161245 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 165096 // PACKETSTORM: 164928

AFFECTED PRODUCTS

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:gitlabmodel:gitlabscope:gteversion:13.1.0

Trust: 1.0

vendor:gitlabmodel:gitlabscope:ltversion:12.10.13

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:pcremodel:pcrescope:ltversion:8.44

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.15.0

Trust: 1.0

vendor:gitlabmodel:gitlabscope:ltversion:13.1.2

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:gitlabmodel:gitlabscope:ltversion:13.0.8

Trust: 1.0

vendor:gitlabmodel:gitlabscope:gteversion:13.0.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.0.1

Trust: 1.0

sources: NVD: CVE-2020-14155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14155
value: MEDIUM

Trust: 1.0

VULHUB: VHN-167005
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-14155
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-167005
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-14155
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-167005 // NVD: CVE-2020-14155

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

sources: VULHUB: VHN-167005 // NVD: CVE-2020-14155

TYPE

bypass

Trust: 0.2

sources: PACKETSTORM: 166309 // PACKETSTORM: 165209

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-167005

EXTERNAL IDS

db:NVDid:CVE-2020-14155

Trust: 2.0

db:PACKETSTORMid:161245

Trust: 0.2

db:PACKETSTORMid:165096

Trust: 0.2

db:PACKETSTORMid:166051

Trust: 0.2

db:PACKETSTORMid:167956

Trust: 0.2

db:PACKETSTORMid:160545

Trust: 0.2

db:PACKETSTORMid:164928

Trust: 0.2

db:PACKETSTORMid:165631

Trust: 0.2

db:PACKETSTORMid:165209

Trust: 0.2

db:PACKETSTORMid:166309

Trust: 0.2

db:CNVDid:CNVD-2020-53121

Trust: 0.1

db:PACKETSTORMid:165135

Trust: 0.1

db:PACKETSTORMid:168352

Trust: 0.1

db:PACKETSTORMid:165862

Trust: 0.1

db:PACKETSTORMid:165296

Trust: 0.1

db:PACKETSTORMid:165099

Trust: 0.1

db:PACKETSTORMid:166308

Trust: 0.1

db:PACKETSTORMid:165286

Trust: 0.1

db:PACKETSTORMid:168392

Trust: 0.1

db:PACKETSTORMid:166489

Trust: 0.1

db:PACKETSTORMid:165287

Trust: 0.1

db:PACKETSTORMid:164927

Trust: 0.1

db:PACKETSTORMid:164967

Trust: 0.1

db:PACKETSTORMid:165002

Trust: 0.1

db:PACKETSTORMid:165288

Trust: 0.1

db:PACKETSTORMid:165758

Trust: 0.1

db:PACKETSTORMid:165129

Trust: 0.1

db:PACKETSTORMid:164825

Trust: 0.1

db:PACKETSTORMid:167206

Trust: 0.1

db:PACKETSTORMid:168036

Trust: 0.1

db:CNNVDid:CNNVD-202006-1036

Trust: 0.1

db:VULHUBid:VHN-167005

Trust: 0.1

sources: VULHUB: VHN-167005 // PACKETSTORM: 167956 // PACKETSTORM: 165631 // PACKETSTORM: 166309 // PACKETSTORM: 160545 // PACKETSTORM: 161245 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 165096 // PACKETSTORM: 164928 // NVD: CVE-2020-14155

REFERENCES

url:https://security.netapp.com/advisory/ntap-20221028-0010/

Trust: 1.1

url:https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/

Trust: 1.1

url:https://support.apple.com/kb/ht211931

Trust: 1.1

url:https://support.apple.com/kb/ht212147

Trust: 1.1

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 1.1

url:http://seclists.org/fulldisclosure/2021/feb/14

Trust: 1.1

url:https://bugs.gentoo.org/717920

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.pcre.org/original/changelog.txt

Trust: 1.1

url:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.3

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41617

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-40346

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-39241

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20266

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.2

url:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28327

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29526

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29824

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1621

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28915

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27782

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1365

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28915

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22576

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27666

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000858

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36085

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27774

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3575

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15389

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30689

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30682

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10001

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-18032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1801

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1765

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1788

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21775

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21779

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10001

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3948

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27828

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1871

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29338

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30734

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26926

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1789

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30663

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3272

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15389

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27824

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3564

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0920

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0330

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0856

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25214

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4019

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4192

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3984

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25214

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0920

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3872

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10016

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10011

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10017

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27894

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27896

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13631

Trust: 0.1

url:https://support.apple.com/ht211931.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14899

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10003

Trust: 0.1

url:https://www.knownsec.com/)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10009

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10008

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13630

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10002

Trust: 0.1

url:https://www.paloaltonetworks.com/)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10012

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10663

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10006

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10007

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1742

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1757

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1753

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1744

Trust: 0.1

url:https://support.apple.com/ht212147.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29633

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1738

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1754

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27904

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1745

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1743

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27937

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1746

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1747

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1741

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5038

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3795

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23440

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0580

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24348

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44790

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28493

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26301

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26301

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28957

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20095

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28493

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26691

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35452

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26691

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17567

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4613

Trust: 0.1

sources: VULHUB: VHN-167005 // PACKETSTORM: 167956 // PACKETSTORM: 165631 // PACKETSTORM: 166309 // PACKETSTORM: 160545 // PACKETSTORM: 161245 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 165096 // PACKETSTORM: 164928 // NVD: CVE-2020-14155

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 167956 // PACKETSTORM: 165631 // PACKETSTORM: 166309 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 165096 // PACKETSTORM: 164928

SOURCES

db:VULHUBid:VHN-167005
db:PACKETSTORMid:167956
db:PACKETSTORMid:165631
db:PACKETSTORMid:166309
db:PACKETSTORMid:160545
db:PACKETSTORMid:161245
db:PACKETSTORMid:165209
db:PACKETSTORMid:166051
db:PACKETSTORMid:165096
db:PACKETSTORMid:164928
db:NVDid:CVE-2020-14155

LAST UPDATE DATE

2025-04-28T21:52:50.318000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-167005date:2022-12-03T00:00:00
db:NVDid:CVE-2020-14155date:2024-11-21T05:02:45.440

SOURCES RELEASE DATE

db:VULHUBid:VHN-167005date:2020-06-15T00:00:00
db:PACKETSTORMid:167956date:2022-08-04T14:49:41
db:PACKETSTORMid:165631date:2022-01-20T17:48:29
db:PACKETSTORMid:166309date:2022-03-15T15:44:21
db:PACKETSTORMid:160545date:2020-12-16T18:05:29
db:PACKETSTORMid:161245date:2021-02-02T16:06:51
db:PACKETSTORMid:165209date:2021-12-09T14:50:37
db:PACKETSTORMid:166051date:2022-02-18T16:37:39
db:PACKETSTORMid:165096date:2021-11-29T18:12:32
db:PACKETSTORMid:164928date:2021-11-11T14:53:24
db:NVDid:CVE-2020-14155date:2020-06-15T17:15:10.777